- End-to-end encryption without verifying the authenticity of the public keys enables users to protect their communication against passive attacks. - That means an attacker cannot read the transferred messages without manipulating the exchanged messages or key material. + End-to-end encryption without verifying the authenticity of the keys enables users to protect their communication against passive attacks. + This means an attacker cannot read the transferred messages without manipulating the exchanged keys. But without any other precautions active attacks are still possible. - If the exchanged keys are replaced with the key of an attacker, the end-to-end encrypted messages can be read by the attacker. + If an attacker replaces the exchanged keys with a malicious key, the end-to-end encrypted messages can be read and manipulated by the attacker.
When using &xep0384;, a public identity key is transmitted over a channel which is not protected against active attacks. @@ -61,34 +61,8 @@ When using OMEMO, each device has a different identity key. That makes it possible for new devices to use end-to-end encryption protecting against passive attacks without transmitting the private key over a secure channel from an existing device to the new one. However, the downside of this approach is that it increases the number of authentications. -
-- The goal of key authentication is to build up an end-to-end encrypted communication network exclusively between devices with authenticated keys. - That network of devices trusting each other's keys can be seen as a complete graph with each device as a node and each authentication as an edge. - The number of edges grows for each new device by the number of existing nodes. - Without ATT all of those authentications have to be done manually. - With ATT though, only one mutal manual authentication is required. -
-- This means that each communication channel between the devices is resistant against active attacks. - To sustain such a secure communication across all devices, the new key of an own device has to be authenticated by all n own devices and all m devices of a contact. - This leads to a total of n * m authentications. - Two of them require user interaction like scanning each other's QR codes or comparing the key identifiers by hand. - The remaining authentications can be automated relying on the secure channel established by the two inital authentications and the secure channels created by that procedure. - Thus, less user interaction is needed for authenticating all keys involved in the secure communication while preserving the same security level. -
-- On the one hand, each new key has to be authenticated by a device that already belongs to the devices communicating with authenticated keys. - On the other hand, the device that introduces the new key has to authenticate the key of the device that already belongs to the devices communicating with authenticated keys. -
-- More precisely, that means the following: - After device 1 manually authenticated the key of device 2, a message called authentication message for the key of device 2 is sent automatically from device 1 to devices with already authenticated keys. - They can use the authentication message for an automatic authentication of the key of device 2 after they authenticated the key of device 1. -
-- When a key of an own device should not be trusted anymore by other own devices and devices of a contact, an appropriate message can be sent to those devices. - They can then revoke the trust in that key if the key of the sending device is already authenticated. + Without ATT all authentications have to be done manually. + With ATT though, only one mutal manual authentication per new key is required.