Sciweavers

WPES
2005
ACM

Secure off-the-record messaging

14 years 5 months ago
Secure off-the-record messaging
At the 2004 Workshop on Privacy in the Electronic Society (WPES), Borisov, Goldberg and Brewer, presented “Off the Record Messaging” (OTR), a protocol designed to add endto-end security and privacy to Instant Messaging protocols. An open-source implementation of OTR is available and has achieved considerable success. In this paper we present a security analysis of OTR showing that, while the overall concept of the system is valid and attractive, the protocol suffers from security shortcomings due to the use of an insecure key-exchange protocol and other problematic design choices. On the basis of these findings, we propose alternative designs and improvements that strengthen the security of the system and provide the originally intended features of the protocol, including deniability, in a sound and well-defined sense. Categories and Subject Descriptors K.4.1 [Computer and Society]: Public Policy Issues – Privacy; K.6.5 [Management of Computing and Information Systems]: Secu...
Mario Di Raimondo, Rosario Gennaro, Hugo Krawczyk
Added 26 Jun 2010
Updated 26 Jun 2010
Type Conference
Year 2005
Where WPES
Authors Mario Di Raimondo, Rosario Gennaro, Hugo Krawczyk
Comments (0)