Placeholder Image

字幕列表 影片播放

  • A lot of people are communicating over the internet on their phone now not just SMS, you know

  • Messages like signal whatsapp Facebook Messenger, they all have some kind of end-to-end encryption these days

  • so this is not the same as when you go online to let's say an online shop and

  • You immediately have a conversation and set up an encrypted connection. This is much slower than that and much more asynchronous

  • So there's a lot of difficulties when using instant messaging or you know

  • Application based messaging because we don't know really what's going on between between the two parties

  • So I send you a message theoretically some trustworthy server takes that message or forwards its on onto your your phone, right?

  • Theoretically right how much do we trust the server? I suppose it depends on the app

  • but

  • But in any case maybe we want to try and use a protocol that means even if we don't trust a server

  • There's not a lot the server can do right and that's what the signal protocol uses and by association

  • What's app, facebook instant messenger and things like this?

  • I'll put my phone down and we'll talk about Allison Bob again because we always talk about Allison Bob, right?

  • So they want to have a conversation via a server

  • Between themselves, right? Now the problem is that maybe Bob installed the application?

  • so he installed signal or whatsapp or something like this six months ago and

  • He's just waiting patiently for some friend to turn up and install the app as well, right?

  • I get lots of invites to install various different chat apps

  • Most of them I turned down because I don't want that many icons on my phone

  • So what will happen is Bob will start by installing the app and completely aside from whoever he wants to talk to later

  • He's going to send a few things to the server. He's going to send a public key. That's his identity

  • So that's his identity public key for Bob

  • This is going to be a public key on an elliptic curve

  • Like lots of the ones we've talked about and it'll have a private component or a private key associated with it

  • That will be kept to himself

  • He's also going to sign a public key to

  • Verify that he's in control of his private key

  • That's kind of standard in cryptography and then he's going to produce a list of one-time pre keys

  • remember that what he wants to do is have key exchange conversations between

  • Alice or Charlie or anyone else that comes along and he wants to do that not knowing when they're going to come along

  • So he's gonna send his parts of her messages ahead of time to the server

  • So he's going to have you know, one use public key here and another one

  • another one

  • And he's gonna numbered Eve or something like this. So this is one two, three and number four

  • So these are all public keys of which he has the private keys stashed on his phone ,right? On his application

  • Now the server is going to do this for anyone that installs the application, right? This will happen between your your

  • Your signal app and their service or your whatsapp and their servers and so on

  • What will happen next is some time down the line

  • Hopefully Bob's made some friends and they've agreed to talk to him on their phones

  • So Alice comes along and she wants to set up a communication with Bob now the exact same problems that Bob faced she faces

  • Right. The first one is the Bob might have his phone switched off so she can't start up a conversation

  • Right, and she also doesn't know where Bob is

  • So the server does have a server based on Bob mobile phone number or IP address or something?

  • We'll know how to get in contact with him

  • So she goes to the server and says I'd like to talk to Bob, but can I have a pre key bundle?

  • And this is a set of parameters from Bob or she can use to form a communication

  • So the server is going to send to Alice Bob's identity key

  • Bob's signed pre-key and one

  • Either at random or sequentially of these let's say number three of these one use keys is is going to be sent three

  • different public keys from Bob, right? Alice is going to generate an identity key of her own for Alice and

  • she's going to generate an ephemeral key, which is like a one use session key

  • Which is very common in diffie hellman for herself there. All right, what do all B's going to do?

  • Well, let's let's get rid of this paper or just move for sort of flopping around

  • So we've got a I seem to change pens, but it's not worry about that

  • I've got Bob's identity key that should identify him

  • Like if we know that Bob has the private key and we know that's Bob the fact that this key has been used means it

  • Must be Bob on the other end of a line

  • All right. That's a really good thing to know his sign pre key for Bob

  • This stops the server messing about of his pre keys because he signed it and a server can't do that and a one use

  • Public key for Bob and what that's going to do is make sure that no one can replay attack Bob by sending this whole conversation again later

  • Bob is gonna delete this when he's seen it for the first time

  • So when you fetch a pre-key bundle and you use it to talk to someone on one of these apps

  • They will delete that pre-key so that they can never use it again, and we've got Alice

  • We've got the identity key from Alice and her a femoral key now. I'm going to use a different pen

  • We've got five different public keys here

  • right, and we're going to perform four Diffie-Hellman, right, which is again a little bit hairy, but you know

  • Bear with me to remind you

  • we did a video on Diffie-Hellman which you might like to watch but

  • What difficult as you both send public key to each other you exchange them you use your secrets to calculate a shared secret

  • So any of these two?

  • Public keys can be combined to create a shared secret, right?

  • But if you only use two of them, you're not getting the whole picture and you're not, you know, for example

  • If you only use Bob's identity key and Alice is a ephemeral key

  • You aren't guaranteeing the identity of Alice by verifying this particular identity key here. Every public version has a private one

  • So there's going to be a little little private identity key for Alice

  • Little private ephemeral key for Alice and there you get used within the mathematic and the same on the other side

  • So there's a little one for Bob. So this is identity key

  • for Bob

  • I've gone out too many and this one is that it's let's say number. This was number three, wasn't it?

  • So so let's put in number three here. Bob's got a whole list of these right?

  • So he's got a whole list of these one two, three

  • And this is the one he's going to use. Alice is gonna perform Diffie-Hellman exchange four times, right?

  • So he's gonna do this one here. She's going to do this one here. She's going to do this one here

  • That's number three and she's going to do this one here number four, right?

  • So she's bringing all the keys into play then she's going to produce one master key

  • Shall we say with all of these pre master secrets? So she's going to take one and she's going to append it to two

  • She's gonna append it to three append it to four. She's gonna put that through something called a key derivation function

  • Which for the sake of simplicity we'll just say the very similar to a hash function and that's going to produce her master secret

  • She can then use that to encrypt things and

  • theoretically when she sends a message to Bob, Bob would be able to do the same thing and no one else will

  • Right, so she'll send a message including something encrypted

  • Her identity key and her ephemeral key

  • Bob will do the exact same procedure

  • And then he will be able to send her a message back the way that the signal protocol works with

  • With Alice and Bob and the server in between is called triple. Diffie-hellman

  • Why are we doing all these Diffie-Hellman, right?

  • In previous video, we just had a public key for Alice and a public key for Bob

  • We seem to be wasting a lot of time

  • Well, each of these different Diffie-Hellman exchanges gives us something different

  • But the really important ones I want to talk about are the ones involving these identity keys here the identity keys prove who you are

  • But of course if I'm Alice and you're Bob and I send you an identity key for myself

  • It doesn't prove who I am at all. I've just it's just a number. It doesn't say anything, right?

  • So, how do I actually how do you actually know that the message came from me?

  • Right and the answer is actually what you need to do is look at this number off line

  • Out-of-band you need to go outside of the normal line of communication over the Internet and face-to-face

  • Look at this number and if you see that, it's right, then, you know, they must have been me having this conversation

  • Okay, so I can send you a message using signal right? You've installed signal your Bob. I'm Alice in this case, right?

  • So you've already sent your pre keys to the server. Just waiting to go

  • I

  • My met my phone will send a message a server and say can I get a pre key bundle and then we'll perform an exchange

  • Right something like that. So I'm gonna send you a message. It's not going to be interesting. Hello

  • All right, so I send you a message

  • Hopefully it pops up on your phone. It does. There we go. I mean this is good evidence, but it was me

  • I literally sent a message and it appeared on your phone, but that didn't always happen in instant messaging so sometimes

  • I'm not around or you're not around at a time

  • So how did you know when it pops up my name on here?

  • but it is me and the answer is you don't write someone could have the server or someone else could have

  • Intercepted these messages and performed a man-in-the-middle attack, right the only way we can verify it

  • Is to check out each other's public keys by our identity keys

  • so the way that signal does this is it takes the identity public key of alice and the identity public key of

  • Bob and it combines them using a hash function into a safety number right that safety number is essentially a summary of our two

  • Public identity keys, right if we have the same safety number, that means we're having a conversation with the text

  • Same two identity keys, which means it must be a conversation just between us - that's the idea. So, let's have a look

  • I'm gonna go into my safety number and they're the same and

  • In in signal actually, you can press this a verified button, which says we've looked at these out-of-band

  • This is called an out-of-band communication because we're not using the normal encryption to verify our keys

  • So now actually when we send messages it will show as verified. So in whatsapp. It's not called a safety number

  • It's just called a security code, but you can see it's absolutely the same now, of course what most people don't do

  • It's right. Most people say messages in assume

  • There isn't a man in the middle and in all likelihood there probably isn't but if you want to be really sure

  • Maybe have a look at your safety number

  • We've only covered half the story we talked about this pre key bundles and this this initial triple. Diffie-hellman

  • I mean, we all have phones we talk about batteries all the time. So

  • If you hypothetically picked four words that were in the top 500

A lot of people are communicating over the internet on their phone now not just SMS, you know

字幕與單字

影片操作 你可以在這邊進行「影片」的調整,以及「字幕」的顯示

B1 中級

即時通訊和信號協議 - Computerphile (Instant Messaging and the Signal Protocol - Computerphile)

  • 0 0
    林宜悉 發佈於 2021 年 01 月 14 日
影片單字