Encrypted group chat is hard to accomplish.
For enterprises concerned about security – and all should be – recognition will long have dawned that email is one of the least secure technologies under the sun.
But encrypted group chat alternatives face a range of issues: they need to ensure that messages can only be read by members of a given group. They need to be asynchronous: participants may not be online at the same time.
They need to ensure “forward secrecy”: i.e. that full compromise of a node at a point in time does not reveal past messages sent within the group, and they ultimately need to be scalable to the enterprise level: encryption keys can hog bandwidth.
Now a growing group of institutions led by encrypted messenger app Wire and including Cisco, Mozilla and Twitter, are working to develop an Open Standard called Messaging Layer Security that supports such capabilities.
How it Started
More than ten years ago, Alan Duric, then an engineer working with a small team at Global IP Solutions (GIPS) developed the internet Low Bitrate Codec (iLBC). The voice codec, an algorithm for the coding of speech signals, has shaped digital communication as part of the open source WebRTC standard. WebRTC has spread globally and forms a core part of most internet communications platforms.
Now Duric, currently CTO/COO of of encrypted messenger service Wire, is working on Messaging Layer Security; an end-to-end encrypted protocol being developed by a workgroup of Open Standards organisation the Internet Engineering Task Force (IETF).
The plan is ultimately to become an open standard so that all platforms can take advantage of the security Messaging Layer Security offers.
Messaging Layer Security: The Charter
Why? As the Messaging Layer Security charter notes, numerous applications need message protection protocols.
“Several widely-deployed applications have developed their own protocols to meet these needs”, the charter emphasises, but “while these protocols are similar, no two are close enough to interoperate.
“As a result, each application vendor has had to maintain their own protocol stack and independently build trust in the quality of the protocol.”
“The primary goal of this working group is to develop a standard messaging security protocol for human-to-human(s) communication with the above security and deployment properties so that applications can share code, and so that there can be shared validation of the protocol (as there has been with TLS 1.3).”
Here, Wire’s Alan Duric and Raphael Robert explain the plan.
Messaging Layer Security: A Work in Progress
Choosing open standards over proprietary technology is not an emotional decision.
In the past we have been involved in similar efforts that made a deep impact on the industry:
Standardising the Internet Low Bitrate Codec (iLBC) at Global IP Sound paved the way for WebRTC.
Skype disrupted the telecommunication world with free calls. SILK, the codec used for Skype calls, evolved and became an open standard known as Opus and now also an integral part of WebRTC.
Today WebRTC is built into most browsers (Chrome, Firefox, Safari, Edge, etc.) as well as into many communication products, making for an install base of billions of devices.
We believe that in the next decade messaging will be shaped by the increasing awareness of users around subjects like privacy and security. People feel strongly about this and there is a large consensus that messages are something private and worth protecting from prying eyes.
In 2016, the lack of an open standard for end-to-end encryption lead us to discussing our vision with others. What started as an informal discussion at a Berlin restaurant one evening during IETF 96 with peers from Mozilla and Cisco would later become a fully grown IETF workgroup.
While the initial focus was on creating an open standard, others joined the effort and brought more innovation to the table: Facebook in cooperation with the University of Oxford published the Asynchronous Ratcheting Trees concept.
After a number of alternatives were considered, this concept became the base layer of discussions within the MLS group and finally lead to the analogue TreeKEM concept, that is now at the core of the protocol. Academic research has also shown, that the security of group conversations can be improved.
This extended the original scope of MLS to 3 major goals in the charter:
- Make secure messaging in (large) groups more efficient
- Increase the security of groups w.r.t. membership while maintaining security guarantees like Forward Secrecy and Post-Compromise Security
- Make the protocol a standard that everyone can use freely and safely
We are convinced that the approach of pushing for open standards was valid in the past and that it is also valid for the future. The MLS workgroup benefits from work and assistance of the academic community, and the intent is to follow the pattern of TLS 1.3, with specification, implementation, and formal verification proceeding in parallel.
A few implementations already exist, that now aim for perfect interoperability.
By the time we arrive at the final version (RFC), we hope to have several interoperable implementations as well as a thorough security analysis. While more work needs to be done on MLS, large hurdles have been overcome already and we believe the ongoing work is going in the right direction.”
Exepect to hear more about the protocol in 2019.