(In-)Secure messaging with the Silent Circle instant messaging protocol

S.R. Verschoor, T. Lange

Onderzoeksoutput: Boek/rapportRapportAcademic

131 Downloads (Pure)

Samenvatting

Silent Text, the instant messaging application by the company Silent Circle, provides its users with end-to-end encrypted communication on the Blackphone and other smartphones. The underlying protocol, SCimp, has received many extensions during the update to version 2, but has not been subjected to critical review from the cryptographic community. In this paper, we analyze both the design and implementation of SCimp by inspection of the documentation (to the extent it exists) and code. Many of the security properties of SCimp version 1 are found to be secure, however many of the extensions contain vulnerabilities and the implementation contains bugs that affect the overall security. These problems were fed back to the SCimp maintainers and some bugs were fixed in the code base. In September 2015, Silent Circle replaced SCimp with a new protocol based on the Signal Protocol.
Originele taal-2Engels
Plaats van producties.l.
UitgeverijIACR
Aantal pagina's19
StatusGepubliceerd - 2016

Publicatie series

NaamCryptology ePrint Archive
Volume2016/703

Vingerafdruk

Duik in de onderzoeksthema's van '(In-)Secure messaging with the Silent Circle instant messaging protocol'. Samen vormen ze een unieke vingerafdruk.

Citeer dit