Presentation Material
Abstract
In 2016, attackers broke into John Podesta’s e-mail account and published his mailbox via WikiLeaks; many messages could be authenticated by their DKIM signatures. After this, secure messaging apps saw a flood of new users: Signal, for example saw a 400% increase in downloads. One reason for this is that secure messaging applications, like Signal, promise cryptographic deniability: that when you send a message to someone, they can verify that it came from you but the protocol will not leave any trace that can be used to convince skeptical third parties who sent that message.
Enter remote attestation: most new processors include a hardware-assisted trusted execution environment (TEE) that provides remote attestation; such TEEs can prove something about their state to a remote party. An attacker, even a manifestly untrustworthy one like a criminal or propaganda organization, can piggyback on the trust placed in the TEE, allowing them to prove to a skeptical audience that their purloined messages are authenticated by the messaging protocol, and that the attacker did not have the keys needed to forge the messages.
We demonstrate this attack using the Signal protocol and Intel SGX, but it applies to any purely-software protocol that provides sender authentication of messages.
We show how to design protocols that resist attackers with remote attestation, including both completely cryptographic methods such as on-line deniable key establishment (that work against some adversaries and as adopted by the upcoming OTRv4) and methods that use TEEs (which can stop it completely).
More generally, we want to raise awareness among users of secure messaging protocols about the limits of the level of deniability they can expect and among designers of such protocols that widespread availability of hardware-assisted remote attestation has changed the implicit assumptions they make.
AI Generated Summarymay contain errors
The speaker is discussing the importance of deniability in online communication, , particularly in messaging protocols. Deniability refers to the ability to plausibly deny involvement in a conversation or action. The speaker explains that with the increasing availability of attestation technology, CITE , which allows devices to prove their identity and actions without revealing sensitive information, .
The problem is that many existing deniable protocols, or those that were thought to be deniable are no longer secure because of this new technology. For example, if a messaging app uses authenticated key exchange to establish a secure connection, an attacker could use attestation to link the public key to a phone number, breaking the deniability of the protocol.
The speaker recommends switching to online deniable protocols that are starting to become available. They also highlight that this is not just a problem for messaging apps but for any system that relies on machine-verifiable authentication.
Additionally, the speaker warns that attestation can be used maliciously, such as in voting systems where it could allow vote selling or targeted malware distribution.
In conclusion, the speaker emphasizes the importance of deniability and the need to adapt to the changing security landscape brought about by attestation technology.