The Noise Protocol Framework from Trevor Perrin (co-author of Signal ) was used to design a new KCI-resistant Tox’ handshake. X25519 key pairs, that are necessary for the distributed hash table (DHT), make an actual KCI-attack more complex as suggested in the initial vulnerability report by Jason A.
Furthermore, this would enable this attacker to perform a Man-in-the-Middle (MitM) attack and therefore tampering of exchanged messages. KCI is a vulnerability of AKE protocols, which in this case could enable an attacker, who compromised the static long-term private X25519 key of a Tox user Alice, to impersonate any other Tox user (with certain assumptions) to Alice ("reverse impersonation"). However, we will also present a fix to this vulnerability by designing and implementing a new cryptographic Tox handshake with formally-verified security properties. In this talk we will show why this vulnerability is challenging to exploit in practice. Unfortunately Tox’ authenticated key exchange (AKE) during Tox’ cryptographic handshake is a "home-brewed" cryptographic protocol (remember: do not roll your own crypto!) and is known to be vulnerable to key compromise impersonation (KCI) attacks. The cryptographic primitives for the key exchange (X25519), authentication (Poly1305) and symmetric encryption (XSalsa20) are state of the art peer-reviewed algorithms.
Tox’ cryptography is based on the NaCl library from Daniel J. It’s intended as an end-to-end encrypted (E2EE) and distributed Skype replacement.
#QTOX SECURITY FREE#
Tox is a free and open source peer-to-peer instant messaging protocol and implementation, that aims to provide secure messaging.
0 kommentar(er)
