![]() ![]() Protocol OverviewĪ faithful implementation of the Wickr Secure Messaging Protocol provides the following services: Wickr cannot reveal what it doesn’t know this is the strength of Wickr’s “ignorance by design” and the foundational principle from which the protocol was designed. It is in this case that Wickr’s architectural security approach comes into its own. Such opponents might conceivably be overt criminals who break into a Wickr server room and perhaps take the staff hostage but they are more likely to be police armed with a court order requiring staff assistance. The most threatening opponents are those who can take physical control of Wickr’s systems and perhaps demand the cooperation and assistance of Wickr personnel. Therefore Wickr also attempts to avoid knowing anything it does not need to carry out its operations. Wickr counters these attacks with operating system security, firewalls, and other measures, but is ultimately aware that such techniques have failed in the past and may at some point fail again. Attacks of this kind have been common for a decade and are likely to continue. The next most numerous class of opponents are probably system penetrators, people who attack Wickr servers, or perhaps even the users themselves, by communications that do not pass primarily through Wickr systems. By definition their actions are taken through Wickr systems and thus subject to some degree of control by Wickr. ![]() Generally, other Wickr users are the most common form of opponent but the least powerful. Other users may reasonably or unreasonably be interested in acquiring information whether its owner wanted to share it with them or not. A user wants to share some information with some users, other information with other users, and perhaps some with nobody. The most common application of the concept of opponent will be to other Wickr users. Opposition to this objective may come from a variety of directions. There are a variety of properties that can be demanded in order to call a system “secure.” At minimum it means that the system provides authenticity and confidentiality: no unauthorized party can inject a message into the system and no unintended party can get to understand the communications without being given them by one of the correspondents. The primary objective of the Wickr Secure Messaging Protocol is to provide secure communication between two or more correspondents. This infographic is designed as a high level visualization of the Wickr Messaging Protocol. Full technical detail can be obtained by reviewing the source code, which is available for review here. while also providing value to a wider audience of users and interested parties. Our goal is to offer enough technical detail to allow security experts and cryptographers to observe the protocol’s security design, use of cryptographic primitives, etc. This document is intended as a summary of the protocol and an aid to those who wish to audit the source code. It is a method for sending messages with a set of security properties that we will explore in what follows. The Wickr Secure Messaging Protocol provides a platform for secure communications. Special thanks to Whitfield Diffie, Paul Kocher, Dan Kaminsky, Adam Shostack, Scott Stender & Jesse Burns for reviewing this paper and/or code and providing their insightful comments and invaluable advice. ![]() This White Paper describes a method for sending messages with a set of security properties afforded by our core messaging protocol.Īuthors: Chris Howell, Tom Leavy & Joël Alwen ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |