(-libtech, +Collin Milliner who is an author and a well respected Android security researcher. Collin, I hope you don't mind my throwing you into our crypto protocol discussion list)
Sounds interesting! The part I was most curious about was how they handle all the extra context that often needs to be taken into account via leaky abstractions. (e.g. SMSes being split at 140 characters, etc) I peeked through, and saw the following: - Can run with PSK or Key Agreement - Uses AES-CBC with prefixed IV or OTR (uhg on the first, and hmmm.... on the second) - On Android, besides implementing a keyboard, it uses screen overlays to show the plaintext of the message, as you can't inject content into other apps - The control protocol doesn't seem to have any sort of integrity, meaning the carrier/underlying service operator would be able to inject those forged without problems, although I'm not 100% sure about this - It has a 40-participant user study!! The result was that it was Simple, and decent looking and likable. I'd be curious to hear a critique of their approach from someone who has a basis to judge whether a user study is well founded. - I couldn't find the code, but the paper is coming out in January, so maybe it's waiting for that... - As far as I can tell, the keyboard does allow you to inject keypresses and stuff, so there's no problem with making control messages or padding, no need for some complicated FPE mode Overall, I think it's a pretty neat approach to Android messaging crypto. (But, only Android. This won't work on iOS.) Using screen overlays and a keyboard let them muck with any app they want; but it's not seemless. Just like OTR is designed to run in 'any' context, the lower level abstractions always leak through, and necessitate a change (like TextSecure did for SMS). I guess if you wanted to try and make it more seemless, you're build it into Android, which would let you muck with the GUI contents... but you'd still run into problems with trying to interpret random chat applications gui's you've never seen. You could provide hardcoded lists of how to interact with different ones and different versions: but at that point you're basically trying to maintain FireGPG: tracking an apps changes and updating your app, trying to rush out fixes before too many people notice it's broken.... -tom On 19 December 2014 at 08:40, Wasa Bee <[email protected]> wrote: > This [0] may of interest to people implementing secure IM. Instead of > creating an IM app from scratch and hoping for wide adoption, babelcrypt is > a keyboard app. One installed an an android smartphone, the keyboard passes > encrypted data to an existing IM app such as whatsapp or Fb messenger. Using > certain android APIs, it can also access content on the screen to display > received messages. > > [0] > http://www.iseclab.org/people/mweissbacher/publications/babelcrypt_fc.pdf _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
