posted by Richard Power
NOTE: In this issue of CyLab Chronicles, we are cross-posting a CyLab Seminar Notes from the Partners Portal. Access to CyLab Seminar Series webcasts, and to the full archive of Seminar videos, is an exclusive benefit of membership in the CyLab Partners program. But from time to time, we release individual videos both to highlight the vital nature of CyLab research and to promote the great value of partnering with us.
As part of the CyLab Seminar Series for 2011-2012, CyLab Research Programmer Mike Farb spoke on SafeSlinger: Applied Ad-hoc Smartphone Trust Establishment
In these three brief transcribed excerpts from Farb’s talk, he articulates the need SafeSlinger was developed to address, then takes us on a quick step-by-step tour of how it works, outlines ongoing and future research and summarizes what SafeSlinger is and what it delivers. These excerpts are meant merely to whet your appetite and encourage you to view the full seminar, which you will find embedded below.
In the course of the full talk, Farb also discusses SPATE, an earlier CyLab research project that SafeSlinger developed out of, he also touches on how Group Diffie-Hellman works, contrasts SafeSlinger with BUMP, and explores the challenges of verification for large groups, as well as delving into other aspects of the project.
People want to meet, and then securely communicate later. It could be researchers at a conference, or business people having lunch, or students at a party. But we don’t necessarily have a commonly trusted infrastructure. We may not all belong to a large scale corporate or institution-wide key infrastructure or certificate authority. So we want to be able to create a cryptographic key and exchange it in a secure fashion … Prior solutions include PGP key signing parties and PKI. The PGP key signing party is one way for people to meet digitally, and ensure each other of their actual presence, because we are all in the room, we can run math on the keys that we will be sharing together to make sure they are the ones that we are going to eventually share digitally, but it requires some sophisticated knowledge to do this. And with PKI, we might publish our keys on the key server, but then we are trying to validate that people are who they say they are digitally, so we don’t have the combination of digital and physical …
We want to provide secure operations even with careless users and powerful local adversaries who can monitor our messages and potentially alter our messages … We want to be able to detect group members attempting to impersonate other groups members. We want to eliminate the need to count in large groups. … We want to enable remote operation, so that we can also do this over the phone. (We can assure each other of our presences, because we can recognize our voices in real time.) We want no information leaked to outsiders, even if the protocol fails. …
When you start out the application, it’s going to ask you to select your contact data from your address book. … We generate a long-term private key used in the application, and we ask you to choose a pass phrase. …
On the first screen of the exchange, I can select the information I want to share with everyone in the group, e.g., phone number, e-mail address. There are a couple of items, denoted by little Lock icons, and these are two values, SafeSlinger Push and SafeSlinger PubKey, are values from the messaging side of the application to the exchange API; we want to make sure that this information goes across, we don’t want to let the users have the opportunity to de-select them. They can de-select their photo, or not send their phone number, and that’s fine, but the key is critical. Then you click on "Begin Exchange."
We ask to confirm the number of users … The server sends us back a group ID, we are asked to find out whatever the lowest number is between everyone in our group, enter it and then continue … So now that we have grouped ourselves, we know which of the various people hitting the server are actually the people in real-time on the phone with us, or in the room with us. …
We construct our visual hash, and it is represented on the verification screen as twenty-four bits of the PGP word list, which is this list of five hundred and twelve words put into two columns, one column of two syllable words and one column of three syllable words, and then we represent text data, or binary data … each eighteen bits of that data get a word, and we alternate the even and odd lists, between the two syllable and three syllable words. Instead of just having one hash, we want to prevent people from just clicking "OK," we want to make sure they compare their list with the lists on the other phones. [All phone much match one of the three-word phrases. Compare then pick matching phrase.]… It is distributed randomly on everyone’s phones, so it is not always option one. People are forced to make a choice, forced to compare. At the end of the protocol, you get a list of whom you have just exchanged information with, and you are just told continue on, and import it into your address book.
So now that we have exchanged keys, you have these keys in the list of people I can send messages to, and it has that Push token, we use it as a mechanism to deliver messages on the other person’s phone. You can select someone, type some secret message, and send it. You can send attachments too. We integrate with the Android sharing system. ….
Some work that we are in the middle of, and are excited about:
The iPhone version of the messaging portion, we already have the exchange portion available for people. But we want to get to the point where we are doing cross-platform messaging between Android and iPhone.
We want to introduce a feature called, “Secure Introductions.” So I have this system of exchanging cryptographic keys securely between groups of people, and I have a method of sending messages using those long-term keys. If A and B create an exchange, and B and C create a separate exchange, I should be able to forward the public key exchange, from B’s perspective, to A and C, and sort of extend the web of trust. So that’s one of the things we are going to try to implement.
In terms of advanced features, some users have asked to be able to import and export their existing public keys. At the moment, the messaging application creates its own private key, just for ease of use since most users don’t use public key infrastructure.
We really want to get to the point where we can do some open source collaboration, and really work with some of these systems, e.g., Android Privacy Guard …
And of course, we would like to implement more platforms, as they get more popular …
What we have created is this Internet-based communication, which is fast and reliable.
We have been able to maintain user privacy. Only other group members learn the exchange information. The server doesn’t learn information or location.
We have created user features to make SafeSlinger resistant to user error.
It is a simple protocol, with minimal user actions to perform.
You will need to install Microsoft Silverlight to view the video.
Visit the instructions page for step-by-step directions on how to use SafeSlinger.
See all CyLab Chronicles articles