What is private messaging? Many people will say that this is a communication application that encrypts the information being transmitted. In fact, the subject of correspondence privacy is much more complicated. During the Chaos Communication Congress, experts Roland Schilling and Frieder Steinmetz explained in simple words in their speech what a private messenger is and what features such an application must have in order to be considered private.
The six pillars of private conversation
To understand the idea of private correspondence, Schilling and Steinmetz asked us to imagine a private conversation at a party. What do you need to do to keep a conversation private? You need to find a quiet room where only two people can hear your conversation – and no one else can.
This is the basic pillar of a private conversation: whether it is in person or online, it must be confidential . Only you and your interlocutor can hear the words.
Another thing is authenticity – you have to be sure that the person you are talking to is definitely the one you are going to talk to. You’ll recognize someone’s face in real life, but it’s a bit more complicated to chat online.
If the conversation is really important – and private conversations usually are – you want to make sure that the other person hears your every word, and vice versa. Moreover, you want to make sure that this person hears exactly what you are saying. To keep your internet conversation private, you need to know that your messages will not be intercepted by a third party. And this is the concept of integrity , which is also a critical determinant of private conversation.
Imagine a third person enters your room and hears part of your conversation for a moment. In real life, that person will only hear what was said when they entered, not what was said before or after they left. Meanwhile, the internet never forgets, and having an online conversation is not as easy as an offline meeting. This points to two important aspects of communication privacy: securing prior conversation and securing subsequent conversation .
Securing a prior conversation does not allow third parties to know what the conversation was about, and securing further conversation does not allow third parties to know what was said after she left the room.
Suppose the conversation concerned an extremely delicate matter. In this case, if someone accuses you of saying something about it, you’ll want to deny it. If the conversation was private, the only one who can quote it is you and the interlocutor, so we have word against the word. In this case, no one can prove anything, and this in turn gives rise to the concept of the possibility of denial .
Use of privacy in messaging
Thus, these are the six functions that must be implemented in communication applications before a conversation can be called private. It is not so difficult to achieve this in real life, which is in person, but when it comes to contact services, there is always a third person – the service itself. How do these six pillars apply when considering the site’s presence in the conversation?
Confidentiality is ensured by encryption. There are different types of encryption, symmetric and asymmetric, that is, public key cryptography . Private messengers (in this case, Schilling and Steinmetz gave Threema as an example ) use both types of encryption, creating a shared key from one person’s public key and another’s private key. Or the private key of the first and the private key of the second – the encryption calculation works the same both ways.
Thus, the key is the same and it is unique to both people (no other pair has such a key). The application generates the key independently and ensures confidentiality because it does not send it – both people receive it right after starting the conversation.
This method is also used to ensure integrity – if an outsider added something to an already encrypted text, it would become unreadable. Then your interlocutor would either receive what you sent him or receive an error message (because the communicator cannot decode the ciphertext).
For greater confidentiality, you can hide the fact of the conversation altogether. Another layer of encryption will take care of this. The message you send gets encrypted using your and your partner’s shared key – it’s like putting a message in a self-addressed envelope. And then you encrypt it again – put it in another envelope and send it to the address of the messenger server. In this case, you use a key generated from your key and server key.
Thus, this envelope-in-envelope is delivered to the messenger server. If a potential attacker tries to look at it, they will know that you sent it, but will not know its destination. The messenger server unwraps the outer envelope, sees the destination address (but not the message itself), puts the packet in the next envelope and sends it to the recipient. At this point, a potential attacker can only see the envelope from the messaging server with the sender’s address, but not who sent it.
With so many envelopes flying in different directions, it’s hard to track who received your message. It’s hard, but it’s not impossible: if someone weighs all the envelopes, they will find two with the same weight and will associate you with the interlocutor. To prevent this, the system adds a random weight to each envelope so that the envelope you send and the envelope to your interlocutor do not have the same weight.
It is harder to remain credible . Some messaging applications use e-mail addresses or phone numbers as identifiers – in this way, the user proves that it is really him. But the phone number and email address are confidential data, and you may not feel like giving them an app. Some – like Threema – encourage users to use a different ID and exchange QR codes to prove their identity.
The possibility of negation in this case is achieved by sending each message to both participants of the dialogue. The key is the same for both people, so either of them could have sent the message. For this reason, even if someone intercepts and decrypts an incoming message, they do not know who the sender was.
It all takes care of confidentiality, credibility, integrity and the possibility of contradiction. What about securing an earlier and later conversation ? If someone’s private and public key are always the same, then in the event that the shared key is hacked, the attacker can decrypt both upstream and downstream messages.
To limit this possibility, the keys must be reissued periodically by the server. If the key is reissued, for example once a month, the attacker will only be able to read the conversation history for that month and will not be able to monitor the conversation after the new key is issued (in practice, key reissue happens much more frequently).
In this way, we have reached the end of our short introduction to the concept of private communication. It’s actually a lot more complicated than that, as modern messaging applications have to handle media files, group chats, and sometimes video calls.
If you’re interested in this topic, check out the video below from 33C3 in which Schilling and Steinmetz not only explain the basic idea, but also share how they reverse-engineered a Threema application and discovered how to implement its private key. We hope you enjoy this video as much as we do.