The world is moving towards end-to-end encryption (E2EE) for person-to-person messaging, as more services now wish to reduce the amount of sensitive data that they must store. However, the protocols used for encryption are still being developed and only a few of them, such as the Signal protocol, have seen serious security analysis. Signal is the first E2EE protocol to achieve global deployment, via WhatsApp's billion+ users, and achieves strong security guarantees, such as forward-secrecy and post-compromise-security (recovery from key-compromise).
This talk will provide an introduction to message encryption protocols and describe the current ecosystem, including why it's still not a solved problem in the corporate setting. While personal messaging systems have been adopting Signal, corporate messaging has not massively moved in that direction due to significant technical challenges such as scalability.
To support groups, WhatsApp uses a protocol called Sender-Keys. However, this protocol does not provide post-compromise-security, meaning that in a simple deployment an employee losing a device or leaving the company might retain the ability to read messages. To prevent this, all employees' cryptographic keys must be rotated whenever a device is removed; this is just about feasible for small groups but is entirely impractical for whole-company groups.
To remedy these issues, the IETF is building the "Messaging Layer Security'' (MLS) group messaging protocol. MLS goals significantly differ from pairwise protocols: it aims to cover multiple industry use-cases including federation and web-browser support, to have sub-linear complexities allowing practical groups up to 50000 clients, and to provide formal security guarantees.
What kinds of security, privacy and implementation bugs have been exploited by adversaries in the past? What guarantees can MLS provide in the context of powerful attackers and how does it differ from current solutions? What is the cutting edge research used? These are the questions that we will try to answer throughout the presentation.