Scribd
Upload
497 views8 pages

Whatsapp Security: Made By: Abdelrahman Badawy Yousef Abdelfatah Subervised By: Eng/Mai Magdy

1) WhatsApp uses end-to-end encryption to securely transmit messages, calls, files and more between users. The Signal Protocol forms the basis of WhatsApp's encryption. 2) Public and private keys are generated during client registration and used to establish encryption sessions between users. The WhatsApp server does not have access to users' private keys. 3) Live location updates require frequent ratcheting of encryption keys. The document proposes a fast ratcheting algorithm to efficiently handle the high volume of location broadcasts and updates.

Uploaded by

Yousseff Moo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
497 views8 pages

Whatsapp Security: Made By: Abdelrahman Badawy Yousef Abdelfatah Subervised By: Eng/Mai Magdy

1) WhatsApp uses end-to-end encryption to securely transmit messages, calls, files and more between users. The Signal Protocol forms the basis of WhatsApp's encryption. 2) Public and private keys are generated during client registration and used to establish encryption sessions between users. The WhatsApp server does not have access to users' private keys. 3) Live location updates require frequent ratcheting of encryption keys. The document proposes a fast ratcheting algorithm to efficiently handle the high volume of location broadcasts and updates.

Uploaded by

Yousseff Moo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

WhatsApp security

MADE BY : ABDELRAHMAN BADAWY


YOUSEF ABDELFATAH
SUBERVISED BY : ENG/MAI MAGDY
Introduction:

 WhatsApp Messenger allows people to exchange messages (including chats,


group chats, images, videos, voice messages and files) and make WhatsApp
calls around the world. WhatsApp messages, voice and video calls between a
sender and receiver that use WhatsApp client software released after March
31, 2016 are end-to-end encrypted. The Signal Protocol, designed by Open
Whisper Systems, is the basis for WhatsApp’s end-to-end encryption. This
end-to-end encryption protocol is designed to prevent third parties and
WhatsApp from having plaintext access to messages or calls. What’s more,
even if encryption keys from a user’s device are ever physically
compromised, they cannot be used to go back in time to decrypt previously
transmitted messages
Public Key Types
Identity
Key Pair
Signed Pre
A long-term Key One-Time
Curve25519 key
Pre Keys
Terms: pair, generated at
install time.
A medium-term
Curve25519 key pair,
generated at install time, – A queue of Curve25519
signed by the Identity key pairs for one time
Key, and rotated on a use, generated at install
periodic timed basis time, and replenished as
needed.
Session Key Types
Root Key
Chain Key
A 32-byte value that
is used to create Message Key

Terms: Chain Keys. – A 32-byte value that is


used to create Message
Keys. An 80-byte value that is
used to encrypt message
contents. 32 bytes are
used for an AES-256 key,
32 bytes for a HMAC-
SHA256 key, and 16
bytes for an IV.
Client
Registration

Terms: At registration time, a WhatsApp client transmits its


public Identity Key, public Signed Pre Key (with its
signature), and a batch of public One-Time Pre Keys to
the server. The WhatsApp server stores these public keys
associated with the user’s identifier. At no time does the
WhatsApp server have access to any of the client’s private
keys.
To establish a
session: Receiving
Initiating 1. The initiating client (“initiator”) requests the
Session Setup
public Identity Key
Session 2. The server returns the requested public key
values
1. The recipient calculates the
corresponding master_secret using its

Setup 3. . The initiator saves the recipient’s Identity Key own private keys and the public keys
as I recipient, the Signed Pre Key as Srecipient, advertised in the header of the incoming
and the One-Time Pre Key as Orecipient. message.
4. The initiator generates an ephemeral 2. 2. The recipient deletes the One-Time
Curve25519 key pair, Initiator. Pre Key used by the initiator.
5. The initiator loads its own Identity Key as 3. 3. The initiator uses HKDF to derive a
Initiator. corresponding Root Key and Chain Keys
6. . The initiator calculates a master secret from the master_secret.
Live location messages and updates are encrypted in
much the same way as group messages. The first live
location message or update sent follows the same
sequence of steps as the first time a WhatsApp group
member sends a message to a group. But, live
locations demand a high volume of location
broadcasts and updates with lossy delivery where
Live receivers can expect to see large jumps in the number
of ratchets, or iteration counts. The Signal Protocol
uses a linear-time algorithm for ratcheting that is too
Location slow for this application. This document offers a fast
ratcheting algorithm to solve this problem.
Consider an extension where we
keep two chains of chain keys:

 
Chain keys are currently one-dimensional. To ratchet
N steps takes N computations. Chain keys are denoted
as CK(iteration count) and message keys as
MK(iteration count).
Messages between WhatsApp users are protected with an
end to-end encryption protocol so that third parties and
WhatsApp cannot read them and so that the messages can
only be decrypted by the recipient. All types of WhatsApp
messages (including chats, group chats, images, videos,
voice messages and files) and WhatsApp calls are
Conclusion protected by end-to-end encryption. WhatsApp servers do
not have access to the private keys of WhatsApp users,
and WhatsApp users have the option to verify keys in
order to ensure the integrity of their communication.

You might also like