cwtch.im
/
secure-development-handbook
3
0
Fork 1
Code Issues 1 Pull Requests Releases Wiki Activity

Notes on IME

This commit is contained in:
Sarah Jamie Lewis 2021-06-08 11:32:57 -07:00
parent 364d934442
commit 8911be6331
5 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/SUMMARY.md
View File

@ -13,7 +13,9 @@
- [Profile Encryption & Storage](./profile_encryption_and_storage.md)
- [Android Service](./android.md)
- [Message Overlays](./overlays.md)
- [Input](./input.md)
- [Cwtch Servers](./server.md)
- [Key Bundles](./key_bundles.md)
- [Development](./development.md)
- [Deployment](./deployment.md)
- [References](./references.md)

22
src/input.md Normal file
View File

@ -0,0 +1,22 @@
# Input
## Risk: Interception of Cwtch content or metadata through an IME on Mobile Devices
**Status: Unmitigated**
Any component that has the potential to intercept data between a person, and the Cwtch app is a
potential security risk.
One of the most likely interceptors is a 3rd party IME (Input Method Editor) commonly used
by people to generate characters not natively supported by their device.
Even benign and stock IME apps may unintentionally leak information about the contents of a persons message e.g.
through cloud synchronization, cloud translation or personal dictionaries.
Ultimately, this problem cannot be solved by Cwtch alone, and is a wider risk impacting the entire mobile
ecosystem.
A similar risk exists on desktop through the use of similar input applications (in addition to software keyloggers),
however we consider that fully outside the scope of Cwtch risk assessment (in line with other attacks on the security of the underlying
operating system itself).

1
src/key_bundles.md Normal file
View File

@ -0,0 +1 @@
# Key Bundles

23
src/overlays.md
View File

@ -43,7 +43,28 @@ Another problem is that multiplexing all these overlays into one data store crea
None of these problems are insurmountable, but they demonstrate a flaw in our initial assumptions about the nature of collaborative message flows and how we should be handling that data.
## Invitations
# Overlay Types
As stated above, overlays are specified in a very simple JSON format with the following structure:
type ChatMessage struct {
O int `json:"o"`
D string `json:"d"`
}
Where O stands for `Overlay` with the current supported overlays documented below:
1: data is a chat string
2: data is a list state/delta
3: data is a bulletin state/delta
100: contact suggestion; data is a peer onion address
101: contact suggestion; data is a group invite string
## Chat Messages (Overlay 1)
The most simple over is a chat message which simply contains raw, unprocessed chat message information.
## Invitations (Overlays 100 and 101)
Instead of receiving the invite as an incoming contact request at the profile level, new inline invites are shared with a particular contact/group, where they can be viewed and/or accepted later, even if they were initially rejected (potentially by accident).

2
src/references.md
View File

@ -18,6 +18,8 @@
* Lewis, Sarah Jamie. "Cwtch: Privacy Preserving Infrastructure for Asynchronous, Decentralized, Multi-Party and Metadata Resistant Applications." (2018).
* Kalysch, A., Bove, D. and Müller, T., 2018, November. How Android's UI Security is Undermined by Accessibility. In Proceedings of the 2nd Reversing and Offensive-oriented Trends Symposium (pp. 1-10).
* Renaud, K., Volkamer, M. and Renkema-Padmos, A., 2014, July. Why doesnt Jane protect her privacy?. In International Symposium on Privacy Enhancing Technologies Symposium (pp. 244-262). Springer, Cham.
* Rottermanner, C., Kieseberg, P., Huber, M., Schmiedecker, M. and Schrittwieser, S., 2015, December. Privacy and data protection in smartphone messengers. In Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services (pp. 1-10).