Developing protocols for better Off-The-Record encryption

Tuesday, February 20, 2018

Cryptography done right has become increasingly important as the impacts of poor implementations are being felt by journalists, whistleblowers and political activists around the world.

Graduate student Nik Unger and Professor Ian Goldberg of the Cryptography, Security, and Privacy (CrySP) research group at the David R. Cheriton School of Computer Science have been working to improve cryptography for messaging. Encrypting messages provides a level of protection against their being read, but encryption also provides other benefits. 

Using systems such as Pretty Good Privacy or PGP provides a level of assurance as to whom you are communicating with. Although this can be desirable, it provably links a person with a message. Losing deniability is a problem if it is not expected and in many instances it is of no benefit to prove the originator of a message.

To overcome this issue, the Waterloo team has been developing approaches to Off-The-Record or OTR messaging.

Their recent paper “Improved Strongly Deniable Authenticated Key Exchanges for Secure Messaging” introduces three protocols for Deniable Authenticated Key Exchange — approaches that provide additional security measures such as allowing the addition of seeding forged messages into a message stream to increase the level of doubt about the message's author and allowing the system to provide deniability on asynchronous communications. 

Nik Unger will be presenting this research at the 18th Privacy Enhancing Technology Symposium, an annual meeting of privacy experts from around the world to discuss recent advances and new perspectives on research in privacy technologies.

Citation for paper

Nik Unger and Ian Goldberg. Improved Strongly Deniable Authenticated Key Exchanges for Secure MessagingProceedings on Privacy Enhancing Technologies, 2018(1): 17–62.

Original article at SERENE-RISC

Developing protocols for better OTR encryption