On the Cryptographic Fragility of the Telegram Ecosystem
dc.contributor.author
von Arx, Theo
dc.contributor.author
Paterson, Kenneth G.
dc.contributor.editor
Liu, Joseph
dc.contributor.editor
Xiang, Yang
dc.contributor.editor
Nepal, Surya
dc.date.accessioned
2023-09-05T13:49:36Z
dc.date.available
2023-07-11T06:31:06Z
dc.date.available
2023-07-11T11:55:44Z
dc.date.available
2023-08-15T06:33:00Z
dc.date.available
2023-08-15T09:59:41Z
dc.date.available
2023-09-05T13:49:36Z
dc.date.issued
2023-07-10
dc.identifier.other
10.1145/3579856.3582811
en_US
dc.identifier.uri
http://hdl.handle.net/20.500.11850/620789
dc.identifier.doi
10.3929/ethz-b-000620789
dc.description.abstract
Telegram is a popular messenger with more than 550 million active users per month and with a large ecosystem of different clients. The wide adoption of Telegram by protestors relying on private and secure messaging provides motivation for developing a profound understanding of its cryptographic design and how this influences its security properties. Telegram has its own bespoke transport layer security protocol, MTProto 2.0. This protocol was recently subjected to a detailed study by Albrecht et al. (IEEE S&P 2022). They gave attacks on the protocol and its implementations, along with a security proof for a modified version of the protocol.
We complement that study by analysing a range of third-party client implementations of MTProto 2.0. We report practical replay attacks for the Pyrogram, Telethon and GramJS clients, and a more theoretical timing attack against the MadelineProto client. We show how vulnerable third-party clients can affect the security of the entire ecosystem, including official clients. Our analysis reveals that many third-party clients fail to securely implement MTProto 2.0. We discuss the reasons for these failures, focussing on complications in the design of MTProto 2.0 that lead developers to omit security-critical features or to implement the protocol in an insecure manner. We also discuss changes that could be made to MTProto 2.0 to remedy this situation. Overall, our work highlights the cryptographic fragility of the Telegram ecosystem.
en_US
dc.format
application/pdf
en_US
dc.language.iso
en
en_US
dc.publisher
Association for Computing Machinery
en_US
dc.rights.uri
http://rightsstatements.org/page/InC-NC/1.0/
dc.subject
Security and privacy
en_US
dc.subject
Security protocols
en_US
dc.subject
Web application security
en_US
dc.subject
Cryptanalysis and other attacks
en_US
dc.subject
Telegram
en_US
dc.subject
Timing side-channel
en_US
dc.subject
Reply attack
en_US
dc.subject
Encrypt-and-MAC
en_US
dc.title
On the Cryptographic Fragility of the Telegram Ecosystem
en_US
dc.type
Conference Paper
dc.type
Conference Paper
dc.rights.license
In Copyright - Non-Commercial Use Permitted
ethz.book.title
ASIA CCS '23: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security
en_US
ethz.pages.start
328
en_US
ethz.pages.end
341
en_US
ethz.version.deposit
acceptedVersion
en_US
ethz.code.ddc
DDC - DDC::0 - Computer science, information & general works::004 - Data processing, computer science
en_US
ethz.event
18th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2023)
en_US
ethz.event.location
Melbourne, Australia
en_US
ethz.event.date
July 10-14, 2023
en_US
ethz.identifier.wos
ethz.identifier.scopus
ethz.publication.place
New York, NY
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::09653 - Paterson, Kenneth / Paterson, Kenneth
en_US
ethz.identifier.orcidWorkCode
138155897
ethz.date.deposited
2023-07-11T06:31:06Z
ethz.source
FORM
ethz.eth
yes
en_US
ethz.availability
Open access
en_US
ethz.rosetta.installDate
2023-09-05T13:49:37Z
ethz.rosetta.lastUpdated
2024-02-03T03:18:11Z
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=On%20the%20Cryptographic%20Fragility%20of%20the%20Telegram%20Ecosystem&rft.date=2023-07-10&rft.spage=328&rft.epage=341&rft.au=von%20Arx,%20Theo&Paterson,%20Kenneth%20G.&rft.genre=proceeding&proceeding&rft_id=info:doi/10.1145/3579856.3582811&rft.btitle=ASIA%20CCS%20'23:%20Proceedings%20of%20the%202023%20ACM%20Asia%20Conference%20on%20Computer%20and%20Communications%20Security
Dateien zu diesem Eintrag
Publikationstyp
-
Conference Paper [35329]