They found Signal’s approach to the protection of keys to be well done.
The researchers conducted the assessment of Signal’s security using the assumption that the network the device is using is hostile and controlled by an adversary. This audit is the first full-scale public investigation of the security of Signal, a protocol that many cryptographers and security experts have praised. If used correctly, Signal could achieve a form of post-compromise security, which has substantial advantages over forward secrecy,” the researchers say in their paper, “A Formal Security Analysis of the Signal Messaging Protocol”. Practically speaking, they imply secrecy and authentication of the message keys which Signal derives, even under a variety of adversarial compromise scenarios such as forward security (and thus ‘future secrecy’). These properties, while complex, are encoded in our security model, and which we prove that Signal satisfies under standard cryptographic assumptions. “First, our analysis shows that the cryptographic core of Signal provides useful security properties.
They came away generally impressed with what they found. The researchers from the University of Oxford, Queensland University, and McMaster University too an in-depth look at the intricacies of the Signal protocol, its cryptographic foundation, and the ways in which it is implemented. Signal, developed by Open Whisper Systems several years ago, is designed to provide encrypted messaging and it is used in many high-profile apps, including WhatsApp, Facebook, and Google Allo. The review, conducted by researchers from universities in the U.K., Canada, and Australia, looked at the cryptographic underpinnings of Signal and found no serious security problems and pronounced the protocol to be sound and resilient, even in the face of compromise. A group of academic security researchers has reviewed the security of the Signal protocol, which is used in the Signal encrypted messaging app as well as in many third-party apps, and found that it is both secure and resistant to attack.
0 kommentar(er)
