End-to-end secure messaging: New projects and techniques
Trevor Perrin
Abstract:
There's been a recent surge of interest in end-to-end security for applications like chat, text messaging, and email. Besides deployment of existing protocols like OTR, PGP, and S/MIME, a number of projects are working on "next-generation" protocols to improve useability and security, protect new forms of communication (e.g. text messages or group chat), and achieve more ambitious security notions (e.g. unlinkablility of communication partners, transcript consistency).
I'll discuss a few such protocol designs: TextSecure, Pond, and some multiparty OTR variations. These protocols demonstrate several mechanisms gaining favor with protocol designers, such as forward-secrecy "ratcheting", ECDH key agreements, simple trust models (e.g. key fingerprints and key continuity), and using Tor, traffic-flow security, and group signatures for unlinkable communications.
These protocols also pose open questions around useability of authentication methods, multiparty and multidevice handling, group key agreement, deniability, transcript consistency, contact discovery, and proofs of security.