[PDF] terminale stmg rhc matières
[PDF] facebook fr
[PDF] facebook mobile
[PDF] facebook recherche
[PDF] facebook connection
[PDF] méthode facile ? lire et ? comprendre
[PDF] facile ? lire bibliothèque
[PDF] gestion finance stmg formule
[PDF] gestion finance stmg exercice
[PDF] terminale stmg gestion et finance débouchés
[PDF] terminale stmg gestion et finance matieres
[PDF] bac gestion finance 2016 corrigé
[PDF] livre gestion finance terminale stmg corrigé
[PDF] sujet gf 2017
[PDF] sujet bac gestion 2015
Facebook "f" LogoCMYK / .epsFacebook "f" LogoCMYK / .eps
MessengerSecretCon versations
TechnicalWhitepaper
Version2.0
May18,2017
VersionHistory:
2.0 - May 18,2017
1.0 - Jul8,2016
©2017Facebook,Inc.All rightsreser ved
messengersecretconvers ationstechnical whitepaper3
Contents
Introduction4
TransportProtocolOverview5
AbuseReporting11
MessageStorage13
Conclusion15
messengersecretconvers ationstechnical whitepaper4
Introduction
Inthisdocument wepr ovidea brieftechnicalovervie wofSecret Conversations - aspecialized conversationmode withinFace- bookMessenger. SecretConversationsprovidesend-to-end encryptionformessages usingkeys thatareonlyav ailableonusers' devices. SecretConversationsisadistinct conversationmode inside FacebookMessenger .Individualsecretconversations aredispla yed asseparatethr eadsinMessenger andsharemanyUXelements with regularMessengerconversations.Ho we ver,SecretConversa- tionsusesadif ferent transportprotocol,specialisedon-devicestor- ageandseparate back-endinfrastructure. TheSecretConversationsthreatmodelconsidersthe com- promiseofserver andnetworking infrastructureusedbyMessenger - Facebook's included.Attemptsto obtainmessageplaintext orfal- sifymessagesb yFacebookor networkprovidersr esultinexplicit warningstotheuser.We assumehow ever thatclientsareworking as designed,e.g.that theyar enotinfected withmalware. SecretConversationsreliesupontheSignalPr otocol.Messen- gerusesSignal Protocol'simplementation asav ailableintheopen- sourcelibsignal-protocol-javaandlibsignal-protocol-clibrariesforAndr oid andiOSr espectively. SecretConversationsalsoincorporates abuse-reportingfeatureswhichar enotpresentinother platforms whichusethe SignalPr otocol. Inthisdocument wedescribe SecretConversations,starting withthetransport protocol.W ethenco verabusereportingand close withhow wehandleon-devicestorage. messengersecretconvers ationstechnical whitepaper5
TransportProtocolOverview
Messagesare onlyaccessiblefromthede viceswhichparticipate ina conversationwhentheconv ersationoccurs.This differsfr omregular Messengerconversations whicharestored server -sideandareac- cessiblefrom anydeviceconnectedtothe participatingFacebook ac- counts;includingpr esentandfutur edevicesandbro wserinstances. Instead,touse SecretConversationsusersenablesome subset ofdevices, suchastheirmobilephoneand atablet, uponwhichonly theirfuture secretconversationswillbe available.
DeviceManagement
Ausercan enableordisable ade viceforS ecretConversationsat anypoint, andcandisable otherdevices remotelyfr omanycurr ently enableddevice. SecretConversationsmayalsobeenabledor disabledautomatically. Whenauserlogsinto acompatiblev ersionof Messenger,thenewde vicegetsenabled forusewithSecretCon- versations.Facebookdisables devicesafter theyha vebeenoffline foraperiod ofat least30days.Uponenablingane wdevice existing SecretConversationsmessagesandcr yptographickeys arenot transferredtothenew device. Wheneverthelistofdevices onwhichS ecretConversationsis enabledchanges foranaccount, Messengerdisplays awar ningthat thisoccurred. Whenauser'so wnsetof enableddevices changes,all oftheirother devicesenabled forS ecretConversationsproac- tivelyreceivean update.Peoplewithpre-existingsecretconversa- tionswith theuserwho changedtheirlist ofenabledde vicesreceiv e thesamew arning whentheyreturntothesepr e-existingconversa- tions. Facebookbouncesmessages senttoan incorrectlist ofpartici- pants,andincludes thecorr ectdevice listwithinthat bounce.Mes- sengerdoesnot automaticallyresend bouncedmessageswhen new devicesareaddedto asecretconversation -anexplicit resendaction fromtheuserisr equired.Messenger ,ho wev er,mayautomatically messengersecretconvers ationstechnical whitepaper6 resendmessageswithoutuserinteraction incaseof devicer emoval, asnode vicewillr eceivethemessagethatthe senderhasnot been notifiedabout. Keys Eachdevice managesvariouscryptographic keys.All keysaregener- atedorderiv edon-de vice.Privatekeysar eneversentto Facebook. Publickeys Allpublic keyoperations useCurve25519.Eachde vice usesthe followingpublic-secr etkeypairs: •TheIdentityKeykeypair(IK pk ,IK sk ).Thisis along-term keypair whichisgenerated thefirsttime Messengerruns. •TheSignedPre-Key keypair(SPK pk ,SPK sk ).This isamedium-ter m keypairwhichisrotated periodically.It issignedb yIK sk •TheOne-TimePre-Keykeypairs(OTPK pk ,OTPK sk ).Theseke ypairs aregeneratedinbatchesb yclients.The yfacilitateasynchr onous conversationinitiation. 11
Theclientalso generatesa single
Last-ResortPre-Key .Thisis usedlike
aOne-TimePre-Key,butis simply providedwhentheserverhas noOne-
TimePre-Keysavailableforagiven
device. •TheEphemeralKeykeypairs(EK pk ,EK sk ).A newephemeral keypair isgeneratedfor eachround ofcommunication withinasecr et conversationandissubsequentlydiscar ded. PairwiseSessionkeys Whenstartinga pairwisecr yptographicchan- neltheparticipating devicesderiv esymmetricsession keys.These are: •TheRootKey( RK)isa256-bitkey whichisusedtoderive Chain
KeysintheSignalPr otocolratchets.
•ChainKeys (CK)areeach256-bitvalues whichareusedtoderiv e
MessageKeys.
•MessageKeys (MK)areeach640-bitvalues whichconsistof256bits foranAES- 256key,256bitsforan HMAC·SHA256key,and128bits foranInitialization Vector(IV) forAES-CBC encryption. MulticastSessionkeys InSecretConversationsinvolvingmore than2deviceseachdevice usessessionke ysforsendingmessages.
Theseare:
•SenderChain Keys(SCK)are256-bitvalues usedtoderiveSender
MessageKeys.
messengersecretconvers ationstechnical whitepaper7 •SenderMessage Keys(SMK)are384-bitvalues consistingof256bits foranAES- 256key,and128bitsforan InitializationVector (IV)for
AES-CBCencryption.
•SenderSigning Keys(SSK)arekeypairs usedtosignmulticast messages. WhenMessengerinitialises SecretConversationsitgenerates andthenuploads toFacebookits permanentIK pk andthecurr ent SPK pk .Itgenerates abatchof one-timepre-ke ykeypairs anduploads theirpublicparts toFacebook ondemand.
PairwiseChannelInitiation
Eachde viceinasecretconv ersationmustha vea pairwisechannel witheachother device beforeit cansendmessages.Eachpairwise channelconsistsof twode vices:oneInitiatordeviceandoneRespon- derdevice(IandRrespectively).LetHKDFbeasecur ehash-based keyderivationfunction,and ECDHindicatetheelliptic curv eDiffie- Hellmanfunctionapplied toasecr etand publickey .To createanew pairwisechannel:
1.TheInitiatorobtains fromFacebook IK
R pk ,SPK R pk andOTPK R pk for anone-timepr e-keyke ypairgeneratedbytheResponderdevice.
2.FacebookdeletesOTPK
quotesdbs_dbs2.pdfusesText_3
Messenger by the numbers