Facebook has made a new tool available via GitHub that allows users to apply encryption to their social media group chats.
Named the Asynchronous Ratcheting Tree, the open source tool is designed to enhance the security of Facebook Messenger, WhatsApp and the Signal App among others.
In the event of a security breach, the tool would work to re-establish security, instead of simply leaving the entry point open for a hacker to return to in future.
Behind the tool is the Facebook Software Engineer, Johnathan Millican, who worked with computer science students from Oxford University including Cas Cremers and Katriel Cohn-Gordon.
In a paper written by the tool’s creators prior to its arrival on GitHub, the reason for its creation are explained, the paper said: “In the past few years secure messaging has become mainstream, with over a billion active users of end-to-end encryption protocols through apps such as WhatsApp, Signal, Facebook Messenger, Google Allo, Wire and many more.”
“While these users’ two-party communications now enjoy very strong security guarantees, it turns out that many of these apps provide, without notifying the users, a weaker property for group messaging: an adversary who compromises a single group member can intercept communications indefinitely,” said the team.
Content from our partners
Gemalto banks on biometrics with contactless fingerprint card
Do your GDPR homework before spending money, says RSA’s Rashmi Knowles
UK locked and loaded for cyber warfare as GCHQ doubles weapons
Great tension has built between governments and organisation providing encrypted communication platforms in recent years, with a notable example being the denied request made by the FBI for Apple to allow access to devices relinquished from criminals. Another recent example came about when Theresa May called upon WhatsApp to provide the UK government with backdoor access so as to trace the activity of terrorists.
In conclusion, the team said: “While modern messaging applications can offer strong security guarantees, they typically only do this for two-party communications. If another person is added to the group, the effective security guarantees are decreased, without notifying the users of this security degradation… Our resulting Asynchronous Ratcheting Tree (ART) design combines the bandwidth benefits of group messaging with the strong security guarantees of modern point-to-point protocols.”
