How to Authenticate Keys for Secure Messaging

Modern messaging applications such as iMessage, Signal, and WhatsApp encrypt their users' messages using cryptography that provides strong security guarantees. All these security guarantees are void, however, when inauthentic keys are used. For years, the only option to authenticate your peers' keys was to compare safety numbers in-person, which was rarely done in practice. Fortunately, modern messaging apps are moving away from this practice.

 

In this talk, we propose and compare two approaches that strive to solve key authentication in messaging applications: the social authentication protocol SOAP, and a novel key transparency system under development at the IETF. We present both systems' security guarantees intuitively and formally and show which concrete threats they each address. Finally, we discuss the systems' practicality: What level of automation do they provide? What are barriers to deployment? And what are their shortcomings?