Geodesic
Deniable group communications in the presence of global unlimited adversary
Prikladnaâ diskretnaâ matematika, no. 2 (2018), pp. 72-86.

Voir la notice de l'article provenant de la source Math-Net.Ru

With this paper, we provide our research into the problem of secure communications in the presence of a global unlimited adversary. As a solution, we propose to use decentralised deniable communications. We have made use of our existing multi-party Off-the-Record protocol's modification which is able to function over decentralised transport. Its Perfect Forward Secrecy (PFS) features were improved by adding Key Ratcheting procedure to the protocol's flow. As a result, we propose a fully decentralised cryptosystem which has deniability and transcript consistency features, improved PFS and ability to resist the Sybil attack. We also give a detailed overview of the protocol model implementation in JavaScript designed to function in conditions of centralized server's absence.
Keywords: secure communications, decentralised communications, deniability. 
@article{PDM_2018_2_a5,
     author = {V. F. Sheidaev and D. Y. Gamayunov},
     title = {Deniable group communications in the presence of global unlimited adversary},
     journal = {Prikladna\^a diskretna\^a matematika},
     pages = {72--86},
     publisher = {mathdoc},
     number = {2},
     year = {2018},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDM_2018_2_a5/}
}
TY  - JOUR
AU  - V. F. Sheidaev
AU  - D. Y. Gamayunov
TI  - Deniable group communications in the presence of global unlimited adversary
JO  - Prikladnaâ diskretnaâ matematika
PY  - 2018
SP  - 72
EP  - 86
IS  - 2
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDM_2018_2_a5/
LA  - ru
ID  - PDM_2018_2_a5
ER  - 
%0 Journal Article
%A V. F. Sheidaev
%A D. Y. Gamayunov
%T Deniable group communications in the presence of global unlimited adversary
%J Prikladnaâ diskretnaâ matematika
%D 2018
%P 72-86
%N 2
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDM_2018_2_a5/
%G ru
%F PDM_2018_2_a5
V. F. Sheidaev; D. Y. Gamayunov. Deniable group communications in the presence of global unlimited adversary. Prikladnaâ diskretnaâ matematika, no. 2 (2018), pp. 72-86. http://geodesic.mathdoc.fr/item/PDM_2018_2_a5/

[1] Borisov N., Goldberg I., Brewer E., “Off-the-record communication, or, why not to use PGP”, Proc. Workshop on Privacy in the Electronic Society, ACM, 2004, 77–84

[2] Profile: Edward Snowden, BBC News, http://www.bbc.com/news/world-us-canada-22837100

[3] Surveillance State: NSA Spying and more, http://www.globalissues.org/article/802/surveillance-state

[4] WikiLeaks: US spied on Angela Merkel's ministers too, says German newspaper, The Guardian, http://www.theguardian.com/media/2015/jul/02/wikileaks-us-spied-on-angela-merkels-ministers-too-says-german-newspaper

[5] Unger N. et al., “SoK: secure messaging”, Proc. IEEE Symp. Security and Privacy (SP), 2015, 232–249

[6] Electronic Frontier Foundation. Secure Messaging Scorecard, https://www.eff.org/secure-messaging-scorecard

[7] Unger N., Goldberg I., “Deniable key exchanges for secure messaging”, Proc. 22nd SIGSAC Conf. Computer and Communications Security, ACM, 2015, 1211–1223

[8] Korosteleva M. V., Gamayunov D. Yu., “Protocol for secure group communications with deniability features”, Problemy Informatsionnoy Bezopasnosti. Komp'yuternyye Sistemy, 2014, no. 3, 74–79

[9] Goldberg I. et al., “Multi-party off-the-record messaging”, Proc. 16th Conf. Computer and Communications Security, ACM, 2009, 358–368

[10] Moscow State University Seclab mpOTR, https://github.com/maria-msu-seclab/mpotrDevelopment

[11] p2p_mpOTR.js, https://bitbucket.org/Enr1g/p2p_mpotr.js

[12] Open Whisper Systems, https://whispersystems.org

[13] Simplifying OTR deniability, https://whispersystems.org/blog/simplifying-otr-deniability/

[14] Marlinspike M., Advanced Cryptographic Ratcheting, https://whispersystems.org/blog/advanced-ratcheting/

[15] Marlinspike M., Private Group Messaging, https://whispersystems.org/blog/private-groups/

[16] Facebook Messenger deploys Signal Protocol for end-to-end encryption, https://whispersystems.org/blog/facebook-messenger/

[17] Open Whisper Systems partners with Google on end-to-end encryption for Allo, https://whispersystems.org/blog/allo/

[18] WhatsApp's Signal Protocol integration is now complete, https://whispersystems.org/blog/whatsapp-complete/

[19] Liu H., Vasserman E. Y., Hopper N., “Improved group off-the-record messaging”, Proc. 12th Workshop on Privacy in the Electronic Society, ACM, 2013, 249–254 | DOI

[20] RetroShare Docs. Topology, https://retroshare.readthedocs.io/en/latest/concept/topology/

[21] Adrian D. et al., “Imperfect forward secrecy: How Diffie – Hellman fails in practice”, Proc. 22nd SIGSAC Conf. Computer and Communications Security, ACM, 2015, 5–17

[22] Van Gundy M., Improved Deniable Signature Key Exchange for mpOTR, , 2013 http://matt.singlethink.net/projects/mpotr/improved-dske.pdf

[23] Van Gundy M. D., Chen H., OldBlue: Causal Broadcast in a Mutually Suspicious Environment (Working Draft), , 2012 http://matt.singlethink.net/projects/mpotr/oldblue-draft.pdf

[24] Burmester M., Desmedt Y., “A secure and scalable group key exchange system”, Inform. Proc. Lett., 94:3 (2005), 137–143 | DOI | MR | Zbl

[25] Douceur J. R., “The sybil attack”, Intern. Workshop on Peer-to-Peer Systems, Springer, Berlin–Heidelberg, 2002, 251–260 | DOI | Zbl

[26] Lesniewski-Laas C., “A Sybil-proof one-hop DHT”, Proc. 1st Workshop on Social Network Systems, ACM, 2008, 19–24 | DOI

[27] Lesniewski-Laas C., Kaashoek M. F., “Whanau: A sybil-proof distributed hash table”, Proc. 7th USENIX Conf. on Networked Systems Design and Implementation (NSDI'10), 2010, 111–126

[28] Danezis G. et al., “Sybil-resistant DHT routing”, Europ. Symp. Research in Computer Security, Springer, Berlin–Heidelberg, 2005, 305–318

[29] Loss D., Limmer T., von Gernler A., The Drunken Bishop: An Analysis of the OpenSSH Fingerprint Visualization Algorithm, , 2009 http://dirk-loss.de/sshvis/drunken_bishop.pdf

[30] Keyname format for public-key fingerprints, https://github.com/trevp/keyname

[31] Ritter T. et al., Crypto Usability Study, https://github.com/tomrittervg/crypto-usability-study/

[32] Short Authentication Strings for TLS, Internet Draft, https://tools.ietf.org/html/draft-miers-tls-sas-00

[33] GP word list, http://philzimmermann.com/docs/PGP_word_list.pdf

[34] Alexander C., Goldberg I., “Improved user authentication in off-the-record messaging”, Proc. Workshop on Privacy in Electronic Society, ACM, 2007, 41–47

[35] The PeerJS Library., http://peerjs.com

[36] Lawson N., Final post on Javascript crypto, https://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/

[37] Ptacek T., Javascript Cryptography Considered Harmful, https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/

[38] Kobeissi N., Thoughts on Critiques of JavaScript Cryptography, https://nadim.computer

[39] JS crypto goto fail?, http://blog.kotowicz.net/2014/07/js-crypto-goto-fail.html?m=1

[40] Web Cryptography API, W3C Recommendation, https://www.w3.org/TR/WebCryptoAPI/#security-considerations

[41] Stark E., Hamburg M., Boneh D., “Symmetric cryptography in javascript”, Proc. Computer Security Applications Conf. (ACSAC'09), IEEE, 2009, 373–381

[42] Can I Use? WebRTC Peer-to-peer connections, http://caniuse.com/#search=webrtc

[43] A Study of WebRTC Security, http://webrtc-security.github.io

[44] Hornby T., Side-Channel Attacks on Everyday Applications: Distinguishing Inputs with FLUSH+RELOAD, , 2016 https://www.semanticscholar.org/paper/Side-Channel-Attacks-on-Everyday-Applications-Dist-Hornby/a5ea83ad9abffe6c44b93617728e5f06f73bb9be?tab=citations

[45] Oren Y. et al., “The spy in the sandbox: Practical cache attacks in javascript and their implications”, Proc. 22nd SIGSAC Conf. Computer and Communications Security, ACM, 2015, 1406–1418