1

I'm creating an anonymous chat where one of the premises is that the conversations are end to end encrypted. I'm using firebase so all the comunication between the clients and the server is SSL secured. But I'm trying to hide chat even from the server.

I had the following idea for the key exchange. Note that I'm not willing to use Diffie Hellman since I couldn't find supported JavaScript libraries, so only RSA and any other symmetric encryption will do.

Here is the algorithm:

  • The user Alice wants to chat with Bob.
  • Alice generates a public/private key pair and send its public key to Bob.
  • Bob accepts the chat by generating a public/private keys and sends the public part to Alice.
  • Now the server and the users know both public keys.
  • Alice, who is the user that initiated the chat, generate a symmetric key, encrypt it with Bob public key.
  • Since any other user could encrypt this key and send it with bob, Alice also send the encrypted message hash encrypted with its private key, so Bob can verify that it was Alice who generated the key.
  • Alice sends the message (symmetric key encrypted + digital signature) to Bob.
  • First, Bob decrypt the digital signature with Alice public key and compare to the encrypted message, if they don't check, the chat fails.
  • Bob decrypt the symmetric key with its private key.
  • Now Bob and Alice have the same symmetric key and Bob is sure that it was Alice who generated this key.

Is this algorithm correct?

Anders
  • 65,052
  • 24
  • 180
  • 218
Rafael
  • 113
  • 4
  • That [can certainly be insecure](http://crypto.stackexchange.com/q/14875/991). ​ See [this answer](http://security.stackexchange.com/a/68836/49075). ​ ​ ​ ​ –  May 08 '16 at 23:00
  • It is vulnerable against MiTM. How will bob verify that the public key sent by Alice is actually from Alice and not from the intruder Charlie who is relaying traffic between Alice and Bob? – void_in May 09 '16 at 05:25
  • On firebase which is the database/backend used, each user is asigned a GUID and one can define rules that prevent other users to write/read certain information acording to its guid, I was planing to use this rules to prevent other user that the one that initiated the conversation to write this public key – Rafael May 09 '16 at 05:42

1 Answers1

4

There's no authentication in what you've documented. Alice cannot tell if the key exchange is taking place with Bob, your server acting maliciously, or with some other MiTM. So steps like:

Alice generates a public/private key pair and send its public key to Bob.

are more accurately described as "Alice sends her public key to someone, hoping that it is actually Bob."

This is why SSL uses certificates and CAs. They allow authentication without previous communication. You could also support out-of-band transmission of authentication information. SSH relies on this (it frequently ends up being trust first message and authenticate subsequent ones). Generally, establishing security requires an out-of-band communication (eg: passing bar codes between devices) or trusting that the server is not malicious. You don't seem willing to trust the server, so you're going to have some problems without an out-of-band key exchange.

There are also lots of side channel attacks that may become applicable. For example, error handling can sometimes be used as an oracle attack.

Neil Smithline
  • 14,702
  • 4
  • 38
  • 55
  • If the server can be considered secure, does the algorithm is secure as is? I'm using the firebase database and have ways to securely identify users and set rules of read write acording to its identifiers – Rafael May 09 '16 at 05:45
  • I do trust the server since it's from Google but I don't want anyone that have access to all the server data to read the messsages, including me – Rafael May 09 '16 at 05:47
  • @rafael where does the Javascript code live? Is it run in the browser? – Neil Smithline May 09 '16 at 14:01
  • For now yes but it will be on a cordova Android and iOS app. Still I do not trust the client since anyone could write JavaScript code that read the database, that why firebase have users and read/write rules, to protect user data – Rafael May 09 '16 at 15:50