Politecnico di Torino (logo)

WhatsApp: cryptographic aspects

Andrea Gangemi

WhatsApp: cryptographic aspects.

Rel. Antonio Jose' Di Scala. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Matematica, 2019

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (1MB) | Preview

In the last years, the birth of instant messaging applications transformed the communication, allowing everyone to contact immediately any other person. Of course, two of the main tasks of a communication app are security and speed: we must be sure about who is receiving our message and that no one can intercept the message, but at the same time we need to reach our contacts without having to wait for minutes or hours. That’s why WhatsApp, one of the main apps in this field, signed in 2014 a pact with the Open Whisper Systems to use their Signal protocol, which guarantees end-to-end-encryption. The aim of this thesis is to describe in detail the cryptographic protocol used by WhatsApp. The first part of the work contains the theory needed to fully understand the protocol. In this regard, first of all we recap the cryptographic primitives used by WhatsApp in its protocol, such as AES, HMAC or SHA-2. After that, we introduce elliptic curves: we describe their arithmetic and the essential properties to understand Elliptic Curve Cryptography (ECC). We discuss the strengths of ECC, like the performance advantage it has over other famous cryptosystems such as RSA, and its weaknesses, like the difficulty of their implementation due to their complexity. The main focus will be on Montgomery Curves and especially on Curve25519, which is the curve chosen by WhatsApp to generate key pairs for their users. They chose this curve because of an algorithm known as Montgomery Ladder, which speeds up the computations. In the second part of the thesis, we describe the protocol used by the WhatsApp end-to-end encryption: it is called Signal Protocol and it guarantees that third parties, including WhatsApp itself, do not have access to our messages or calls. On this matter, we show how the protocol is resistant to many attacks, such as the man-in-the-middle attack. We then explain how keys are generated and how to establish an encrypted session: for security, WhatsApp servers don’t know private keys of their users, but users can verify keys if they want to be sure about the integrity of the communication. Finally, we explain in detail how messages (texts messages, medias, other attachments and so on) are exchanged and how calls are managed. The main focus of this part is the Double Ratchet algorithm. We also give some details on how multi communication is handled (Sesame), on how WhatsApp implements group chats and on extra WhatsApp features like statuses or live locations.

Relators: Antonio Jose' Di Scala
Academic year: 2019/20
Publication type: Electronic
Number of Pages: 115
Corso di laurea: Corso di laurea magistrale in Ingegneria Matematica
Classe di laurea: New organization > Master science > LM-44 - MATHEMATICAL MODELLING FOR ENGINEERING
Aziende collaboratrici: UNSPECIFIED
URI: http://webthesis.biblio.polito.it/id/eprint/11988
Modify record (reserved for operators) Modify record (reserved for operators)