Cloud Chats
Secret Chats
Group communication
1-on-1 communication
Type of encryption
Enabled by default?
client-server
end-to-end
The MTProto protocol – Telegram’s equivalent of the TLS record protocol.
Cloud Chats encrypt and authenticated messages using MTProto.
Secret Chats add another layer of MTProto encryption, i.e. messages are
double-encrypted
.
The MTProto protocol is not well-studied:
2013: Telegram launched with MTProto 1.0.
2016: Jakobsen and Orlandi showed that MTProto 1.0 is not CCA-secure.
2017: Telegram released MTProto 2.0 that addressed the security concerns.
2017: Sušánka and Kokeš reported an attack based on improper validation in the Android client.
2018: Kobeissi reported input validation bugs in Telegram’s Windows Phone client.
2020: Miculan and Vitacolonna proved MTProto 2.0 secure in a symbolic model, assuming ideal building blocks.
The focus in the literature has been on the Secret Chats.
We focus on the security of the Cloud Chats.
Why not use TLS
instead of MTProto?
The Design of MTProto 2.0
The Design of MTProto 2.0
The Design of MTProto 2.0
Four Attacks Against Telegram
Four Attacks Against Telegram
Four Attacks Against Telegram
Four Attacks Against Telegram
Four Attacks Against Telegram
Timing Side-Channel Attacks Against Clients
Timing Side-Channel Attacks Against Clients
supplied by attacker
Timing Side-Channel Attacks Against Clients
supplied by attacker
Timing Side-Channel Attacks Against Clients
supplied by attacker
Timing Side-Channel Attacks Against Clients
supplied by attacker
Timing Side-Channel Attacks Against Clients
supplied by attacker
Timing Side-Channel Attacks Against Clients
supplied by attacker
Timing Side-Channel Attack Against Servers
Timing Side-Channel Attack Against Servers
Timing Side-Channel Attack Against Servers
Timing Side-Channel Attack Against Servers
Pavel Durov (
https://t.me/durovschat/515221
)
“Publishing the server code doesn’t guarantee privacy, because
- unlike with the client-side code - there’s no way to verify that
the same code is run on the servers. [..]
So why not publish the server code anyway, even if it is only a
publicity stunt? 3 years ago I learnt that an authoritarian regime
[..] was looking for a way to obtain Telegram’s server code. Their
plan was to launch their own equally convenient local app and
then to shut down all other social media in the country.”
Future Work
Large parts of Telegram’s design remain
unstudied
:
Secret chats (including encrypted voice and video calls).
The key exchange.
Multi-user security.
Forward secrecy.
Telegram Passport.
Bot APIs.
The higher-level message processing.
Control messages.
Encrypted CDNs.
Cloud storage.
These are pressing topics for future work.
Thanks!
More information at:
https://mtpsym.github.io/
Dostları ilə paylaş: | 
