Signal (software)

From Infogalactic: the planetary knowledge core
Jump to: navigation, search
Signal
100px100px
Signal for iOS and Android, respectively
Developer(s) Open Whisper Systems and contributors
Initial release July 2014 (2014-07)[1]
Stable release Android 3.16.0 (May 29, 2016; 8 years ago (2016-05-29)[2]) [±]
iOS 2.2 (November 10, 2015; 8 years ago (2015-11-10)[3]) [±]
Preview release Chrome app 0.13.0 (May 26, 2016; 8 years ago (2016-05-26)[4]) [±]
Development status Active
Operating system <templatestyles src="Plainlist/styles.css"/>
Available in 31 languages
Type Encrypted voice calling and instant messaging
License GPLv3[5][6][7]
Website whispersystems.org

Signal is a free and open-source encrypted voice calling and instant messaging application for Android and iOS. It uses end-to-end encryption to secure all communications to other Signal users. Signal can be used to send and receive encrypted instant messages, group messages, attachments and media messages. Users can independently verify the identity of their messaging correspondents by comparing key fingerprints out-of-band. During calls, users can check the integrity of the data channel by checking if two words match on both ends of the call. A Chrome app that can link with a Signal client is also in development.

Signal is developed by Open Whisper Systems and is published under the GPLv3 license.

History

Background (2010–2013)

Signal is the successor of an encrypted voice calling app called RedPhone and an encrypted texting program called TextSecure. The beta versions of RedPhone and TextSecure were first launched in May 2010 by Whisper Systems,[8] a startup company co-founded by security researcher Moxie Marlinspike and roboticist Stuart Anderson.[9][10] Whisper Systems also produced a firewall and tools for encrypting other forms of data.[9][11] All of these were proprietary enterprise mobile security software and were only available for Android.

In November 2011, Whisper Systems announced that it had been acquired by Twitter. The financial terms of the deal were not disclosed by either company.[12] The acquisition was done "primarily so that Mr. Marlinspike could help the then-startup improve its security".[13] Shortly after the acquisition, Whisper Systems' RedPhone service was made unavailable.[14] Some criticized the removal, arguing that the software was "specifically targeted [to help] people under repressive regimes" and that it left people like the Egyptians in "a dangerous position" during the events of the 2011 Egyptian revolution.[15]

Twitter released TextSecure as free and open-source software under the GPLv3 license in December 2011.[9][16][17][18] RedPhone was also released under the same license in July 2012.[19] Marlinspike later left Twitter and founded Open Whisper Systems as a collaborative Open Source project for the continued development of TextSecure and RedPhone.[1][20]

Open Whisper Systems (2013–present)

File:Signal timeline.svg
A timeline of the development of Signal.
a) Addition of encrypted group chat and instant messaging capabilities.
b) End of encrypted SMS/MMS messaging, which prompted the creation of a fork.
c) RedPhone merged into TextSecure and it was renamed as Signal.
d) Signal as a RedPhone counterpart for iOS.
e) Addition of encrypted group chat and instant messaging capabilities.

Open Whisper Systems' website was launched in January 2013.[20]

In February 2014, Open Whisper Systems updated their messaging protocol to version 2, adding group chat and instant messaging capabilities.[21] Toward the end of July 2014, Open Whisper Systems announced plans to unify its RedPhone and TextSecure applications as Signal.[22] This announcement coincided with the initial release of Signal as a RedPhone counterpart for iOS. The developers said that their next steps would be to provide TextSecure instant messaging capabilities for iOS, unify the RedPhone and TextSecure applications on Android, and launch a web client.[22] Signal was the first iOS app to enable easy, strongly encrypted voice calls for free.[1][23] TextSecure compatibility was added to the iOS application in March 2015.[24][25]

From its launch in May 2010[8] until March 2015, the Android version of Signal (then called TextSecure) included support for encrypted SMS/MMS messaging.[26] From version 2.7.0 onward, the Android application only supported sending and receiving encrypted messages via the data channel.[27] Reasons for this included security flaws of SMS/MMS and problems with the key exchange.[27] Open Whisper Systems' abandonment of SMS/MMS encryption prompted some users to create a fork which was named SMSSecure and is meant solely for the exchange of encrypted SMS and MMS messages.[28][29] SMSSecure was later renamed as Silence because of a trademark conflict.[30]

In November 2015, the TextSecure and RedPhone applications on Android were merged to become Signal for Android.[31] A month later, Open Whisper Systems announced Signal Desktop, a Chrome app that can link with a Signal client.[32] As of April 7, 2016, the app is in beta and can only be linked with the Android version of Signal.[33]

Features

Signal allows users to call other Signal users on iOS and Android. All calls are made over a Wi-Fi or data connection and with the exception of data fees are free of charge, including long distance and international.[23] Signal also allows users to send group, text, picture, and video messages over a Wi-Fi or data connection to other Signal users on iOS and on Android.

All communications to other Signal users are automatically end-to-end encrypted. The keys that are used to encrypt the user's communications are generated and stored at the endpoints (i.e. by users, not by servers).[34] Signal also has built-in mechanisms for verifying that no man-in-the-middle attack has occurred. For calls, Signal displays two words on the screen. If the words match on both ends of the call, the call is secure.[23][35] For messages, Signal users can compare key fingerprints (or scan QR codes) out-of-band.[36] The app employs a trust on first use mechanism in order to notify the user if a correspondent's key changes.[36]

On Android, Signal can be used as the default SMS application, allowing the user to send and receive unencrypted SMS messages in addition to the standard end-to-end encrypted Signal messages. The iOS version of Signal can not be used as the default SMS application because of restrictions in the operating system.

The Android version of Signal allows the user to set a passphrase that encrypts the local message database and the user's encryption keys.[37] This does not encrypt the user's contact database or message timestamps.[37] The user can define a time period after which the application "forgets" the passphrase, providing an additional protection mechanism in case the phone is lost or stolen.[36] On iOS, the local message database is encrypted by the operating system if the user has a passphrase on their lock screen.

Limitations

Signal requires that the user has a phone number for verification.[38] The number does not have to be the same as on the device's SIM card; it can also be a VoIP number[38] or a landline as long as the user can receive the verification code and have a separate device to set-up the software. A number can only be registered to one device at a time.[38]

Signal also requires that the primary device is an Android or iOS based smartphone with an Internet connection. A Chrome app that can link with a Signal client is in development.[33] As of April 7, 2016, the app is in beta and can only be linked with the Android version of Signal.[33]

Android specific

Signal's official Android client requires the proprietary Google Play Services because the app is dependent on Google's GCM push messaging framework.[39] As of March 2015, Signal's message delivery has been done by Open Whisper Systems themselves and the client relies on GCM only for a wakeup event.[40]

Architecture

Encryption protocols

Signal voice calls are encrypted with the RedPhone encryption protocol, which is based on the ZRTP key-agreement protocol (developed by Phil Zimmermann) and SRTP.[1][41]

Signal instant messages are encrypted with the Signal Protocol (previously referred to as the Axolotl protocol[42]), which combines the Double Ratchet Algorithm, prekeys, and a 3-DH handshake.[43] It uses Curve25519, AES-256, and HMAC-SHA256 as primitives.[44] The protocol provides confidentiality, integrity, authentication, participant consistency, destination validation, forward secrecy, backward secrecy (aka future secrecy), causality preservation, message unlinkability, message repudiation, participation repudiation, and asynchronicity.[45] It does not provide anonymity preservation, and requires servers for the relaying of messages and storing of public key material.[45]

The group chat protocol is a combination of a pairwise double ratchet and multicast encryption.[45] In addition to the properties provided by the one-to-one protocol, the group chat protocol provides speaker consistency, out-of-order resilience, dropped message resilience, computational equality, trust equality, subgroup messaging, as well as contractible and expandable membership.[45]

In October 2014, researchers from Ruhr University Bochum published an analysis of the Signal Protocol.[46] Among other findings, they presented an unknown key-share attack on the protocol, but in general, they found that the encrypted chat client was secure.[47]

Implementations

In November 2014, Open Whisper Systems announced a partnership with WhatsApp to provide end-to-end encryption by incorporating the Signal Protocol into each WhatsApp client platform.[48] Open Whisper Systems said that they had already incorporated the protocol into the latest WhatsApp client for Android and that support for other clients, group/media messages, and key verification would be coming soon after.[49] On April 5, 2016, WhatsApp and Open Whisper Systems announced that they had finished adding end-to-end encryption to "every form of communication" on WhatsApp, and that users could now verify each others' keys.[50][51]

In May 2016, Google announced that they will be launching a new messaging app called Allo, which will feature an optional "Incognito mode" that uses the Signal Protocol for end-to-end encryption.[52] The app is due to be released in Summer 2016.[52]

Servers

Signal messages and calls are routed through Open Whisper Systems' servers. Open Whisper Systems has set up dozens of servers to handle the encrypted calls in more than 10 countries around the world to minimize latency.[1]

All client-server communications are protected by TLS.[53][41] Once the server removes this layer of encryption, each message contains either the phone number of the sender or the receiver in plaintext.[54] This metadata could in theory allow the creation of "a detailed overview on when and with whom users communicated".[54] Open Whisper Systems have asserted that their servers do not keep this metadata or any logs about who called who and when.[55]

In order to determine which contacts are also Signal users, cryptographic hashes of the user's contact numbers are periodically transmitted to the server.[56] The server then checks to see if those match any of the SHA256 hashes of registered users and tells the client if any matches are found.[56] Moxie Marlinspike has written that it is easy to calculate a map of all possible hash inputs to hash outputs and reverse the mapping because of the limited preimage space (the set of all possible hash inputs) of phone numbers, and that "practical privacy preserving contact discovery remains an unsolved problem".[56][54]

The group messaging mechanism is designed so that the servers do not have access to the membership list, group title, or group icon.[27] Instead, the creation, updating, joining, and leaving of groups is done by the clients, which deliver pairwise messages to the participants in the same way that one-to-one messages are delivered.[57][58]

Signal's server architecture was partially decentralized between December 2013 and February 2016. In December 2013, it was announced that the messaging protocol that is used in Signal had successfully been integrated into the Android-based open-source operating system CyanogenMod.[59][60][61] Since CyanogenMod 11.0, the client logic was contained in a system app called WhisperPush. According to Open Whisper Systems, the Cyanogen team ran their own Signal messaging server for WhisperPush clients, which federated with Open Whisper Systems' Signal server, so that both clients could exchange messages with each-other "seamlessly".[61] The WhisperPush source code was available under the GPLv3 license.[62] In January 2016, however, the CyanogenMod team announced that they were discontinuing WhisperPush on February 1, and recommended that its users switch to Signal.[63]

Licensing

The complete source code of the Signal clients for Android, iOS and Google Chrome are available on GitHub under a free software license.[5][6][7] This enables interested parties to examine the code and help the developers verify that everything is behaving as expected. It also allows advanced users to compile their own copies of the applications and compare them with the versions that are distributed by Open Whisper Systems. In March 2016, Moxie Marlinspike wrote that, apart from some shared libraries that aren't compiled with the project build due to a lack of Gradle NDK support, Signal for Android is reproducible.[64]

The software that handles Signal's message routing is also open source.[65] This enables anyone to examine the code. Even though it is not officially supported by Open Whisper Systems,[66] anyone can set up and host their own Signal server and messaging network.

Distribution

Signal is officially distributed only through Google Play, Apple's App Store, and the Chrome Web Store. Open Whisper Systems have declined requests to distribute the Android version of Signal through third-party distribution platforms.[39]

Signal's predecessor (TextSecure) was briefly included in the F-Droid software repository in 2012, but was removed at the developer's request because it was an unverified build and exceptionally out of date. Open Whisper Systems have subsequently said that they will not support their applications being distributed through F-Droid because it does not provide timely software updates, relies on a centralized trust model and necessitates allowing the installation of apps from unknown sources which harms Android's security for average users.[39]

Reception

In October 2014, the Electronic Frontier Foundation (EFF) included Signal in their updated surveillance self-defense guide.[67] In November 2014, "Signal / RedPhone" received a perfect score on the EFF's secure messaging scorecard;[34] they received points for having communications encrypted in transit, having communications encrypted with keys the providers don't have access to (end-to-end encryption), making it possible for users to independently verify their correspondent's identities, having past communications secure if the keys are stolen (forward secrecy), having their code open to independent review (open source), having their security designs well-documented, and having recent independent security audits.[34] As of March 13, 2016, "ChatSecure + Orbot", Pidgin (with OTR), Silent Phone, and Telegram's optional secret chats also have seven out of seven points on the scorecard.[34]

On December 28, 2014, Der Spiegel published slides from an internal NSA presentation dating to June 2012 in which the NSA deemed Signal's encrypted voice calling component (RedPhone) on its own as a "major threat" to its mission, and when used in conjunction with other privacy tools such as Cspace, Tor, Tails, and TrueCrypt was ranked as "catastrophic," leading to a "near-total loss/lack of insight to target communications, presence..."[68][69]

Former NSA contractor Edward Snowden has endorsed Signal on multiple occasions.[32] In his keynote speech at SXSW in March 2014, he praised Signal's predecessors (TextSecure and RedPhone) for their ease-of-use.[70] During an interview with The New Yorker in October 2014, he recommended using "anything from Moxie Marlinspike and Open Whisper Systems".[71] During a remote appearance at an event hosted by Ryerson University and Canadian Journalists for Free Expression in March 2015, Snowden said that Signal is "very good" and that he knew the security model.[72] Asked about encrypted messaging apps during a Reddit AMA in May 2015, he recommended Signal.[73][74] In November 2015, Snowden tweeted that he used Signal "every day".[75][31]

In September 2015, the American Civil Liberties Union called on officials at the U.S. Capitol to ensure that lawmakers and staff members have secure communications technology.[76] One of the applications that the ACLU recommended in their letter to the Senate Sergeant at Arms and to the House Sergeant at Arms was Signal, writing:

<templatestyles src="Template:Blockquote/styles.css" />

One of the most widely respected encrypted communication apps, Signal, from Open Whisper Systems, has received significant financial support from the U.S. government, has been audited by independent security experts, and is now widely used by computer security professionals, many of the top national security journalists, and public interest advocates. Indeed, members of the ACLU’s own legal department regularly use Signal to make encrypted telephone calls.[77]

Developers and funding

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

Main article: Open Whisper Systems

Signal is developed by a nonprofit software group called Open Whisper Systems.[78] The group is funded by a combination of donations and grants, and all of its products are published as free and open-source software.

The project has received financial support from, among others, the Freedom of the Press Foundation,[79] the Knight Foundation,[80] the Shuttleworth Foundation,[81] and the Open Technology Fund,[82] a U.S. government funded program that has also supported other privacy projects like the anonymity software Tor and the encrypted instant messaging website Cryptocat.

See also

Literature

  • Lua error in package.lua at line 80: module 'strict' not found.
  • Lua error in package.lua at line 80: module 'strict' not found.
  • Lua error in package.lua at line 80: module 'strict' not found.

References

  1. 1.0 1.1 1.2 1.3 1.4 Lua error in package.lua at line 80: module 'strict' not found.
  2. Lua error in package.lua at line 80: module 'strict' not found.
  3. Lua error in package.lua at line 80: module 'strict' not found.
  4. Lua error in package.lua at line 80: module 'strict' not found.
  5. 5.0 5.1 Lua error in package.lua at line 80: module 'strict' not found.
  6. 6.0 6.1 Lua error in package.lua at line 80: module 'strict' not found.
  7. 7.0 7.1 Lua error in package.lua at line 80: module 'strict' not found.
  8. 8.0 8.1 Lua error in package.lua at line 80: module 'strict' not found.
  9. 9.0 9.1 9.2 Lua error in package.lua at line 80: module 'strict' not found.
  10. Lua error in package.lua at line 80: module 'strict' not found.
  11. Lua error in package.lua at line 80: module 'strict' not found.
  12. Lua error in package.lua at line 80: module 'strict' not found.
  13. Lua error in package.lua at line 80: module 'strict' not found.
  14. Lua error in package.lua at line 80: module 'strict' not found.
  15. Lua error in package.lua at line 80: module 'strict' not found.
  16. Lua error in package.lua at line 80: module 'strict' not found.
  17. Lua error in package.lua at line 80: module 'strict' not found.
  18. Lua error in package.lua at line 80: module 'strict' not found.
  19. Lua error in package.lua at line 80: module 'strict' not found.
  20. 20.0 20.1 Lua error in package.lua at line 80: module 'strict' not found.
  21. Lua error in package.lua at line 80: module 'strict' not found.
  22. 22.0 22.1 Lua error in package.lua at line 80: module 'strict' not found.
  23. 23.0 23.1 23.2 Lua error in package.lua at line 80: module 'strict' not found.
  24. Lua error in package.lua at line 80: module 'strict' not found.
  25. Lua error in package.lua at line 80: module 'strict' not found.
  26. Lua error in package.lua at line 80: module 'strict' not found.
  27. 27.0 27.1 27.2 Rottermanner et al. 2015, p. 3
  28. Lua error in package.lua at line 80: module 'strict' not found.
  29. Lua error in package.lua at line 80: module 'strict' not found.
  30. https://github.com/SilenceIM/Silence/pull/383
  31. 31.0 31.1 Lua error in package.lua at line 80: module 'strict' not found.
  32. 32.0 32.1 Lua error in package.lua at line 80: module 'strict' not found.
  33. 33.0 33.1 33.2 Lua error in package.lua at line 80: module 'strict' not found.
  34. 34.0 34.1 34.2 34.3 Lua error in package.lua at line 80: module 'strict' not found.
  35. Lua error in package.lua at line 80: module 'strict' not found.
  36. 36.0 36.1 36.2 Rottermanner et al. 2015, p. 5
  37. 37.0 37.1 Rottermanner et al. 2015, p. 9
  38. 38.0 38.1 38.2 Lua error in package.lua at line 80: module 'strict' not found.
  39. 39.0 39.1 39.2 Lua error in package.lua at line 80: module 'strict' not found.
  40. Lua error in package.lua at line 80: module 'strict' not found.
  41. 41.0 41.1 Lua error in package.lua at line 80: module 'strict' not found.
  42. Lua error in package.lua at line 80: module 'strict' not found.
  43. Unger et al. 2015, p. 241
  44. Frosch et al. 2014
  45. 45.0 45.1 45.2 45.3 Unger et al. 2015, p. 239
  46. Frosch et al. 2014
  47. Lua error in package.lua at line 80: module 'strict' not found.
  48. Lua error in package.lua at line 80: module 'strict' not found.
  49. Lua error in package.lua at line 80: module 'strict' not found.
  50. Lua error in package.lua at line 80: module 'strict' not found.
  51. Lua error in package.lua at line 80: module 'strict' not found.
  52. 52.0 52.1 Lua error in package.lua at line 80: module 'strict' not found.
  53. Frosch et al. 2014, p. 7
  54. 54.0 54.1 54.2 Rottermanner et al. 2015, p. 4
  55. Lua error in package.lua at line 80: module 'strict' not found.
  56. 56.0 56.1 56.2 Lua error in package.lua at line 80: module 'strict' not found.
  57. Lua error in package.lua at line 80: module 'strict' not found.
  58. Lua error in package.lua at line 80: module 'strict' not found.
  59. Lua error in package.lua at line 80: module 'strict' not found.
  60. Lua error in package.lua at line 80: module 'strict' not found.
  61. 61.0 61.1 Lua error in package.lua at line 80: module 'strict' not found.
  62. Lua error in package.lua at line 80: module 'strict' not found.
  63. Lua error in package.lua at line 80: module 'strict' not found.
  64. Lua error in package.lua at line 80: module 'strict' not found.
  65. Lua error in package.lua at line 80: module 'strict' not found.
  66. Lua error in package.lua at line 80: module 'strict' not found.
  67. Lua error in package.lua at line 80: module 'strict' not found.
  68. Lua error in package.lua at line 80: module 'strict' not found.
  69. Lua error in package.lua at line 80: module 'strict' not found.
  70. Lua error in package.lua at line 80: module 'strict' not found.
  71. Lua error in package.lua at line 80: module 'strict' not found.
  72. Lua error in package.lua at line 80: module 'strict' not found.
  73. Lua error in package.lua at line 80: module 'strict' not found.
  74. Lua error in package.lua at line 80: module 'strict' not found.
  75. Lua error in package.lua at line 80: module 'strict' not found.
  76. Lua error in package.lua at line 80: module 'strict' not found.
  77. Lua error in package.lua at line 80: module 'strict' not found.
  78. Lua error in package.lua at line 80: module 'strict' not found.
  79. Lua error in package.lua at line 80: module 'strict' not found.
  80. Lua error in package.lua at line 80: module 'strict' not found.
  81. Lua error in package.lua at line 80: module 'strict' not found.
  82. Lua error in package.lua at line 80: module 'strict' not found.

External links

Retrieved from "https://infogalactic.com/w/index.php?title=Signal_(software)&oldid=722650021"