Automated Symbolic Verification of Telegram's MTProto 2.0

12/05/2020
by   Marino Miculan, et al.
0

MTProto 2.0 is a suite of cryptographic protocols for instant messaging at the core of the popular Telegram messenger application, which is currently used by more than 400 millions of people. In this paper we analyse MTProto 2.0 using ProVerif, a symbolic cryptographic protocol verifier based on the Dolev-Yao model. In particular, we provide a fully automated proof of the soundness of MTProto 2.0's authentication, normal chat, end-to-end encrypted chat, and re-keying mechanisms with respect to several security properties, including authentication, integrity, confidentiality and perfect forward secrecy. To prove these results we proceed in a modular way: each protocol is examined in isolation, relying only on the guarantees provided by the previous ones and the robustness of the basic cryptographic primitives. Our research proves the formal correctness of MTProto 2.0 in the symbolic model, and it can serve as a reference for implementation and analysis of clients and servers.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
03/14/2019

Authentication by Witness Functions

Witness functions have recently been introduced in cryptographic protoco...
research
08/28/2023

CryptoBap: A Binary Analysis Platform for Cryptographic Protocols

We introduce CryptoBap, a platform to verify weak secrecy and authentica...
research
05/20/2023

CryptoVampire: Automated Reasoning for the Complete Symbolic Attacker Cryptographic Model

Cryptographic protocols are extremely hard to design and prove correct, ...
research
06/19/2018

Formal verification of the YubiKey and YubiHSM APIs in Maude-NPA

In this paper, we perform an automated analysis of two devices developed...
research
07/05/2018

FocusST Solution for Analysis of Cryptographic Properties

To analyse cryptographic properties of distributed systems in a systemat...
research
01/03/2020

Verifying Cryptographic Security Implementations in C Using Automated Model Extraction

This thesis presents an automated method for verifying security properti...
research
09/09/2020

Where's Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code

The continuing use of proprietary cryptography in embedded systems acros...

Please sign up or login with your details

Forgot password? Click here to reset