Title: Security and privacy of secure messaging services : a case study of wire
Language: English
Authors: Boll, Andreas 
Qualification level: Diploma
Advisor: Weippl, Edgar 
Assisting Advisor: Merzdovnik, Georg 
Issue Date: 2020
Number of Pages: 70
Qualification level: Diploma
End-to-end encryption has become a requirement for secure messaging, which has improved a lot since Signal introduced the Double Ratcheting algorithm for end-to-end encryption. Although metadata is often needed by service providers to fulfill their tasks i.e. forward messages, it is usually not end-to-end encrypted. Another problem is that most mobile messaging apps depend on phone numbers as unique identifiers. However, it is increasingly difficult to acquire anonymous prepaid cards. Further, contact discovery often works via upload of the address book to the server, exposing sensitive data. Motivated to find a messaging service that does not have the above-mentioned drawbacks, this thesis shows how to evaluate the security and privacy of secure messaging services. For this, a case study of Wire was conducted and compared to other services i.e. Signal. The main questions answered in this thesis are (1) how can the security of the Wire protocol be evaluated, (2) how does Wire perform in trust establishment, conversation security and transport privacy compared to Signal and (3) how much metadata does Wire expose? To do this, a test setup with a self-hosted Wire server without AWS dependencies was built to inspect the Wire protocol, the REST API and the database, particularly for metadata. The Wire protocol was evaluated regarding trust establishment, conversation security and transport privacy. To help understanding the Wire protocol, a Pidgin plugin was developed which implements most features of Wire's protocol to support end-to-end encrypted messaging. Further, the production environments of Wire's and Signal's official servers were analyzed with a focus on TLS security, HTTP security headers and cookie security. To conclude, Wire has a good security level but has room for several improvements. Especially trust establishment and its usability should be advanced. Furthermore, Wire does expose a lot of metadata which should be reduced.
Keywords: Wire; Secure Messaging; End-to-End Encryption; Security; Privacy; Metadata
Wire; Secure Messaging; End-to-End Encryption; Security; Privacy; Metadata
URI: https://resolver.obvsg.at/urn:nbn:at:at-ubtuw:1-136677
Library ID: AC15631494
Organisation: E194 - Institut für Information Systems Engineering 
Publication Type: Thesis
Appears in Collections:Thesis

Files in this item:

Show full item record

Page view(s)

checked on Jun 15, 2021


checked on Jun 15, 2021

Google ScholarTM


Items in reposiTUm are protected by copyright, with all rights reserved, unless otherwise indicated.