For many years, our SIP client, Linphone, has been one of the most active free communication software. Originally focused on voice, additional functionalities were rapidly added like video, group chat and presence. All these communication modes imply privacy.
To achieve a good level of privacy, users must be able to ensure that their communications can only be displayed by the entitled receiver of those communications. Especially, no-one from the server infrastructure crossed by the messages should be in the position of compromising secrecy of the communication. Basically, this is what end-to-end encryption is aiming to achieve.
Our SIP client Linphone does implement end-to-end encryption for voice and video communications thanks to ZRTP (rfc 6189). However, for messaging, security was only performed by using point-to-point cyphering, based on SIP TLS. To bring users of instant messaging features the same level of security, we decided to implement end-to-end encryption mechanisms for messaging too, including group chat. Linphone Instant Messaging Encryption follows state-of-the-art methods for forward secrecy and MitM detection.
This discussion will focus on protocols' extension to existing SIP standards, implementation challenges and future extensions. The following topics will also being mentioned in our presentation :
• End-to-end encryption based on modern elliptic curve cryptography
• Perfect forward secrecy with double ratchet algorithm
• Designed for group communications
• Asynchronous messaging system based on pre-positioned keys
• Man-in-the-middle detection based on ZRTP auxiliary secret
• Signaling protocol agnostic
Protocols' extension to existing SIP standards, implementation challenges and future extensions : LI