Real World Crypto 2021 - Session 2: Group Messaging


Prev | Up | Next

Session video

Lenka Marekova (RHUL) / Mesh Messaging in Large-scale Protests: Breaking Bridgefy / paper video slides

Bridgefy is a mesh-networked offline messaging app based on BT (classic, or BLE). Despite not being designed for use in a protest setting, that is how it has been adopted, eg. in BLM protests, and democracy protests in Hong Kong.

Analysis required reverse-engineering of Android app. This revealed numerous poor design decisions. Oops, it used RSA & PKCS#1v1.5 (deprecated) in ECB fashion. When combined with Gzip a padding oracale was available, Bleichenbacher attack w/ 2^17 msgs. Also users social graphs can be extracted, and log-ins MITMed.

The attacks were verified using Frida.

Open questions: can security even be achieved in the mesh setting? And what security needs do protesters have?

Antonio Marcedone (Zoom Video Comms) / E2E Encryption and Identity Properties for Zoom Meetings paper video

Various similarities to Key Transparency / CONIKS / Keybase for identity

Paul Rosler (Ruhr Uni) / Resolving Concurrency in Group Ratcheting Protocols paper video slides

PCS = Post-compromise security

IETF working in this area, defining MLS (messaging layer security)