Three Lessons From Threema: Analysis of a Secure Messenger

OPEN ACCESS

Downloads

Full text (accepted version) (PDF, 452.55 KB)

Author / Producer

Paterson, Kenneth G. Scarlata, Matteo Truong, Kien Tuong

Date

2023

Publication Type

Conference Paper

ETH Bibliography

yes

Citations

Altmetric
OPEN ACCESS

Downloads

Full text (accepted version) (PDF, 452.55 KB)

Data

Rights / License

In Copyright - Non-Commercial Use Permitted north_east

Abstract

We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against the protocol in three different threat models. We discuss impact and remediations for our attacks, which have all been disclosed to Threema and patched. Finally, we draw wider lessons for developers of secure protocols.

Permanent link

https://doi.org/10.3929/ethz-b-000623004

Publication status

published

External links

https://www.usenix.org/conference/usenixsecurity23/presentation/paterson north_east

Editor

Book title

Proceedings of the 32st USENIX Security Symposium

Journal / series

Volume

Pages / Article No.

1289 - 1306

Publisher

USENIX Association

Event

32nd USENIX Security Symposium (USENIX Security 2023)

Edition / version

Methods

Software

Geographic location

Date collected

Date created

Subject

Organisational unit

09653 - Paterson, Kenneth / Paterson, Kenneth check_circle

Notes

Funding

Related publications and datasets

More

Show all metadata