[messaging] [liberationtech] BabelCrypt: The Universal Encryption Layer for Mobile Messaging Applications

Tom Ritter tom at ritter.vg
Fri Dec 19 07:08:03 PST 2014

(-libtech, +Collin Milliner who is an author and a well respected
Android security researcher.  Collin, I hope you don't mind my
throwing you into our crypto protocol discussion list)

Sounds interesting!  The part I was most curious about was how they
handle all the extra context that often needs to be taken into account
via leaky abstractions.  (e.g. SMSes being split at 140 characters,
etc)  I peeked through, and saw the following:

- Can run with PSK or Key Agreement
- Uses AES-CBC with prefixed IV or OTR (uhg on the first, and hmmm....
on the second)
- On Android, besides implementing a keyboard, it uses screen overlays
to show the plaintext of the message, as you can't inject content into
other apps
- The control protocol doesn't seem to have any sort of integrity,
meaning the carrier/underlying service operator would be able to
inject those forged without problems, although I'm not 100% sure about
- It has a 40-participant user study!! The result was that it was
Simple, and decent looking and likable.  I'd be curious to hear a
critique of their approach from someone who has a basis to judge
whether a user study is well founded.
- I couldn't find the code, but the paper is coming out in January, so
maybe it's waiting for that...
- As far as I can tell, the keyboard does allow you to inject
keypresses and stuff, so there's no problem with making control
messages or padding, no need for some complicated FPE mode

Overall, I think it's a pretty neat approach to Android messaging
crypto.  (But, only Android. This won't work on iOS.)  Using screen
overlays and a keyboard let them muck with any app they want; but it's
not seemless. Just like OTR is designed to run in 'any' context, the
lower level abstractions always leak through, and necessitate a change
(like TextSecure did for SMS).

I guess if you wanted to try and make it more seemless, you're build
it into Android, which would let you muck with the GUI contents... but
you'd still run into problems with trying to interpret random chat
applications gui's you've never seen.  You could provide hardcoded
lists of how to interact with different ones and different versions:
but at that point you're basically trying to maintain FireGPG:
tracking an apps changes and updating your app, trying to rush out
fixes before too many people notice it's broken....


On 19 December 2014 at 08:40, Wasa Bee <wasabee18 at gmail.com> wrote:
> This [0] may of interest to people implementing secure IM. Instead of
> creating an IM app from scratch and hoping for wide adoption, babelcrypt  is
> a keyboard app. One installed an an android smartphone, the keyboard passes
> encrypted data to an existing IM app such as whatsapp or Fb messenger. Using
> certain android APIs, it can also access content on the screen to display
> received messages.
> [0]
> http://www.iseclab.org/people/mweissbacher/publications/babelcrypt_fc.pdf

More information about the Messaging mailing list