Off-the-Record Messaging

Purpose:

The Off-the-Record Messaging Webpage

The Off-the-Record Messaging Webpage

Off-the-Record Messaging (OTR) is an encryption protocol making it possible to engage in private conversations using specific instant messaging software. Its aim is to provide a platform that enables both encrypted and ‘deniable’ instant messaging conversations [CPU02]. ‘Deniable authentication’ allows participants in an instant messaging conversation to verify each other without the need for digital signatures which are attributed to a specific person and that can potentially be seen by a third party [CPU01].

OTR is an alternative to PGP and S/MIME public key encryption addressing some their vulnerabilities. These include [Borisov et al., 2004]:

  • the use of encryption keys that endure for a long period of time making them subject to compromise
  • the need for digital signatures that provide proof of authorship, which may be used to provide legal proof of a person’s communications and activities.

Specifically, OTR ensures that [Borisov et al., 2004]:

  • Only the two parties involved are allowed access to the contents of a conversation
  • After a conversation is over, no one (not even the parties involved) can produce a transcript
  • While participants are assured of each other’s identities, neither they nor anyone else can prove this information to a third party.

Software applications

Two of the main established software applications using OTR include:

  • Pidgin – an OTR instant messaging program that can be used on Windows, Linux, and other UNIX operating systems. It allows users to log in to multiple accounts on different networks, such as MSN, Google Talk, and Yahoo chat, at the same time [PID01]. It allows for chat, file transfers, away messages, and buddy lists. A key criticism of the application is that it stores passwords as plaintext [PID02]. This means that the password file is readable by anyone who has physical or virtual access to the computer and to the user or administrative accounts.
  • Adium – an OTR instant messaging program that can be used on Apple operating systems, like Pidgin, users can connect to any number of instant messaging accounts. It allows for multiple chats simultaneously, address book integration and file transfer [ADI01].

Capabilities:

  • Confidentiality – using ‘perfect forward secrecy’ means that previous conversations and messages cannot be recovered. This is achieved using short-lived encryption/decryption keys that are generated as needed and deleted after use [Borisov et al., 2004]. It relies upon the agreeing of a shared secret without revealing it to any third party (this can be done in person for example). What this means in technical terms is that ‘Message Authentication Codes (MACs)’ are used rather than digital signatures to prove messages authorship to the receiver of the message, while at the same time preventing such proof to any third parties.
  • Plausible Deniability – allows for participants in conversations to disclaim authorship of any content. This is achieved using ‘malleable encryption’, which is more insecure because it can be compromised resulting in the forgoing of transcripts. This however, provides an avenue for plausible deniability and repudiation of the contents of any communication.

Surveillance mitigation:

  • Privacy – enables private digital communications so that messages cannot be read by third parties. The difference between plaintext and ciphertext has been compared to the postcard and the letter, where plaintext is more like a postcard that anyone can read and ciphertext is akin to placing a message in a sealed envelope. This has been called the ‘analog gap’ [MPE02].

Vulnerabilities:

  • Authentication – OTR provides two layers of authentication. One uses encryption keys, however, they are not assigned to a specific person as they are in PGP. The only way to authentic your communication partner is to compare fingerprints using another communication channel such as face-to-face, telephone, or another digital channel [BNB01]. Another way to authenticate is to have the two parties decide on a shared secret but they need to ensure that no third party is eavesdropping whether it is done in person or online. If the secret is shared online using PGP there is a trace that links the parties, which could be revealed later. This authentication process allows for some degree of human error and if this happens the OTR session could be compromised through a man-in-the-middle attack [BNB01].
  • Human – Even though conversations are not saved in OTR, any communication partner could take screenshots of the conversation [HUFF01].

Layer of interaction:

Background:

Off-the-Record Messaging was developed in 2004 [CPU03] and was developed to enable encrypted real-time chat while also addressing some of the vulnerabilities of public key encryption. OTR chat software Pidgin and Adium use the LibPurple protocol [ADI02, PID03], which enables network connectivity that allows access to a variety of instant messaging applications. This allows users to login to multiple IM accounts, although it does not support group chat. The Electronic Frontier Foundation provides a helpful messaging scorecard [EFF01] that assesses the level of security provided a variety of communication tools including instant messaging.

Sources:

Adium (ADI)

1) https://adium.im/about

2) https://trac.adium.im/wiki/LibPurple

Bitcoin Not Bombs (BNB)

1) http://www.bitcoinnotbombs.com/beginners-guide-to-off-the-record-messaging

Borisov, N., Goldberg, I., Brewer, E. (2004) Off-the-Record Communication, or, Why Not To Use PGP. In WPES, 2004.
https://otr.cypherpunks.ca/otr-wpes.pdf

Cypherpunks (CPU)

1) https://otr.cypherpunks.ca/index.php

2) https://otr.cypherpunks.ca/press/news.com.com/Making+your+IM+secure–and+deniable/2100-7355_3-5576246.html

3) https://otr.cypherpunks.ca/news.php

Electronic Frontier Foundation (EFF)

1) https://www.eff.org/secure-messaging-scorecard

Huffington Post (HUFF)

1) http://www.huffingtonpost.com/2014/10/10/google-off-the-record_n_5959188.html

Mailpile (MPE)

1) https://github.com/mailpile/Mailpile/wiki/FAQ-Encryption-&-Security

Pidgin (PID)

1) https://pidgin.im/about/

2) https://developer.pidgin.im/wiki/PlainTextPasswords

3) https://developer.pidgin.im/wiki/Using%20Libpurple