Please join us on Wednesday, June 30th at 3:00 pm for Nik Unger's Ph.D. seminar. The seminar will be held online via BBB at https://bbb.crysp.org/b/nik-c3e-wge.
Title: Safehouse: A Comprehensive Secure Group Messaging Solution
Abstract: In many networked applications, three or more systems need to send data to each other as part of a group conversation. Typical examples include email, instant messaging, video conferencing, and backend messaging systems for cloud infrastructure. Many of these applications additionally require "non-interactivity”: the ability for participants to receive messages that were sent to the group while they were offline. Historically, it has been difficult to secure these types of protocols because comprehensive cryptographic mechanisms for establishing secure channels are usually only practical for two-party communication (and not for groups of three or more participants).
This talk introduces Safehouse, a new cryptographic protocol that can be used to implement secure group messaging tools for a wide range of applications. Safehouse solves the difficult cryptographic problems at the core of secure group messaging protocol design: it securely establishes and manages a shared encryption key for the group and ephemeral signing keys for the participants. These keys can be used to build secure group messaging protocols with whatever symmetric encryption and message sequencing schemes are most appropriate for the application. Safehouse supports dynamic group membership, manages group invitations, authenticates participants and messages, provides a persistent encrypted key-value table for securely storing data related to the group, and is compatible with metadata protection schemes. Additionally, Safehouse provides “insider security”: malicious participants cannot deviate from the protocol. Safehouse enables a server to detect and reject protocol deviations, while still providing end-to-end encryption. These features allow Safehouse to integrate into many existing communication protocols.
This talk discusses the design of Safehouse and includes a demo of a graphical IRC-like secure group messaging application built using the protocol.