On cryptographic security of end-to-end encrypted connections in WhatsApp and Telegram messengers

• Published in: Безопасность информационных технологий
• Main Authors: Sergey V. Zapechnikov, Polina O. Kozhukhova
• Format: Article
• Language: English
• Published: Joint Stock Company "Experimental Scientific and Production Association SPELS 2017-11-01
• Subjects: cryptography; end-to-end connection; encryption; WhatsApp; Telegram
• Online Access: https://bit.mephi.ru/index.php/bit/article/view/275

The aim of this work is to analyze the available possibilities for improving secure messaging with end-to-end connections under conditions of external violator actions and distrusted service provider. We made a comparative analysis of cryptographic security mechanisms for two widely used messengers: Telegram and WhatsApp. It was found that Telegram is based on MTProto protocol, while WhatsApp is based on the alternative Signal protocol. We examine the specific features of messengers implementation associated with random number generation on the most popular Android mobile platform. It was shown that Signal has better security properties. It is used in several other popular messengers such as TextSecure, RedPhone, GoogleAllo, FacebookMessenger, Signal along with WhatsApp. A number of possible attacks on both messengers were analyzed in details. In particular, we demonstrate that the metadata are poorly protected in both messengers. Metadata security may be one of the goals for further studies.