DC FieldValueLanguage
dc.contributor.advisorWeippl, Edgar-
dc.contributor.authorBoll, Andreas-
dc.date.accessioned2020-06-27T20:08:43Z-
dc.date.issued2020-
dc.date.submitted2020-
dc.identifier.urihttps://resolver.obvsg.at/urn:nbn:at:at-ubtuw:1-136677-
dc.identifier.urihttp://hdl.handle.net/20.500.12708/1313-
dc.description.abstractEnd-to-end encryption has become a requirement for secure messaging, which has improved a lot since Signal introduced the Double Ratcheting algorithm for end-to-end encryption. Although metadata is often needed by service providers to fulfill their tasks i.e. forward messages, it is usually not end-to-end encrypted. Another problem is that most mobile messaging apps depend on phone numbers as unique identifiers. However, it is increasingly difficult to acquire anonymous prepaid cards. Further, contact discovery often works via upload of the address book to the server, exposing sensitive data. Motivated to find a messaging service that does not have the above-mentioned drawbacks, this thesis shows how to evaluate the security and privacy of secure messaging services. For this, a case study of Wire was conducted and compared to other services i.e. Signal. The main questions answered in this thesis are (1) how can the security of the Wire protocol be evaluated, (2) how does Wire perform in trust establishment, conversation security and transport privacy compared to Signal and (3) how much metadata does Wire expose? To do this, a test setup with a self-hosted Wire server without AWS dependencies was built to inspect the Wire protocol, the REST API and the database, particularly for metadata. The Wire protocol was evaluated regarding trust establishment, conversation security and transport privacy. To help understanding the Wire protocol, a Pidgin plugin was developed which implements most features of Wire's protocol to support end-to-end encrypted messaging. Further, the production environments of Wire's and Signal's official servers were analyzed with a focus on TLS security, HTTP security headers and cookie security. To conclude, Wire has a good security level but has room for several improvements. Especially trust establishment and its usability should be advanced. Furthermore, Wire does expose a lot of metadata which should be reduced.en
dc.formatxi, 70 Seiten-
dc.languageEnglish-
dc.language.isoen-
dc.subjectWirede
dc.subjectSecure Messagingde
dc.subjectEnd-to-End Encryptionde
dc.subjectSecurityde
dc.subjectPrivacyde
dc.subjectMetadatade
dc.subjectWireen
dc.subjectSecure Messagingen
dc.subjectEnd-to-End Encryptionen
dc.subjectSecurityen
dc.subjectPrivacyen
dc.subjectMetadataen
dc.titleSecurity and privacy of secure messaging services : a case study of wireen
dc.typeThesisen
dc.typeHochschulschriftde
dc.publisher.placeWien-
tuw.thesisinformationTechnische Universität Wien-
dc.contributor.assistantMerzdovnik, Georg-
tuw.publication.orgunitE194 - Institut für Information Systems Engineering-
dc.type.qualificationlevelDiploma-
dc.identifier.libraryidAC15631494-
dc.description.numberOfPages70-
dc.identifier.urnurn:nbn:at:at-ubtuw:1-136677-
dc.thesistypeDiplomarbeitde
dc.thesistypeDiploma Thesisen
item.openairetypeThesis-
item.openairetypeHochschulschrift-
item.openaccessfulltextOpen Access-
item.languageiso639-1en-
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.grantfulltextopen-
item.fulltextwith Fulltext-
item.cerifentitytypePublications-
item.cerifentitytypePublications-
Appears in Collections:Thesis

Files in this item:


Page view(s)

56
checked on Jul 29, 2021

Download(s)

88
checked on Jul 29, 2021

Google ScholarTM

Check


Items in reposiTUm are protected by copyright, with all rights reserved, unless otherwise indicated.