SlideShare a Scribd company logo

Messenger Secret Conversations Technical Whitepaper

G
Guillermo Alberto Sánchez Delgado

Descripción técnica del funcionamiento de la encriptación de Messenger Facebook.

Internet
1 of 11
Download to read offline
CMYK / .eps Facebook “f” Logo CMYK / .eps Messenger Secret Conversations Technical Whitepaper July 8, 2016
messenger secret conversations technical whitepaper 2 Contents Introduction 3 Transport Protocol Overview 4 Abuse Reporting 8 Message Storage 10 Conclusion 11
messenger secret conversations technical whitepaper 3 Introduction In this document we provide a brief technical overview of Secret Conversations — a specialized conversation mode within Face- book Messenger. Secret Conversations provides end-to-end encryption for messages using keys that are only available on users’ devices. Secret Conversations is a distinct conversation mode inside Facebook Messenger. Individual secret conversations are displayed as separate threads in Messenger and share many UX elements with regular Messenger conversations. However, Secret Conversa- tions uses a different transport protocol, specialised on-device stor- age and separate back-end infrastructure. The Secret Conversations threat model considers the com- promise of server and networking infrastructure used by Messenger — Facebook’s included. Attempts to obtain message plaintext or fal- sify messages by Facebook or network providers result in explicit warnings to the user. We assume however that clients are working as designed, e.g. that they are not infected with malware. Secret Conversations relies upon the Signal Protocol. Messen- ger uses Signal Protocol’s implementation as available in the open- source libsignal-protocol-java and libsignal-protocol-c libraries for Android and iOS respectively. Secret Conversations also incorporates new abuse-reporting features which are not present other platforms which use the Signal Protocol. In this document we describe Secret Conversations, starting with the transport protocol. We will then cover abuse reporting and close with how we handle on-device storage.
messenger secret conversations technical whitepaper 4 Transport Protocol Overview Secret Conversations is a device-to-device conversation mode. Messages are only accessible from the two devices which participate in a conversation. This differs from regular Messenger conversations where users are typically logged in with the same Facebook account in multiple devices and browser instances. Instead, to use Secret Conversations users designate a preferred device upon which their secret conversations will be available, e.g. their primary phone. Keys Each device manages various cryptographic keys. All keys are gener- ated or derived on-device. Private keys are never sent to Facebook. Public keys All public key operations use Curve25519. Each device uses the following public-secret keypairs: • The Identity Key keypair (IKpk, IKsk). This is a long-term keypair which is generated the first time Messenger runs. • The Signed Pre-Key keypair (SPKpk, SPKsk). This is a medium-term keypair which is rotated periodically. It is signed by IKsk. • The One-Time Pre-Key keypairs (OTPKpk, OTPKsk). These keypairs are generated in batches by clients. They facilitate asynchronous conversation initiation. • The Ephemeral Key keypairs (EKpk, EKsk). A new ephemeral keypair is generated for each round of communication within a secret conversation and is subsequently discarded. Session keys When starting a secret conversation the participating devices derive symmetric session keys. These are: • The Root Key (RK) is a 256-bit key which is used to derive Chain Keys in the Signal Protocol ratchets.
messenger secret conversations technical whitepaper 5 • Chain Keys (CK) are each 256-bit values which are used to derive Message Keys. • Message Keys (MK) are each 640-bit values which consist of 256 bits for an AES-256 key, 256 bits for an HMAC·SHA256 key, and 128 bits for an Initialization Vector (IV) for AES-CBC encryption. When a Messenger initialises Secret Conversations it gen- erates and then uploads to Facebook its permanent IKpk and the current SPKpk. It also generates a batch of one-time pre-key keypairs and uploads their public parts to Facebook. Conversation Initiation Each secret conversation consists of two devices: one Initiator de- vice and one Responder device (I and R respectively). Let HKDF be a secure hash-based key derivation function, and ECDH indicate the elliptic curve Diffie-Hellman function applied to a secret and public key. To create a new conversation: 1. The Initiator obtains from Facebook IKR pk, SPKR pk and OTPKR pk for one one-time pre-key keypair generated by the Responder device. 2. Facebook deletes OTPKR pk from the Responder’s list of available one-time pre-keys. 3. The Initiator generates a fresh ephemeral keypair (EKI pk, EKI sk). 4. The Initiator now computes the first root key RK as follows: a = ECDH(IKI sk, SPKR pk), b = ECDH(EKI sk, IKR pk) c = ECDH(EKI sk, SPKR pk), d = ECDH(EKI sk, OTPKR pk) RK = HKDF(a||b||c||d) Using the RK the Initiator can calculate the first CK and MK (as described next) and use those to start sending messages. 5. The Initiator sends the first encrypted message to the Responder, including the fresh EKI pk it generated previously. Upon receiving the first encrypted message the Responder: 1. Recomputes RK as above by performing the four ECDH operations using the other part of the same keypairs available locally. 2. Recomputes the first CK and MK, and decrypts the message. 3. Deletes (OTPKR pk,OTPKR sk) from its local storage.
messenger secret conversations technical whitepaper 6 Message exchange Each message in Secret Conversations is encrypted with AES·CBC and authenticated using HMAC·SHA256. The unique MK is derived from the current CK and RK. Their first value is: CK = RK MK = HKDF(CK) In each message exchange, the sender generates a fresh ephemeral keypair (EKsender pk , EKsender sk ) and includes the public part in the out- going message. The recipient calculates the current MK value using EKsender pk and can decrypt the message. It too then generates a fresh ephemeral keypair (EKreceiver pk , EKreceiver sk ) and derives new keys RK , CK and MK for use with the next response by updating the previous symmetric key values as follows: RK , CK = HKDF(ECDH(EKreceiver sk , EKsender pk )) MK = HKDF(CK ) If a second message is sent before the opposing party responds, the sender uses a new chain key CK = HKDF(CK) and a corresponding MK = HKDF(CK ). The Signal Protocol’s implementation is open-source and available at https://github.com/whispersystems/libsignal-protocol-java/. Image Attachments If a message includes images they are encrypted and uploaded to Facebook. For each image, the sender: 1. Generates a pseudorandom 256-bit AES key K and a 96-bit pseu- dorandom Initialization Vector IV. 2. Encrypts the image using AES-GCM1 encryption using K and IV. 1 Messenger uses the AES-GCM imple- mentation provided by OpenSSL. On Android, Messenger employs Conceal. Conceal is open-source and available at https://facebook.github.io/conceal/ The IV is placed into the header (Associated Data) of the GCM encryption. The IV and the GCM authentication tag are attached to the resulting ciphertext to form the encrypted file. 3. Computes a SHA256 hash H of the resulting encrypted file and uploads the file to Facebook. The sender obtains a unique identi- fier for future retrieval. 4. Encodes the unique identifier, K, H, image metadata, and an op- tional thumbnail into a message. The message is encrypted and sent to the recipient who downloads the content, verifies the hash H, and decrypts the file using K.
messenger secret conversations technical whitepaper 7 Stickers Stickers are images chosen from a set of collections hosted by Face- book. Each sticker is referenced by a unique identifier. The sender chooses a sticker to attach in a conversation from a set of sticker pre- views available in the message composer. The sender then sends the corresponding sticker identifier as an encrypted message to the re- cipient. Unless the sticker file is available locally, both the sender and the receiver submit the sticker identifier to Facebook and download the corresponding sticker file. Facebook may infer the use of individ- ual stickers when they are first used on a device but devices cache sticker files and avoid repeat fetches if a sticker is later reused. Conversation Metadata During a secret conversation, devices generate metadata such as de- livery and read receipts to indicate successful message transmission and display, respectively. Conversation metadata such as delivery and read receipts do not contain message plaintext and are not end- to-end encrypted. Key Verification For every secret conversation Messenger exposes in its interface both participants’ identity keys (i.e. IKpk). Users may optionally verify these keys in order to ensure no man-in-the-middle attack is compro- mising their secret conversations. Messenger displays the 256-bit IKpk values in hexadecimal format. Device Switchover At any point a user may designate a new preferred device to use with Secret Conversations. Existing messages or cryptographic keys are not transferred to the new preferred device. Facebook re- sponds with a message-bounced error to any future messages sent to the old preferred device by users with pre-established secret con- versations. Senders that receive such bounces initiate a new secret conversation with the new preferred device and display identity-key- changed warnings to the user2. Messenger does not automatically 2 In the sender device Messenger automatically merges the two secret conversations into a single thread. resend bounced messages to the new preferred device — an explicit resend action from the user is required.
messenger secret conversations technical whitepaper 8 Abuse Reporting A participant in a secret conversation may voluntarily notify Face- book of abusive content3. Facebook uses such reports to identify 3 The user interface for abuse reporting is currently under development.users who violate Facebook’s terms of service. The ability to report abuse does not represent a relaxation of the end-to-end encryption guarantees of Secret Conversations. Face- book will never have access to plaintext messages unless one partici- pant in a secret conversation voluntarily reports the conversation. Secret Conversations includes a mechanism to perform “franking” of messages sent through Facebook. This mechanism is analogous to placing a cryptographic stamp on the message, without learning the message content. Franking The franking mechanism must satisfy three main guarantees: au- thenticity, confidentiality and third-party deniability. The authenticity property ensures that if a user submits an report then the message must have legitimately originated from the sender’s device. The con- fidentiality property ensures that no outside party — including Face- book — should learn the content of a message unless a participant in a secret conversation voluntarily shares that information. Finally, the third-party deniability property ensures that no party outside of Facebook can cryptographically determine the validity of a report. Franking tag Authenticity for messages in a secret conversation is provided by the Franking tag TF. Senders must send the Franking tag along with each encrypted message. To compute TF, the sender first generates a 256-bit random nonce NF. NF is added to the unen- crypted message being transmitted. Next, the entire data structure is serialized into a string M, and TF is computed as: TF = HMAC·SHA256(NF, M) NF remains within the serialised, encrypted data sent to the recipient. The sender destroys any other copies of NF after transmission. TF is
messenger secret conversations technical whitepaper 9 transmitted to Facebook along with each encrypted message. Franking messages When Facebook receives TF, it uses a Facebook key KF to compute the Reporting tag RF over TF and conversation context (e.g., sender and recipient identifiers, timestamp) as: RF = HMAC·SHA256(KF, TF context) Both TF and RF are sent to the recipient along with the encrypted message. The recipient decrypts the ciphertext, parses the resulting plaintext to obtain NF, and verifies the structure of TF prior to dis- playing the message. If TF is not verified then the recipient discards the message without displaying it. The recipient stores the message M, NF, TF, RF and context in its local storage. Reporting abuse To report abuse, the recipient of a message submits to Facebook the full serialized message plaintext, RF, NF, and context. Upon receiving this message Facebook first recomputes TF and then validates RF using the provided information as well as its internal key KF. Security and Privacy The authenticity properties of the franking mechanism are based on reasonable assumptions about the collision- resistance of the SHA256 hash function and the unforgeability of HMAC·SHA256. Authenticity In order to “forge” invalid content M , a user must either (a) produce a forged HMAC tag under Facebook’s key KF, or (b), identify a collision NF , M , context such that the HMAC of these values is equal to the HMAC of a different valid message M sent through Facebook. Confidentiality Similarly, under reasonable assumptions about HMAC·SHA256, the resulting tag reveals no information about the message to Facebook or to eavesdroppers. Third-party deniability The guarantee holds under the assumption that HMAC·SHA256 is a pseudorandom function and that KF is never publicly revealed. Facebook rotates KF periodically.
messenger secret conversations technical whitepaper 10 Message Storage Secret Conversations plaintext messages are stored permanently only on the devices that participate in each conversation. Plaintext messages are protected using on-device symmetric-key encryption and optional Disappearing Messages functionality. On-device encryption ensures that messages stored permanently on a particular device are only accessible while a user is authenti- cated to Facebook. Messenger allows users to switch accounts. While a second user is logged in to a particular device messages of the first user should not be accessible. However, when the first user returns to the same device they should find their messages intact. To fulfill these requirements, clients employ two encryption keys: Klocal and Kremote. Both these keys are used for AES-GCM encryp- tion. Klocal is generated on-device and never leaves the device it was generated on. It is used to encrypt plaintext messages before these are stored permanently on a device. Kremote is a long-term, user- specific key held on Facebook and delivered to the device when a user authenticates. It is used to encrypt Klocal in local storage4. When 4 Kremote is currently only available and used to encrypt Klocal on Android. On iOS the feature is under development. Messenger switches accounts the device persists an encrypted version of Klocal and erases Kremote. Upon successful reauthentication the de- vice obtains Kremote from Facebook, uses it to decrypt Klocal and gains access to messages. On iOS, database files are protected using the filesystem protection level FileProtectionComplete. This ensures that database files can no longer be accessed shortly after the user locks their device. The key used for local storage, i.e. Klocal, is stored in keychain using the kSecAttrAccessibleWhenUnlockedThisDeviceOnly attribute. Disappearing Messages ensures that messages are no longer visible within a selected time after they are sent or received. In Dis- appearing Messages a timeout value is added to the message data structure before serialisation and encryption. Both devices automati- cally hide messages that specify a timeout once the message timeout has elapsed. The actual deletion of message plaintext from local stor- age occurs shortly after each message has expired5 in order to enable 5 Messages are currently deleted imme- diately after expiration. An additional timeout will be introduced once abuse reporting becomes available. abuse reporting in the interim.
messenger secret conversations technical whitepaper 11 Conclusion Secret Conversations is a new conversation mode in Messenger. Messages in Secret Conversations are encrypted end-to-end between the sender and the recipient using the Signal Protocol and its open-source implementations. Third parties — Facebook included — do not have access to message plaintext and messages can only be decrypted by their intended recipient. Users may inspect the identity keys used for end-to-end encryption and verify the confidentiality and authenticity of their communications. Decrypted messages do not leave the devices that participate in the conversation. Users retain the ability to report abusive content to Facebook.

Recommended

Simple chat room using python
Simple chat room using pythonSimple chat room using python
Simple chat room using pythonVISHAL VERMA
 
Chat server nitish nagar
Chat server nitish nagarChat server nitish nagar
Chat server nitish nagarNitish Nagar
 
Machine Problem 1: Let's chat
Machine Problem 1: Let's chatMachine Problem 1: Let's chat
Machine Problem 1: Let's chatbutest
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4Deepak John
 
Socket Programming by Rajkumar Buyya
Socket Programming by Rajkumar BuyyaSocket Programming by Rajkumar Buyya
Socket Programming by Rajkumar BuyyaiDhawalVaja
 
Multiuser chat application using java
Multiuser chat application using javaMultiuser chat application using java
Multiuser chat application using javaasifnoman240
 
PyNet
PyNetPyNet
PyNetwebuploader
 
Multi user chat system using java
Multi user chat system using javaMulti user chat system using java
Multi user chat system using javaAkhil Goutham Kotini
 

Recommended

Simple chat room using python
Simple chat room using pythonSimple chat room using python
Simple chat room using pythonVISHAL VERMA
 
Chat server nitish nagar
Chat server nitish nagarChat server nitish nagar
Chat server nitish nagarNitish Nagar
 
Machine Problem 1: Let's chat
Machine Problem 1: Let's chatMachine Problem 1: Let's chat
Machine Problem 1: Let's chatbutest
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4Deepak John
 
Socket Programming by Rajkumar Buyya
Socket Programming by Rajkumar BuyyaSocket Programming by Rajkumar Buyya
Socket Programming by Rajkumar BuyyaiDhawalVaja
 
Multiuser chat application using java
Multiuser chat application using javaMultiuser chat application using java
Multiuser chat application using javaasifnoman240
 
PyNet
PyNetPyNet
PyNetwebuploader
 
Multi user chat system using java
Multi user chat system using javaMulti user chat system using java
Multi user chat system using javaAkhil Goutham Kotini
 
Esp32 bluetooth networking_user_guide_en
Esp32 bluetooth networking_user_guide_enEsp32 bluetooth networking_user_guide_en
Esp32 bluetooth networking_user_guide_enShubham Jaiswal
 
Skype and icq referat final - copy
Skype and icq referat final - copySkype and icq referat final - copy
Skype and icq referat final - copyMatej Kostroš
 
Chapter 6-Remoting
Chapter 6-RemotingChapter 6-Remoting
Chapter 6-RemotingHoàng Hải Nguyễn
 
Eternal blue Vulnerability
Eternal blue VulnerabilityEternal blue Vulnerability
Eternal blue Vulnerabilitykandelrc
 
Socket
SocketSocket
SocketAmandeep Kaur
 
Advance Java-Network Programming
Advance Java-Network ProgrammingAdvance Java-Network Programming
Advance Java-Network Programmingashok hirpara
 
Cloud-to-Intranet messaging by Force.com Streaming API
Cloud-to-Intranet messaging by Force.com Streaming APICloud-to-Intranet messaging by Force.com Streaming API
Cloud-to-Intranet messaging by Force.com Streaming APIShinichi Tomita
 
Maxbox starter18
Maxbox starter18Maxbox starter18
Maxbox starter18Max Kleiner
 
MongoDB World 2018: Multi-Channel Distributed Chatbots on MongoDB
MongoDB World 2018: Multi-Channel Distributed Chatbots on MongoDBMongoDB World 2018: Multi-Channel Distributed Chatbots on MongoDB
MongoDB World 2018: Multi-Channel Distributed Chatbots on MongoDBMongoDB
 
YOLANDA BURITICA ARIZA
YOLANDA BURITICA ARIZAYOLANDA BURITICA ARIZA
YOLANDA BURITICA ARIZAardillita1
 
Virus
VirusVirus
Virusjorgebiker18
 
Lista de posibles edificios - Ejercicio I
Lista de posibles edificios - Ejercicio ILista de posibles edificios - Ejercicio I
Lista de posibles edificios - Ejercicio Iahumm
 
LA TECNOLOGÍA COMO HERRAMIENTA PARA RENTABILIZAR LA GESTIÓN DE LOS NEGOCIOS T...
LA TECNOLOGÍA COMO HERRAMIENTA PARA RENTABILIZAR LA GESTIÓN DE LOS NEGOCIOS T...LA TECNOLOGÍA COMO HERRAMIENTA PARA RENTABILIZAR LA GESTIÓN DE LOS NEGOCIOS T...
LA TECNOLOGÍA COMO HERRAMIENTA PARA RENTABILIZAR LA GESTIÓN DE LOS NEGOCIOS T...Juan Miguel Moreno Magaña
 
Guia de laboratorio taller 10
Guia de laboratorio taller 10Guia de laboratorio taller 10
Guia de laboratorio taller 10Juliana Marin
 
La historia oculta de la ciudad de La Plata - Gualberto Reynal
La historia oculta de la ciudad de La Plata - Gualberto ReynalLa historia oculta de la ciudad de La Plata - Gualberto Reynal
La historia oculta de la ciudad de La Plata - Gualberto ReynalNestor Bookman
 
Nociones de prospectiva - Centro de productividad del Tolima
Nociones de prospectiva - Centro de productividad del TolimaNociones de prospectiva - Centro de productividad del Tolima
Nociones de prospectiva - Centro de productividad del TolimaJuan Felipe Herrera
 
Grandes Calles - Allan Jacobs V2
Grandes Calles - Allan Jacobs V2Grandes Calles - Allan Jacobs V2
Grandes Calles - Allan Jacobs V2Proyectar Ciudad
 
Incorporate, don't alieante, Shadow IT
Incorporate, don't alieante, Shadow ITIncorporate, don't alieante, Shadow IT
Incorporate, don't alieante, Shadow ITGravitant, Inc.
 
5 Grandes Tendencias del Mobile World Congress 2016
5 Grandes Tendencias del Mobile World Congress 20165 Grandes Tendencias del Mobile World Congress 2016
5 Grandes Tendencias del Mobile World Congress 2016Nunkyworld
 
Enterprise Cloud Suite- The Cisco ONE Story!- FINAL (Edited)
Enterprise Cloud Suite- The Cisco ONE Story!- FINAL (Edited)Enterprise Cloud Suite- The Cisco ONE Story!- FINAL (Edited)
Enterprise Cloud Suite- The Cisco ONE Story!- FINAL (Edited)Farhan Mohamed,CCIE DC(w) ITIL® v3
 
Semana de Internet: Internet en el mundo 2016
Semana de Internet: Internet en el mundo 2016Semana de Internet: Internet en el mundo 2016
Semana de Internet: Internet en el mundo 2016Nunkyworld
 
Y Wikipedia, ¿cómo lo haría?
Y Wikipedia, ¿cómo lo haría?Y Wikipedia, ¿cómo lo haría?
Y Wikipedia, ¿cómo lo haría?Startcoaching
 

More Related Content

What's hot

Esp32 bluetooth networking_user_guide_en
Esp32 bluetooth networking_user_guide_enEsp32 bluetooth networking_user_guide_en
Esp32 bluetooth networking_user_guide_enShubham Jaiswal
 
Skype and icq referat final - copy
Skype and icq referat final - copySkype and icq referat final - copy
Skype and icq referat final - copyMatej Kostroš
 
Eternal blue Vulnerability
Eternal blue VulnerabilityEternal blue Vulnerability
Eternal blue Vulnerabilitykandelrc
 
Advance Java-Network Programming
Advance Java-Network ProgrammingAdvance Java-Network Programming
Advance Java-Network Programmingashok hirpara
 
Cloud-to-Intranet messaging by Force.com Streaming API
Cloud-to-Intranet messaging by Force.com Streaming APICloud-to-Intranet messaging by Force.com Streaming API
Cloud-to-Intranet messaging by Force.com Streaming APIShinichi Tomita
 
Maxbox starter18
Maxbox starter18Maxbox starter18
Maxbox starter18Max Kleiner
 
MongoDB World 2018: Multi-Channel Distributed Chatbots on MongoDB
MongoDB World 2018: Multi-Channel Distributed Chatbots on MongoDBMongoDB World 2018: Multi-Channel Distributed Chatbots on MongoDB
MongoDB World 2018: Multi-Channel Distributed Chatbots on MongoDBMongoDB
 

What's hot (9)

Esp32 bluetooth networking_user_guide_en
Esp32 bluetooth networking_user_guide_enEsp32 bluetooth networking_user_guide_en
Esp32 bluetooth networking_user_guide_en
 
Skype and icq referat final - copy
Skype and icq referat final - copySkype and icq referat final - copy
Skype and icq referat final - copy
 
Chapter 6-Remoting
Chapter 6-RemotingChapter 6-Remoting
Chapter 6-Remoting
 
Eternal blue Vulnerability
Eternal blue VulnerabilityEternal blue Vulnerability
Eternal blue Vulnerability
 
Socket
SocketSocket
Socket
 
Advance Java-Network Programming
Advance Java-Network ProgrammingAdvance Java-Network Programming
Advance Java-Network Programming
 
Cloud-to-Intranet messaging by Force.com Streaming API
Cloud-to-Intranet messaging by Force.com Streaming APICloud-to-Intranet messaging by Force.com Streaming API
Cloud-to-Intranet messaging by Force.com Streaming API
 
Maxbox starter18
Maxbox starter18Maxbox starter18
Maxbox starter18
 
MongoDB World 2018: Multi-Channel Distributed Chatbots on MongoDB
MongoDB World 2018: Multi-Channel Distributed Chatbots on MongoDBMongoDB World 2018: Multi-Channel Distributed Chatbots on MongoDB
MongoDB World 2018: Multi-Channel Distributed Chatbots on MongoDB
 

Viewers also liked

YOLANDA BURITICA ARIZA
YOLANDA BURITICA ARIZAYOLANDA BURITICA ARIZA
YOLANDA BURITICA ARIZAardillita1
 
Lista de posibles edificios - Ejercicio I
Lista de posibles edificios - Ejercicio ILista de posibles edificios - Ejercicio I
Lista de posibles edificios - Ejercicio Iahumm
 
LA TECNOLOGÍA COMO HERRAMIENTA PARA RENTABILIZAR LA GESTIÓN DE LOS NEGOCIOS T...
LA TECNOLOGÍA COMO HERRAMIENTA PARA RENTABILIZAR LA GESTIÓN DE LOS NEGOCIOS T...LA TECNOLOGÍA COMO HERRAMIENTA PARA RENTABILIZAR LA GESTIÓN DE LOS NEGOCIOS T...
LA TECNOLOGÍA COMO HERRAMIENTA PARA RENTABILIZAR LA GESTIÓN DE LOS NEGOCIOS T...Juan Miguel Moreno Magaña
 
Guia de laboratorio taller 10
Guia de laboratorio taller 10Guia de laboratorio taller 10
Guia de laboratorio taller 10Juliana Marin
 
La historia oculta de la ciudad de La Plata - Gualberto Reynal
La historia oculta de la ciudad de La Plata - Gualberto ReynalLa historia oculta de la ciudad de La Plata - Gualberto Reynal
La historia oculta de la ciudad de La Plata - Gualberto ReynalNestor Bookman
 
Nociones de prospectiva - Centro de productividad del Tolima
Nociones de prospectiva - Centro de productividad del TolimaNociones de prospectiva - Centro de productividad del Tolima
Nociones de prospectiva - Centro de productividad del TolimaJuan Felipe Herrera
 
Grandes Calles - Allan Jacobs V2
Grandes Calles - Allan Jacobs V2Grandes Calles - Allan Jacobs V2
Grandes Calles - Allan Jacobs V2Proyectar Ciudad
 
Incorporate, don't alieante, Shadow IT
Incorporate, don't alieante, Shadow ITIncorporate, don't alieante, Shadow IT
Incorporate, don't alieante, Shadow ITGravitant, Inc.
 
5 Grandes Tendencias del Mobile World Congress 2016
5 Grandes Tendencias del Mobile World Congress 20165 Grandes Tendencias del Mobile World Congress 2016
5 Grandes Tendencias del Mobile World Congress 2016Nunkyworld
 
Semana de Internet: Internet en el mundo 2016
Semana de Internet: Internet en el mundo 2016Semana de Internet: Internet en el mundo 2016
Semana de Internet: Internet en el mundo 2016Nunkyworld
 
Y Wikipedia, ¿cómo lo haría?
Y Wikipedia, ¿cómo lo haría?Y Wikipedia, ¿cómo lo haría?
Y Wikipedia, ¿cómo lo haría?Startcoaching
 
Informe. Segundo Simposio Nacional de Formación con Calidad y Pertinencia
Informe. Segundo Simposio Nacional de Formación con Calidad y PertinenciaInforme. Segundo Simposio Nacional de Formación con Calidad y Pertinencia
Informe. Segundo Simposio Nacional de Formación con Calidad y PertinenciaJuan Felipe Herrera
 
La modernidad en latinoamérica y sus primeras manifestaciones.
La modernidad en latinoamérica y sus primeras manifestaciones.La modernidad en latinoamérica y sus primeras manifestaciones.
La modernidad en latinoamérica y sus primeras manifestaciones.Victor Diaz
 
Aprendizaje invisible
Aprendizaje invisibleAprendizaje invisible
Aprendizaje invisibleteresitbar
 
Documentos primaria-sesiones-unidad04-sexto grado-integrados-6g-u4-sesion12
Documentos primaria-sesiones-unidad04-sexto grado-integrados-6g-u4-sesion12Documentos primaria-sesiones-unidad04-sexto grado-integrados-6g-u4-sesion12
Documentos primaria-sesiones-unidad04-sexto grado-integrados-6g-u4-sesion12Teresa Clotilde Ojeda Sánchez
 
Tendencias Turismo Internacional
Tendencias Turismo InternacionalTendencias Turismo Internacional
Tendencias Turismo InternacionalNunkyworld
 

Viewers also liked (20)

YOLANDA BURITICA ARIZA
YOLANDA BURITICA ARIZAYOLANDA BURITICA ARIZA
YOLANDA BURITICA ARIZA
 
Virus
VirusVirus
Virus
 
Lista de posibles edificios - Ejercicio I
Lista de posibles edificios - Ejercicio ILista de posibles edificios - Ejercicio I
Lista de posibles edificios - Ejercicio I
 
LA TECNOLOGÍA COMO HERRAMIENTA PARA RENTABILIZAR LA GESTIÓN DE LOS NEGOCIOS T...
LA TECNOLOGÍA COMO HERRAMIENTA PARA RENTABILIZAR LA GESTIÓN DE LOS NEGOCIOS T...LA TECNOLOGÍA COMO HERRAMIENTA PARA RENTABILIZAR LA GESTIÓN DE LOS NEGOCIOS T...
LA TECNOLOGÍA COMO HERRAMIENTA PARA RENTABILIZAR LA GESTIÓN DE LOS NEGOCIOS T...
 
Guia de laboratorio taller 10
Guia de laboratorio taller 10Guia de laboratorio taller 10
Guia de laboratorio taller 10
 
La historia oculta de la ciudad de La Plata - Gualberto Reynal
La historia oculta de la ciudad de La Plata - Gualberto ReynalLa historia oculta de la ciudad de La Plata - Gualberto Reynal
La historia oculta de la ciudad de La Plata - Gualberto Reynal
 
Nociones de prospectiva - Centro de productividad del Tolima
Nociones de prospectiva - Centro de productividad del TolimaNociones de prospectiva - Centro de productividad del Tolima
Nociones de prospectiva - Centro de productividad del Tolima
 
Grandes Calles - Allan Jacobs V2
Grandes Calles - Allan Jacobs V2Grandes Calles - Allan Jacobs V2
Grandes Calles - Allan Jacobs V2
 
Incorporate, don't alieante, Shadow IT
Incorporate, don't alieante, Shadow ITIncorporate, don't alieante, Shadow IT
Incorporate, don't alieante, Shadow IT
 
5 Grandes Tendencias del Mobile World Congress 2016
5 Grandes Tendencias del Mobile World Congress 20165 Grandes Tendencias del Mobile World Congress 2016
5 Grandes Tendencias del Mobile World Congress 2016
 
Enterprise Cloud Suite- The Cisco ONE Story!- FINAL (Edited)
Enterprise Cloud Suite- The Cisco ONE Story!- FINAL (Edited)Enterprise Cloud Suite- The Cisco ONE Story!- FINAL (Edited)
Enterprise Cloud Suite- The Cisco ONE Story!- FINAL (Edited)
 
Semana de Internet: Internet en el mundo 2016
Semana de Internet: Internet en el mundo 2016Semana de Internet: Internet en el mundo 2016
Semana de Internet: Internet en el mundo 2016
 
Y Wikipedia, ¿cómo lo haría?
Y Wikipedia, ¿cómo lo haría?Y Wikipedia, ¿cómo lo haría?
Y Wikipedia, ¿cómo lo haría?
 
Informe. Segundo Simposio Nacional de Formación con Calidad y Pertinencia
Informe. Segundo Simposio Nacional de Formación con Calidad y PertinenciaInforme. Segundo Simposio Nacional de Formación con Calidad y Pertinencia
Informe. Segundo Simposio Nacional de Formación con Calidad y Pertinencia
 
La modernidad en latinoamérica y sus primeras manifestaciones.
La modernidad en latinoamérica y sus primeras manifestaciones.La modernidad en latinoamérica y sus primeras manifestaciones.
La modernidad en latinoamérica y sus primeras manifestaciones.
 
PROYECTO
PROYECTOPROYECTO
PROYECTO
 
Aprendizaje invisible
Aprendizaje invisibleAprendizaje invisible
Aprendizaje invisible
 
Documentos primaria-sesiones-unidad04-sexto grado-integrados-6g-u4-sesion12
Documentos primaria-sesiones-unidad04-sexto grado-integrados-6g-u4-sesion12Documentos primaria-sesiones-unidad04-sexto grado-integrados-6g-u4-sesion12
Documentos primaria-sesiones-unidad04-sexto grado-integrados-6g-u4-sesion12
 
Tendencias Turismo Internacional
Tendencias Turismo InternacionalTendencias Turismo Internacional
Tendencias Turismo Internacional
 
Firearms Presentation
Firearms PresentationFirearms Presentation
Firearms Presentation
 

Similar to Messenger Secret Conversations Technical Whitepaper

messenger-secret-conversations-technical-whitepaper (1).pdf
messenger-secret-conversations-technical-whitepaper (1).pdfmessenger-secret-conversations-technical-whitepaper (1).pdf
messenger-secret-conversations-technical-whitepaper (1).pdfShyamMalla3
 
WhatsApp End to End encryption
WhatsApp End to End encryptionWhatsApp End to End encryption
WhatsApp End to End encryptionVenkatesh Kariappa
 
unit - III.pptx
unit - III.pptxunit - III.pptx
unit - III.pptxsandyBS
 
WhatsApp Encryption Overview, Whitepaper
WhatsApp Encryption Overview, WhitepaperWhatsApp Encryption Overview, Whitepaper
WhatsApp Encryption Overview, WhitepaperMarco Antúnez Piña
 
Secure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwardingSecure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwardingAli Habeeb
 
Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network securityMazin Alwaaly
 
Cracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloudCracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloudFotios Lindiakos
 
Whats app security-whitepaper
Whats app security-whitepaperWhats app security-whitepaper
Whats app security-whitepaperPanashe Matsaudza
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
White box crytography in an insecure enviroment
White box crytography in an insecure enviromentWhite box crytography in an insecure enviroment
White box crytography in an insecure enviromentIqra khalil
 
Secure instant messanger service
Secure instant messanger serviceSecure instant messanger service
Secure instant messanger serviceAditya Gupta
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash functionomarShiekh1
 
Connecting mq&kafka
Connecting mq&kafkaConnecting mq&kafka
Connecting mq&kafkaMatt Leming
 

Similar to Messenger Secret Conversations Technical Whitepaper (20)

messenger-secret-conversations-technical-whitepaper (1).pdf
messenger-secret-conversations-technical-whitepaper (1).pdfmessenger-secret-conversations-technical-whitepaper (1).pdf
messenger-secret-conversations-technical-whitepaper (1).pdf
 
WhatsApp End to End encryption
WhatsApp End to End encryptionWhatsApp End to End encryption
WhatsApp End to End encryption
 
unit - III.pptx
unit - III.pptxunit - III.pptx
unit - III.pptx
 
Unit 3
Unit 3Unit 3
Unit 3
 
Email security
Email securityEmail security
Email security
 
WhatsApp Encryption Overview, Whitepaper
WhatsApp Encryption Overview, WhitepaperWhatsApp Encryption Overview, Whitepaper
WhatsApp Encryption Overview, Whitepaper
 
Whats app security-whitepaper
Whats app security-whitepaperWhats app security-whitepaper
Whats app security-whitepaper
 
Secure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwardingSecure erasure code based distributed storage system with secure data forwarding
Secure erasure code based distributed storage system with secure data forwarding
 
Information and data security cryptography and network security
Information and data security cryptography and network securityInformation and data security cryptography and network security
Information and data security cryptography and network security
 
Cracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloudCracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloud
 
Whats app security-whitepaper
Whats app security-whitepaperWhats app security-whitepaper
Whats app security-whitepaper
 
Lec 3.pptx
Lec 3.pptxLec 3.pptx
Lec 3.pptx
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
 
White box crytography in an insecure enviroment
White box crytography in an insecure enviromentWhite box crytography in an insecure enviroment
White box crytography in an insecure enviroment
 
Secure instant messanger service
Secure instant messanger serviceSecure instant messanger service
Secure instant messanger service
 
Message authentication and hash function
Message authentication and hash functionMessage authentication and hash function
Message authentication and hash function
 
Connecting mq&kafka
Connecting mq&kafkaConnecting mq&kafka
Connecting mq&kafka
 
Network Security CS2
Network Security CS2Network Security CS2
Network Security CS2
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
 
S/MIME
S/MIMES/MIME
S/MIME
 

Recently uploaded

NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 

Recently uploaded (20)

NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 

Messenger Secret Conversations Technical Whitepaper

  • 1. CMYK / .eps Facebook “f” Logo CMYK / .eps Messenger Secret Conversations Technical Whitepaper July 8, 2016
  • 2. messenger secret conversations technical whitepaper 2 Contents Introduction 3 Transport Protocol Overview 4 Abuse Reporting 8 Message Storage 10 Conclusion 11
  • 3. messenger secret conversations technical whitepaper 3 Introduction In this document we provide a brief technical overview of Secret Conversations — a specialized conversation mode within Face- book Messenger. Secret Conversations provides end-to-end encryption for messages using keys that are only available on users’ devices. Secret Conversations is a distinct conversation mode inside Facebook Messenger. Individual secret conversations are displayed as separate threads in Messenger and share many UX elements with regular Messenger conversations. However, Secret Conversa- tions uses a different transport protocol, specialised on-device stor- age and separate back-end infrastructure. The Secret Conversations threat model considers the com- promise of server and networking infrastructure used by Messenger — Facebook’s included. Attempts to obtain message plaintext or fal- sify messages by Facebook or network providers result in explicit warnings to the user. We assume however that clients are working as designed, e.g. that they are not infected with malware. Secret Conversations relies upon the Signal Protocol. Messen- ger uses Signal Protocol’s implementation as available in the open- source libsignal-protocol-java and libsignal-protocol-c libraries for Android and iOS respectively. Secret Conversations also incorporates new abuse-reporting features which are not present other platforms which use the Signal Protocol. In this document we describe Secret Conversations, starting with the transport protocol. We will then cover abuse reporting and close with how we handle on-device storage.
  • 4. messenger secret conversations technical whitepaper 4 Transport Protocol Overview Secret Conversations is a device-to-device conversation mode. Messages are only accessible from the two devices which participate in a conversation. This differs from regular Messenger conversations where users are typically logged in with the same Facebook account in multiple devices and browser instances. Instead, to use Secret Conversations users designate a preferred device upon which their secret conversations will be available, e.g. their primary phone. Keys Each device manages various cryptographic keys. All keys are gener- ated or derived on-device. Private keys are never sent to Facebook. Public keys All public key operations use Curve25519. Each device uses the following public-secret keypairs: • The Identity Key keypair (IKpk, IKsk). This is a long-term keypair which is generated the first time Messenger runs. • The Signed Pre-Key keypair (SPKpk, SPKsk). This is a medium-term keypair which is rotated periodically. It is signed by IKsk. • The One-Time Pre-Key keypairs (OTPKpk, OTPKsk). These keypairs are generated in batches by clients. They facilitate asynchronous conversation initiation. • The Ephemeral Key keypairs (EKpk, EKsk). A new ephemeral keypair is generated for each round of communication within a secret conversation and is subsequently discarded. Session keys When starting a secret conversation the participating devices derive symmetric session keys. These are: • The Root Key (RK) is a 256-bit key which is used to derive Chain Keys in the Signal Protocol ratchets.
  • 5. messenger secret conversations technical whitepaper 5 • Chain Keys (CK) are each 256-bit values which are used to derive Message Keys. • Message Keys (MK) are each 640-bit values which consist of 256 bits for an AES-256 key, 256 bits for an HMAC·SHA256 key, and 128 bits for an Initialization Vector (IV) for AES-CBC encryption. When a Messenger initialises Secret Conversations it gen- erates and then uploads to Facebook its permanent IKpk and the current SPKpk. It also generates a batch of one-time pre-key keypairs and uploads their public parts to Facebook. Conversation Initiation Each secret conversation consists of two devices: one Initiator de- vice and one Responder device (I and R respectively). Let HKDF be a secure hash-based key derivation function, and ECDH indicate the elliptic curve Diffie-Hellman function applied to a secret and public key. To create a new conversation: 1. The Initiator obtains from Facebook IKR pk, SPKR pk and OTPKR pk for one one-time pre-key keypair generated by the Responder device. 2. Facebook deletes OTPKR pk from the Responder’s list of available one-time pre-keys. 3. The Initiator generates a fresh ephemeral keypair (EKI pk, EKI sk). 4. The Initiator now computes the first root key RK as follows: a = ECDH(IKI sk, SPKR pk), b = ECDH(EKI sk, IKR pk) c = ECDH(EKI sk, SPKR pk), d = ECDH(EKI sk, OTPKR pk) RK = HKDF(a||b||c||d) Using the RK the Initiator can calculate the first CK and MK (as described next) and use those to start sending messages. 5. The Initiator sends the first encrypted message to the Responder, including the fresh EKI pk it generated previously. Upon receiving the first encrypted message the Responder: 1. Recomputes RK as above by performing the four ECDH operations using the other part of the same keypairs available locally. 2. Recomputes the first CK and MK, and decrypts the message. 3. Deletes (OTPKR pk,OTPKR sk) from its local storage.
  • 6. messenger secret conversations technical whitepaper 6 Message exchange Each message in Secret Conversations is encrypted with AES·CBC and authenticated using HMAC·SHA256. The unique MK is derived from the current CK and RK. Their first value is: CK = RK MK = HKDF(CK) In each message exchange, the sender generates a fresh ephemeral keypair (EKsender pk , EKsender sk ) and includes the public part in the out- going message. The recipient calculates the current MK value using EKsender pk and can decrypt the message. It too then generates a fresh ephemeral keypair (EKreceiver pk , EKreceiver sk ) and derives new keys RK , CK and MK for use with the next response by updating the previous symmetric key values as follows: RK , CK = HKDF(ECDH(EKreceiver sk , EKsender pk )) MK = HKDF(CK ) If a second message is sent before the opposing party responds, the sender uses a new chain key CK = HKDF(CK) and a corresponding MK = HKDF(CK ). The Signal Protocol’s implementation is open-source and available at https://github.com/whispersystems/libsignal-protocol-java/. Image Attachments If a message includes images they are encrypted and uploaded to Facebook. For each image, the sender: 1. Generates a pseudorandom 256-bit AES key K and a 96-bit pseu- dorandom Initialization Vector IV. 2. Encrypts the image using AES-GCM1 encryption using K and IV. 1 Messenger uses the AES-GCM imple- mentation provided by OpenSSL. On Android, Messenger employs Conceal. Conceal is open-source and available at https://facebook.github.io/conceal/ The IV is placed into the header (Associated Data) of the GCM encryption. The IV and the GCM authentication tag are attached to the resulting ciphertext to form the encrypted file. 3. Computes a SHA256 hash H of the resulting encrypted file and uploads the file to Facebook. The sender obtains a unique identi- fier for future retrieval. 4. Encodes the unique identifier, K, H, image metadata, and an op- tional thumbnail into a message. The message is encrypted and sent to the recipient who downloads the content, verifies the hash H, and decrypts the file using K.
  • 7. messenger secret conversations technical whitepaper 7 Stickers Stickers are images chosen from a set of collections hosted by Face- book. Each sticker is referenced by a unique identifier. The sender chooses a sticker to attach in a conversation from a set of sticker pre- views available in the message composer. The sender then sends the corresponding sticker identifier as an encrypted message to the re- cipient. Unless the sticker file is available locally, both the sender and the receiver submit the sticker identifier to Facebook and download the corresponding sticker file. Facebook may infer the use of individ- ual stickers when they are first used on a device but devices cache sticker files and avoid repeat fetches if a sticker is later reused. Conversation Metadata During a secret conversation, devices generate metadata such as de- livery and read receipts to indicate successful message transmission and display, respectively. Conversation metadata such as delivery and read receipts do not contain message plaintext and are not end- to-end encrypted. Key Verification For every secret conversation Messenger exposes in its interface both participants’ identity keys (i.e. IKpk). Users may optionally verify these keys in order to ensure no man-in-the-middle attack is compro- mising their secret conversations. Messenger displays the 256-bit IKpk values in hexadecimal format. Device Switchover At any point a user may designate a new preferred device to use with Secret Conversations. Existing messages or cryptographic keys are not transferred to the new preferred device. Facebook re- sponds with a message-bounced error to any future messages sent to the old preferred device by users with pre-established secret con- versations. Senders that receive such bounces initiate a new secret conversation with the new preferred device and display identity-key- changed warnings to the user2. Messenger does not automatically 2 In the sender device Messenger automatically merges the two secret conversations into a single thread. resend bounced messages to the new preferred device — an explicit resend action from the user is required.
  • 8. messenger secret conversations technical whitepaper 8 Abuse Reporting A participant in a secret conversation may voluntarily notify Face- book of abusive content3. Facebook uses such reports to identify 3 The user interface for abuse reporting is currently under development.users who violate Facebook’s terms of service. The ability to report abuse does not represent a relaxation of the end-to-end encryption guarantees of Secret Conversations. Face- book will never have access to plaintext messages unless one partici- pant in a secret conversation voluntarily reports the conversation. Secret Conversations includes a mechanism to perform “franking” of messages sent through Facebook. This mechanism is analogous to placing a cryptographic stamp on the message, without learning the message content. Franking The franking mechanism must satisfy three main guarantees: au- thenticity, confidentiality and third-party deniability. The authenticity property ensures that if a user submits an report then the message must have legitimately originated from the sender’s device. The con- fidentiality property ensures that no outside party — including Face- book — should learn the content of a message unless a participant in a secret conversation voluntarily shares that information. Finally, the third-party deniability property ensures that no party outside of Facebook can cryptographically determine the validity of a report. Franking tag Authenticity for messages in a secret conversation is provided by the Franking tag TF. Senders must send the Franking tag along with each encrypted message. To compute TF, the sender first generates a 256-bit random nonce NF. NF is added to the unen- crypted message being transmitted. Next, the entire data structure is serialized into a string M, and TF is computed as: TF = HMAC·SHA256(NF, M) NF remains within the serialised, encrypted data sent to the recipient. The sender destroys any other copies of NF after transmission. TF is
  • 9. messenger secret conversations technical whitepaper 9 transmitted to Facebook along with each encrypted message. Franking messages When Facebook receives TF, it uses a Facebook key KF to compute the Reporting tag RF over TF and conversation context (e.g., sender and recipient identifiers, timestamp) as: RF = HMAC·SHA256(KF, TF context) Both TF and RF are sent to the recipient along with the encrypted message. The recipient decrypts the ciphertext, parses the resulting plaintext to obtain NF, and verifies the structure of TF prior to dis- playing the message. If TF is not verified then the recipient discards the message without displaying it. The recipient stores the message M, NF, TF, RF and context in its local storage. Reporting abuse To report abuse, the recipient of a message submits to Facebook the full serialized message plaintext, RF, NF, and context. Upon receiving this message Facebook first recomputes TF and then validates RF using the provided information as well as its internal key KF. Security and Privacy The authenticity properties of the franking mechanism are based on reasonable assumptions about the collision- resistance of the SHA256 hash function and the unforgeability of HMAC·SHA256. Authenticity In order to “forge” invalid content M , a user must either (a) produce a forged HMAC tag under Facebook’s key KF, or (b), identify a collision NF , M , context such that the HMAC of these values is equal to the HMAC of a different valid message M sent through Facebook. Confidentiality Similarly, under reasonable assumptions about HMAC·SHA256, the resulting tag reveals no information about the message to Facebook or to eavesdroppers. Third-party deniability The guarantee holds under the assumption that HMAC·SHA256 is a pseudorandom function and that KF is never publicly revealed. Facebook rotates KF periodically.
  • 10. messenger secret conversations technical whitepaper 10 Message Storage Secret Conversations plaintext messages are stored permanently only on the devices that participate in each conversation. Plaintext messages are protected using on-device symmetric-key encryption and optional Disappearing Messages functionality. On-device encryption ensures that messages stored permanently on a particular device are only accessible while a user is authenti- cated to Facebook. Messenger allows users to switch accounts. While a second user is logged in to a particular device messages of the first user should not be accessible. However, when the first user returns to the same device they should find their messages intact. To fulfill these requirements, clients employ two encryption keys: Klocal and Kremote. Both these keys are used for AES-GCM encryp- tion. Klocal is generated on-device and never leaves the device it was generated on. It is used to encrypt plaintext messages before these are stored permanently on a device. Kremote is a long-term, user- specific key held on Facebook and delivered to the device when a user authenticates. It is used to encrypt Klocal in local storage4. When 4 Kremote is currently only available and used to encrypt Klocal on Android. On iOS the feature is under development. Messenger switches accounts the device persists an encrypted version of Klocal and erases Kremote. Upon successful reauthentication the de- vice obtains Kremote from Facebook, uses it to decrypt Klocal and gains access to messages. On iOS, database files are protected using the filesystem protection level FileProtectionComplete. This ensures that database files can no longer be accessed shortly after the user locks their device. The key used for local storage, i.e. Klocal, is stored in keychain using the kSecAttrAccessibleWhenUnlockedThisDeviceOnly attribute. Disappearing Messages ensures that messages are no longer visible within a selected time after they are sent or received. In Dis- appearing Messages a timeout value is added to the message data structure before serialisation and encryption. Both devices automati- cally hide messages that specify a timeout once the message timeout has elapsed. The actual deletion of message plaintext from local stor- age occurs shortly after each message has expired5 in order to enable 5 Messages are currently deleted imme- diately after expiration. An additional timeout will be introduced once abuse reporting becomes available. abuse reporting in the interim.
  • 11. messenger secret conversations technical whitepaper 11 Conclusion Secret Conversations is a new conversation mode in Messenger. Messages in Secret Conversations are encrypted end-to-end between the sender and the recipient using the Signal Protocol and its open-source implementations. Third parties — Facebook included — do not have access to message plaintext and messages can only be decrypted by their intended recipient. Users may inspect the identity keys used for end-to-end encryption and verify the confidentiality and authenticity of their communications. Decrypted messages do not leave the devices that participate in the conversation. Users retain the ability to report abusive content to Facebook.