Ever hesitated to share confidential details with your close ones over a phone call or a text message because of security reasons? Here's a messaging service which not only provides you with secured and protected message sharing over text messages but also over Internet calls: "WhatsApp".
WhatsApp is something with which we all are familiar. Many of us use it daily for exchanging messages and all it uses is small Internet data. On March 31, 2016, WhatsApp came up with a release which supported end-to-end encryption of messages between sender and receiver. The end-to-end encryption protocol was designed by Open Whisper Systems. Private keys, Public Keys and Session Keys play a role in secure message exchange.The protocol is open source and available at: https://github.com/whispersystems/libsignal-protocol-java/. Lets take an overview of the protocol.
1. It all starts with installing the WhatsApp. During Installation time, the WhatsApp client generate public keys. These public keys gets stored at the WhatsApp server during client registration. At no time, WhatsApp have access to the private keys.
2. Next stage is session setup, which starts when a initiator (sender) sends the message to someone for the first time. This stage can be divided into two: Initiator session setup and Receiver session setup.
Initiator Session Setup
- Initiating client request public key of the receiver.
- Server returns the public keys and Initiator saves them.
- Initiator generates a master key using one of its public key, receiver's public keys and self generated Curve25519 key.
- Initiator now generates Root Key (Session key) and Chain Key (Session key generated using Root key) using the master key.
- Now sender sends its first message to the receiver with one of its public key (Identity Key) and self generated ephemeral Curve25519 key in the header of the message.
Receiving Session Setup
- Receiver also generates master key using own private keys and public keys received in the message header.
- Receiver then generates its session keys using the master key.
3. Now comes Exchanging Messages after session setup. Clients exchange messages using Master Key (Session key generated using Chain Key). Message key allow encryption and authentication. Its changes for every message transmission and cannot be reconstructed after a message has been transmitted or received.
After all these WhatsApp also provide its users to verify the other user to whom they are communicating so that they are able to confirm an authorized user at the other side and no man-in-the-middle attack. WhatsApp provides this facility by QR code and a 60-digit number, which can be compared for verification.
In the later posts, we will discuss about the exchange of media, attachments, group messages and call setups.
Ref.: https://www.whatsapp.com/security/
Ref.: https://www.whatsapp.com/security/
Keep Learning...Keep Sharing..~~!!
Ta-Ta. 
No comments:
Post a Comment