Palapa: Perbandingan WA Telegram Signal Palapa

From OnnoWiki
Revision as of 05:06, 22 January 2021 by Onnowpurbo (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Comparison WA Telegram Signal Palapa v0.3.jpg 


Date: Thu, 21 Jan 2021 09:07:44 +0700
From: Gildas Deograt Lumy <gildas.deograt@xecureit.id>
To: onno <onno.purbo@xecureit.id>, Onno W. Purbo <onno@indo.net.id>
Subject: Comparison WA Telegram Signal Palapa v0.3.jpg


Kang Onno,

Selamat pagi.

Banyak teman-teman profesional keamanan siber yg tanya:

WA dan Palapa sama2 berbasis pada Signal yang konten pesan dilindungi kerahasiannya dengan end-to-end encryption (E2EE). Kalau server Signal dan Palapa tidak bisa membaca konten yang dikirim, apakah server WA bisa membaca konten?

Jawabannya, bisa dibaca dalam artikel

"More is Less: On the End-to-End Security of Group Chats inSignal, WhatsApp, and Threema" yang dipublikasi di 3rd IEEE European Symposium on Security and Privacy (EuroS&P 2018) https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8406614

Lumayan mabok kalau baca detil keseluruhan artikel, banyak special characters-nya :))) Beda sama otak-nya Abe yg KW super ++, otak saya yg KW4 perlu baca 5-6x untuk mulai memahami :'(

Walaupun WA dan Palapa sama-sama mengadopsi Signal, tapi WA melakukan modifikasi yang menurut saya memperlemah, bukan meningkatkan keamanan dan privasi. Berikut saya copas langsung ke intinya dibagian 5.2. Group Protocol.

"... As a result, the WhatsApp server is mainly responsible for the distribution of group messages based on the group management. This is a main difference in comparison to Signal and Threema. Although WhatsApp integrates the Signal key exchange protocol for direct messaging, KEYS IN GROUPS ARE USED VERY DIFFERENTLY: instead of sending encrypted messages to each group member separately (cf. section 4), each user generates a symmetric key (chain key) for encrypting only her messages to the group. ..."

Teman-teman yang bertanya dan saya berikan jawaban tersebut, ternyata masih mabok juga.

Jadi memang harus membaca keseluruhan konteks analisa keamanan WA dalam artikel tersebut, dan paham cukup dalam tentang Noise Protocol, Diffie-Hellman Key Exchange, termasuk kelemahan keamanannya, karena setan ada di detil ;)

Untungnya artikel ini memberi "ringkasan" dari berbagai kombinasi kelemahan WA dibagian 5.4. Impact of the Weaknesses’ Combination.

"... The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group. Thereby it can cache sent messages to the group, READ THEIR CONTENT FIRST and decide in which order they are delivered to the members. Additionally the WhatsApp server can forward these messages to the members individually such that a subtly chosen combination of messages can help it to cover the traces. ..."

Terlampir DRAFT dokumen internal XecureIT ttg perbandingan antara WA, Telegram, Signal, dan Palapa, yang juga jadi referensi saat R&D. Tidak rahasia karena sumber informasinya juga ada di Internet. Mohon koreksi kalau ada "bug".

Nuhun pisan.

Salam sehat untuk keluarga :)

Gildas "Rasa aman berbahaya. Rasa aman membuat kita lengah."



Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Palapa:_Perbandingan_WA_Telegram_Signal_Palapa&oldid=63012"