What is PETS2019?
The Privacy Enhancing Technologies Symposium (PETS) is an annual event, that holds each year informative talks of privacy experts from around the world, who present and discuss the latest advances and perspectives on privacy research. The 19th edition of PETS was organized and held by the KTH University in Stockholm, Sweden, from July 16th to 20th, 2019.
PETS and other similar events, are of vital importance because every year they show the progress of the Academy in terms of cryptography, security, privacy and anonymity in the digital world, also presenting the work and research carried out by institutions from all over the world, among which are the universities of Luxembourg, Princeton, Waterloo, US Naval Research Laboratory, United States Army Research Laboratory, Florida International University, Cambridge University, University of Iowa, Massachusetts Institute of Technology, Penn State University, South Carolina, University of Hamburg, among many other worldwide education and research centers.
The first publications on these topics began in 1977, with the paper "Non-Discretionary Access Control for Decentralized Computing Systems" by Paul A. Karger from the Massachusetts Institute of Technology (MIT). This continued through the years until in 2000 when it was decided to hold the first workshop around theses topics. It was called "Workshop on Design Issues in Anonymity and Unobservability" in the International Computer Science Institute in Berkeley, California. From then on, each edition of PETS has become an international reference for topics related to security and privacy.
Among the goals of PETS is to present entertaining talks that add technical and informative value. Each paper, corresponding to a talk presented during the event, is published in the Proceedings on Privacy Enhancing Technologies (PoPETs).
Among the many conversations that took place, there were some talks that caught our attention due to their content and focus. In this edition, the talks were oriented to Off-the-Record messaging, anonymous communication, social networks, online deniability, databases, online tracking, machine learning, differential privacy, metadata management, traffic analysis, user experience and privacy, and others.
PETS is also an opportunity to attend other events related to privacy, such as the OTRv4 summit, which was held together with the symposium. But, what is the OTRv4 summit?
The version 4 of the Off-the-Record messaging protocol (OTRv4) has been in development and design for the past 2 years. As it is almost ready to be published and implemented by the community, it was decided to hold a formal meeting around it, since it is the messaging protocol which other protocols are based upon (such as Signal). The idea of the OTRv4 summit was not to focus only on the design and ideas behind OTRv4, but also to talk about secure messaging protocols in general.
The talks offered during the summit mainly focused in the importance of security and privacy properties for the online world, the role of that user experience takes place in them and new ideas for a secure group chat MLS. It was an interesting event in which people discussed their ideas on different topics, such as what privacy means for the community, for the business environment, from the perspective of human rights, for government agencies, etc.
As it was a great success as a co-located event in PETS, it has been planned to do another summit next year. The global idea and the main goal of this event for the privacy and crypto community is to learnabout new ideas, approaches and concepts related to secure messaging, so that we can provide users an adequate digital security.
As stated, the OTRv4 summit presented a broad set of conversations from different perspectives on secure messaging. The general program was:
- 9:00 - 9:10: Welcome by Sofía Celi
- 9:10 - 10:00: Talk bout "Introduction to secure messaging and OTRv4" by Sofía Celi
- 10:05 - 10:50: Talk about "Secure Messaging, Wire and MLS" by Raphael Robert
- 10:55 - 11:30: Presentation about "Remote attestation and deniability: challenges and opportunities" by Lachlan Gunn
- 11:35 - 12:00: Talk about "Why is secure messaging and deniability important: the case of Ola Bini" by Sofía Celi
Introduction to secure messaging and OTRv4
Secure-messaging is the most fundamental privacy problem in cryptography: how can parties communicate in such a way that nobody knows who said what.
That is a quote from the paper “The Moral Character of Cryptographic Work”, by the cryptographer Phillip Rogaway of the Department of Computer Science at the University of California, published in December 2015. In this premise, Sofía Celi from CAD covered an introduction to secure messaging and how the OTRv4 protocol allows it. Secure communication in the digital world is one in which people can start conversations with the assurance that no one outside the conversation can read the messages of any participant.
During the presentation, Celi did a tour of the OTR protocol and talked about the motivations that inspired the cryptographers Ian Golberg; Nikita Borisov of the University of Waterloo in Ontario, Canada; and Eric Brewer, currently a professor at the University of Berkeley, Califnornia, to create a protocol that allows secure communications. These digital conversations were defined to be as the real-world conversations: they should not give proof of the any of authorship of the participants, in contrast to what the Pretty Good Privacy (PGP) protocol does. She also analyzed the cryptographic concepts of the protocol, the secure and privacy properties, the current status of the Signal protocol, and the importance for users of security and privacy properties implemented in cryptographic protocols.
The main secure properties that OTRv4 implements to improve the communications security are, forward secrecy, post-compromise security and deniability. Forward secrecy is the property of OTR which indicates that if one of the security keys used to encrypt a message is compromised, then, previously sent messages cannot be decrypted since a new security key is generated for each message sent. This is possible through the use of the Diffie-Hellman algorithm. The post-compromise security property ensures that messages that are sent in the future are not compromised if one of the keys gets compromised, since each security key is unique for each message. This property is allowed due to the use of the Double-Rachet algorithm. On the other hand, deniability is the property of OTR that allows any of the participants in a conversation to deny anything that was said in that conversation or that they have participated on it as signatures does not give proof of the participant’s authorship.
Celi also talked about the progress of the development of OTRv4, why it was necessary to implement the new version of it and, in addition, about limitations, current issues and next steps in the development of the protocol.
Secure Messaging, Wire and MLS
The presentation made by Raphael Robert, head of security of the Wire application, talked about the efforts that the cryptographic community is doing to create a secure group chat by default. This is a very important issue for the current secure messaging applications, which need to provide adequate security and privacy properties to their users. This effort is called Messaging-Layer-Security or MLS.
MLS is a security layer to encrypt end-to-end messages in two to many size chat groups. During his talk, Robert detailed the efforts made by the Wire team in the implementation of a chat with this layer and provide appropriate properties for its users. He also talked about the advances in the security of its servers and the audits that are carried out by the cryptographic teams, a controversial issue questioned by the community.
Remote attestation and deniability: challenges and opportunities
The cryptographer and postdoctoral researcher Lachlan Gunn of the Safe Systems Group of the University of Aalto, Finland, presented a summary of his research “Circumventing Cryptographic Deniability with Remote Attestation” made together with Ricardo Vieitez and N. Asokan, from the University of Aalto.
The research has two central points. The first on how, with hardware assistance, a cryptographic adversary can use remote attestation to generate a non-deniable transcript of any protocol that implements deniability and performs sender authentication (like OTR). What this generates is proof of authorship of messages that are exchanged during a conversation. The second point was around showing ways on how to improve deniability in the protocols that implement it, even against a cryptographic adversary capable of attesting. The research focused on how, in particular, attestation can be used to restore deniability by frustrating real adversaries.
One of the most instructive moments of the presentation was when Gunn made a demo using the Signal protocol, indicating the results of his research.
Why is secure messaging and deniability important: the case of Ola Bini
As last talk, Celi made a presentation in which she explained the great importance of having secure conversations in the digital world and deniability, while talking about the case of the software developer Ola Bini, a collaborator in the securitycommunity and one of collaborators on the design of the OTR protocol in its version 4. Bini is presecuted in Ecuador for his knowledge and it is the subject of accusations that are not supported by any kind of evidence. This shows a violation of his right to a fair process in accordance with the Ecuadorian law.
If you are interested in knowing more about the OTRv4 Summit, you can visit the following links:
- Website of the Off-the-Record Instant Messaging protocol.
- Ralph Robert Chief of Security at Wire.
- Lachlann Gunn postdoctoral researcher in the Group of Safe Systems of the University of Aalto in Finland.
- Circumventing Cryptographic Deniability with Remote Attestation by Lachlann Gunn, Ricardo Vieitez Parra, and N. Asokan.
- Sofía Celi, crypto researcher and software developer at Centro de Autonomía Digital.