Signal taps up Intel's SGX to (hopefully) stop contacts falling into hackers, cops' hands

In Moxie we trust

Moxie Marlinspike
Moxie Marlinspike says 'Don't trust us, trust the tech'

Encrypted call and messaging app Signal gets a lot of love in the security community. Now its developers have decided to toughen it up even more to avoid the possibility of it being turned against its users.

Signal prides itself on being secure for netizens by taking the bare minimum of information from them to function – but it does need access to your contacts to reveal who is messaging or calling. You can shut down the app's access to contacts and it'll still function, but you'll have to recognize for yourself the raw numbers to identify who is getting in touch.

Crucially, Signal seeks to connect you and your friends, relatives, colleagues and other contacts who also use the app. If you install the software, and let it access your address book, it will identify any contacts who have also installed the application.

To do this, the application sends your contacts' numbers to its backend servers. It calculates the SHA256 hash for each number, and uploads truncated copies of the hashes to Signal's systems. Those backend machines use the hashes to link contacts. In other words, if Emma and Julie both have each others' numbers on their Android phones, and both install Signal for secure end-to-end encrypted chat, Signal's systems can flag up to both of them that they are available on Signal.

While this is a pretty solid system, it's possible that if someone hacked the Signal servers, or a government seized control of the operation, they could work out everyone's associates by obtaining and studying the hashes. This could be done by infecting the machined with malware, or otherwise using the host operating system to spy on incoming data from users.

Due to the relatively limited number of phone numbers, it's possible to calculate, say, all the possible truncated hashes for US cellphone numbers and use these to convert Signal's hashes into numbers and therefore individual people.

Intel first-generation Centrino parts

Intel's SGX security extensions: Secure until you look at the detail


In a blog post Tuesday, Moxie Marlinspike – the dreadlocked security advocate who founded Open Whisper Systems (OWS), which makes Signal – explained that situation wasn't ideal. Ultimately Signal needs to be bulletproof.

"We simply don't want people to have to trust us," he said. "That's not what privacy is about."

To avoid hashes falling into the wrong hands, Signal is using technology from Intel – specifically its Software Guard Extensions aka SGX. Introduced in 2013, SGX is intended as a tool to support anti-piracy and anti-copying mechanisms, among other things. Signal will process hashes within SGX enclaves in hardware-encrypted RAM on its backend servers. This should, in theory, mean the hashes can't be read by anyone who has infiltrated the box – not even the OS nor any other programs running on the system. This should stop cops taking over a machine and keeping it running to inspect the incoming hashes.

The contacts are also stored in an "oblivious" hash table: an inefficient data structure that, hopefully, prevents snoopers from deducing its contents and layout. Here's the recipe, according to Marlinspike:

  1. The contact discovery service passes a batch of encrypted contact discovery requests to the enclave.
  2. The enclave decrypts the requests and uses the oblivious hash table construction process to build a hash table containing all submitted contacts.
  3. The enclave iterates over the list of all registered users. For each registered user, the enclave indexes into the hash table containing the batch of client contacts and does a constant-time comparison against every contact in that cache line.
  4. The enclave writes to the “results” cache line for that same hash index, regardless of whether there was a successful compare or not.
  5. After iterating through the entire set of registered users, the enclave builds an oblivious response list for each client request in the batch.
  6. The enclave encrypts the appropriate response list to each requesting client, and returns the batch results to the service.
  7. The service transmits the encrypted response back to each requesting client.

SGX isn't perfect. There have been proof-of-concept hacks that could break the system, so OWS is taking extra precautions – particularly by observing memory access patterns to divine the data it is parsing. That's what the cache observations above refer to. It's estimated that an attacker would need a few million bucks to crack SGX, which is within the budgets of the NSA, FBI et al – so a rich attacker could defeat all the above defenses, anyway.

The code has now been put online so that it can be checked and verified over the next few months before being rolled out. ®

Biting the hand that feeds IT © 1998–2017