Design - SafeSlingerProject/SafeSlinger-Media GitHub Wiki
The open source SafeSlinger Exchange library is a secure and easy to use method of exchanging public keys or other authentication data, with strong protection from Man-In-The-Middle (MITM) attacks. Our goal is to make exchanging public keys as simple as possible without sacrificing security. Our research paper, presented at MobiCom '13, provides a technical analysis of SafeSlinger's key exchange properties. Our method of key verification provides the most usable features of any fingerprint-based key verification method.
Advantages
- Most usable method to associate digital information to a physical person.
- Open source makes security audits easy.
- The only secure simultaneous key exchange for up to 10 people.
- Easy to implement and use.
- Cross-platform Android and iOS.
- Protection from Man-In-The-Middle attacks during key exchanges.
- Exchange keys either in person or remote.
The SafeSlinger secure key exchange is implemented cross-platform for Android and iOS devices. Keys are exchanged using a simple server implementation on App Engine.
Malicious Servers
Our server is used simply to exchange contact and message data that has already been encrypted. We designed all of our exchange and messaging protocols to protect your data if the server becomes malicious. Even if the server is compromised, it cannot reveal your message content or any other data you send. The exchange protocol has been designed to prevent disclosing the ability to decrypt content until after every user is fully authenticated physically. We interleave several cryptographic techniques in our protocol to provide these properties.
Word Phrase Verification
Each device computes a hash of the ordered set of all data exchanged in the protocol. This hash is truncated and represented to the user as a 3-word phrase, with words taken from the PGP Word List. The word phrase is constructed from the first 24 bits of the 256-bit SHA-3 hash. We use the standard PGP approach for converting a 24-bit value into 3 words. PGP uses two word lists, an “even” and “odd” list, with 256 words each. Based on the standard PGP approach, the first 8 bits select a word in the “even” list, the second 8 bits select a word in the “odd” list, and the final 8 bits select another word from the “even” list.
Word Phrase Collisions
If a word in our decoy word phrases is the same as in the actual word phrase, users may get confused and select the decoy word phrase as the match. Moreover, the words in a decoy phrase may match the words in a decoy phrase on another device, causing the user to select the decoy phrase which results in an error detected by the local device. We thus want to select decoy phrases to prevent careless users from choosing the wrong phrase if the actual hash phrase and either of the decoy phrases contain the same word in the same position. Hence, we choose our decoy phrases deterministically such that each decoy word will be unique across all decoy phrases displayed in the group. Each device will then compute the decoy phrases for all devices, such that no decoy phrase has any matches with any other decoy phrase nor with the actual word phrase.
Other Secure Messengers
It can be cumbersome for many users to read out hex digits or find a time and space to meet physically to do this or even scan key QR codes. While key fingerprints are often made available to users in secure messenger applications, users may not ever spend the time to read out those digits. We aim to work in concert with those applications to generate user experiences which encourage users to verify keys with more usable methods like SafeSlinger.