Open Whisper Systems on Monday announced that the latest beta version of the Signal messaging app includes a new feature that aims to protect the identity of the sender.
Signal uses end-to-end encryption to protect messages and it avoids storing data such as contacts, conversations, locations, avatars, profile names, and group details. However, current stable versions do rely on the service knowing where a message comes from and where it’s going.
Signal developers hope to further reduce the amount of data accessible to the messaging service with a new feature, named “sealed sender,” that eliminates the need to know who the sender is.
The application’s developers noted that when the Signal client authenticates on the service it needs to validate the sender’s identity in order to prevent spoofing. The sender’s identity is also important for rate limiting and abuse prevention mechanisms.
The implementation of “sealed sender” meant that Open Whisper Systems had to come up with an alternative to these functions. The first issue was addressed by having the client periodically fetch a short-lived sender certificate that contains the user’s phone number and public identity key. By including this certificate in sent messages, receiving clients can easily check its validity and verify the sender’s identity.
As for abuse prevention, Signal developers have decided that an efficient alternative would be to use 96-bit delivery tokens derived by clients from the profile key. The tokens are registered with the service and clients are required to prove knowledge of the token when sending “sealed sender” messages.
“Since knowledge of a user’s profile key is necessary in order to derive that user’s delivery token, this restricts ‘sealed sender’ messages to contacts who are less likely to require rate limits and other abuse protection. Additionally, blocking a user who has access to a profile key will trigger a profile key rotation,” Signal’s Joshua Lund wrote in a blog post.
Users also have the option to allow anyone (i.e., people not in their contact list) to send “sealed sender” messages. However, Signal warned that this increases the risk of abuse.
Once the feature is rolled out to all users, messages will automatically be sent out without giving away the sender’s identity, at least whenever possible. In the meantime, “sealed sender” can be tested by installing the latest beta release.
“These protocol changes are an incremental step, and we are continuing to work on improvements to Signal’s metadata resistance. In particular, additional resistance to traffic correlation via timing attacks and IP addresses are areas of ongoing development,” explained Lund.
Open Whisper Systems has made significant improvements to Signal over the past years, but researchers have also discovered potentially serious security issues in the messaging service, including code execution vulnerabilities, failure to delete messages from devices, and bugs that could have been exploited to alter attachments.