Category Archives: talaria

Keeping it private – part 2


So in the last post we described the setup of the app and how it starts off on its journey to build a private channel.  To quickly recap, the phone now has a public/private keypair, a secret key that you’ve exchanged with the system and the system has got your public key and knows it’s from you, which gets stored in our directory ready to give it to anybody else who asks.

The next step is to build a private, encrypted channel between you and your friend.  The first step is to get their public key, so the app asks us, what the registered public key is for your friend[1].  We give that to you using the private channel between you and the system and we sign that response, so you know the public key comes from us not to mention coming back over our shared secret channel[2].

You then generate a channel name (a friendly name, usually the persons name), channel id and a new secret key, the app bundles this up in much the same way as it did when it started to talk to the server.  The bundle of data, including your public key is encrypted using your newly generated secret key and then your secret key gets encrypted with your friends public key.  You also sign this entire packet.  The phone then sends that to us.  We do a few things to just double check that this message is from you.  Firstly it has to come over our shared secret channel which we know is from you and secondly the digital signature on the channel message (which we’ll forward on) has to be signed by you[3]. If that’s ok, we send it on to your friend.

When your friend gets your message, the first thing they do, is get your public key from the server.  They then check the signature on the negotiation message to make sure that it really has come from you.  If it isn’t, the throw it away.  They then decrypt the first part of the message using their private key.  In this part is the secret key that you are going to use to chat with each other.  They then send an acknowledgement message to you, encrypting that message with their secret key, signing it with their private key[4] accepting the channel.

So what have you got now?  You have now exchanged a secret key with your friend that we the system haven’t seen, in a way that makes your sure that you’ve exchanged that key with who we say it is.  You can now chat away, with us forwarding your messages knowing that nobody in the middle can read your messages or impersonate your friend.

We’ll start to explore how the app detects if we’re messing with the public keys that we’re publishing, in the next post, when Mars attacks.

[1] This is to ensure that you don’t get sent a different public key in the message at face value asserting to be from a specific phone.

[2] Some might wonder what the point of signing the message is if it’s coming from the server over our shared secret channel which we’ve already authenticated.  This is a practical measure for security.  Secret keys must be available to the server processes to wrap and bundle our messages and anything we forward to you from others.  That means if a front line server is compromised somebody could start to impersonate us on that server fairly easily.  Our private key on the other hand is kept well away from the front line machines in a processes not on the same network directly connected to the servers terminating chat connections.  If we can afford it, we’ll use a hardware security module.

[3] This proves that someone hasn’t just managed to obtain your secret key (say from us) and that you have access to your private key still, the other half that we’ve authenticated and hold.

[4] Lastly, to close the loop on the protocol, the far end signs the acknowledgement.  Now notionally this isn’t actually necessary as you’ve encrypted your secret key with their public key so if they’ve decrypted it (and sent you a message back) you can assert they’ve got their private key.  That’s all well and good for single user channels but that isn’t so easy when you want to have multi-person chats with a group of friends.

Additionally: Private key operations are expensive, they take lots of processing power and that in turn eats battery life.  We use them for critical parts of the protocol but not everything all the time.


Keeping it private – part 1


In the first of the series about explaining how Talaria keeps your chat private I wanted to give a very  quick overview about how it works.  It’s fairly technical in detail but if you want to understand any of the building blocks in more detail, leave questions in the comments.  We’ll start with the overview and post the actual messages from the system once we’ve done the high level stuff.

Talaria keeps your messages private by first creating a public/private key pair.  The public half of this, you’re going to give to us, so we can give it to your friends when they want to start a private channel with you.  After you’ve created the key pair you’ll create another key, a secret key, you’re going to share this key with us.  This is used to protect messages sent between you and us the chat server.

You give us a bundle of information, your phone number, your public key and the secret key you generate.  Using our public key (which comes with the app when you download it) you bundle all of this up, number, public key, secret key, id and send it to us.  We now have your public key, a secret key to talk to you with and your phone number.  The next step is important.  We don’t just publish to the world that your public key corrosponds to that phone number.  Next we generate two numbers, encrypt them using your secret key and then send them back to you via text message.  The application then decrypts this text message, takes out the two numbers, adds them together and sends them back to us over the internet.  We verify that response and if we’re happy we record your public key as being linked to that phone number (a phone number that your friends already have in their address book on their phones).

So what’ve we got now? Well, you’ve got a public/private key pair, we’ve got a shared secret key and we have a strongly authenticated binding of your phone number with your public key.  Which is all well and good, now we can exchange messages that nobody can read or impersonate.

A quick note about using SMS.  Some of you will be thinking that SMS is the sort of thing that can be manipulated by unscrupulous actors and that someone who has access to the telecoms infrastructure could impersonate you and receive the verifier and do this whole process pretending to be you.  This is true, the first time, but we’ve got some faith in human nature here and critically we have a number of ways to enable this to be detected, in that people quickly work out that they’re in fact not talking to the person they think they are. We’ll discuss is some detail the possible scenarios how we enable people to detect compromises in the system. Once you’re set up on the system of course any change to the public key that’s been published is detected by both parties.  As part of the startup process the app asks the system, what public key is it publishing for itself and checks to see if those are the same.  It’s also double checked during the login phase which we’ll describe later.  We do also support ‘usernames’ but what happens if you lose your key?  If you don’t back it up somehow or otherwise protect it?  We’ve come up with a way to back up keys on paper or use Mifare cards for those with NFC readers on their phones but that starts to get a bit user un-friendly and we expect the majority of people won’t make good use of that.

Still no private chat channel though?  We’ll cover that in the next post.

What’s it going to look like?

Hey there,

So as some if you have been asking, what it’s going to look like to get an idea of how it’s going to work we thought we’d share some screenshots.  It’s going to be easy to use and work in the way that applications are built for that device.  Once you download it, you’ll immediately know how to use it.  Expect the Windows Phone 8 version to be very different to this one but still guaranteeing the same level of privacy and security.

You can also get an idea of some of the features it has, multi user messaging, blocking, address book integration as well giving those who are interested, control of the inner workings.  If someone isn’t using Talaria, we’ll let you either invite them or give them a discounted version as a gift.

Active channels
Active channels

This shows your active chat  channels, who’s online (if they want to share that) and notifications of pending messages.

Simple chat screen, that you already recognise
Simple chat screen

This is the simple chat screen, we’re still deciding what this is going to look like and we’d like to give people more information about the chat, chat parties etc, sending files.  We’re also working on a one touch scheme to leave a voice message for someone.  Sometimes we find that tone gets lost in simple text messages and you just want to drop them a quick few words in your own voice.  Ever been having a really heated argument and said something you regret?  We’ve come up with a “Time-out” button that stops you (and them) from exchanging messages for 5 minutes.  There are lots of things about Talaria that are going to make you want to use it.

Address Book
Address Book

Your phone’s address book, allows you to easily find people you want to chat to and get them on board with Talaria.

App Settings
App Settings

A key feature of Talaria is to keep you in control.  We expect that many people will just use it to chat and not be too bothered about these.  One of the things that we do like is the idea that messages roll off.  We don’t store messages on the server once we’ve sent them to you and from a privacy perspective, it’s better that after a period of time the messages get deleted.  We find that when we want to refer to previous messages, it’s for getting timings, telephone numbers, places to meet, addresses and so on which is why as well as auto roll off of messages we have an encrypted message clipboard.  Just double tap the message in chat and it’s auto added to a clipboard we keep for you, that way things of importance are always, easily to hand, and you don’t need to go scrolling through hundreds of messages just to find that one email address or telephone number.  Of course if you want to just keep everything, you can turn the feature off.

Also in here, you’ll find things about the encryption keys, again, we expect most people won’t be fussed about this, but it’s all there for you to be able to check, rotate and purge.  This is also the jumping off point for security folks who want to make sure we’re doing what we should be.