awesome-secure-messaging/README.md

82 lines
4.7 KiB
Markdown
Raw Normal View History

2018-11-29 05:10:22 +00:00
# Awesome Secure Messaging
2018-11-29 03:49:57 +00:00
*A curated collection of links for secure messaging. Part of the ["Awesome X" series](https://github.com/sindresorhus/awesome).*
2018-11-29 05:10:22 +00:00
The list is periodically updated with new links. Click "Watch" in the right top corner to follow.
Your [contributions](contributing.md) are welcomed.
2018-11-29 03:49:57 +00:00
## Table of Contents
- [Fundamentals](#fundamentals)
- [Messaging](#messaging)
- [Anonymity](#anonymity)
- [Censorship Resistance](#censorship-resistance)
2018-12-03 04:17:28 +00:00
- [Coercion Resistance](#coercion-resistance)
- [Attacks](#attack)
2018-11-29 04:32:35 +00:00
- [Applications](#applications)
2018-11-29 03:49:57 +00:00
## Fundamentals
- [SoK: Secure Messaging](http://cacr.uwaterloo.ca/techreports/2015/cacr2015-02.pdf) - evaluation of current secure messaging solutions based on security, usability and adoption
2018-12-03 04:14:37 +00:00
- [Viewing Privacy as a Security Property](http://www0.cs.ucl.ac.uk/staff/G.Danezis/talks/privacy-as-security.pdf) - presentation by George Danezis that tells the story of privacy as security, informational self-determination
## Messaging
- [Double Ratchet](https://signal.org/docs/specifications/doubleratchet/) - two-party protocol to exchange encrypted messages based on shared key
2018-11-29 05:27:38 +00:00
- [Bramble Transport Protocol](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BTP.md) - transport layer security protocol for delay-tolerant networks, provides secure channel between two endpoints
- [Bramble Synchronisation Protocol](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BSP.md) - data synchronisation protocol for delay-tolerant networks
## Trust establishment
- [X3DH](https://signal.org/docs/specifications/x3dh/) - two-party asynchronous key agreement protocol
2018-11-29 05:27:38 +00:00
- [Bramble QR Code Protocol](https://code.briarproject.org/briar/briar-spec/blob/master/protocols/BQP.md) - in-person key agreement protocol to establish a shared secret
## Anonymity
- [The Differences Between Onion Routing and Mix Networks](https://crypto.is/blog/mix_and_onion_networks) - brief comparison
- [Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency—Choose Two](https://eprint.iacr.org/2017/954.pdf) - on fundamental tradeoff for anonymous communication protocols
2018-11-29 04:32:35 +00:00
- [Selected Papers in Anonymity](https://www.freehaven.net/anonbib/) - meta-list of selected papers in anonymity since 1977
2018-11-29 04:32:35 +00:00
2018-11-29 09:52:58 +00:00
- [Sphinx: A Compact and Provably Secure Mix Format](http://www.cypherpunks.ca/~iang/pubs/Sphinx_Oakland09.pdf) - paper on secure and compact message format for mix networks
- [Sphinx Mix Network Cryptographic Packet Format Specification](https://katzenpost.mixnetworks.org/docs/specs/sphinx.html) - specification for Sphinx mix network packet format
2018-12-03 03:00:32 +00:00
- [Introducing Anonymous Communications slides](http://www0.cs.ucl.ac.uk/staff/G.Danezis/talks/AnonTalk.pdf) - notes by George Danezis on properties, threat models, systems & attacks
2018-12-03 03:22:48 +00:00
- [Anonymous Communications slides at CCC](https://events.ccc.de/congress/2004/fahrplan/files/355-anonymous-communication-slides.pdf) - another overview of anonymous communication systems by George Danezis
2018-12-03 04:41:36 +00:00
- [What is a Remailer?](https://crypto.is/blog/what_is_a_remailer) - anonyomus remailers tutorial building up from basics
## Censorship Resistance
- [Pluggable Transport](https://www.pluggabletransports.info/) - specification initiative to allow applications being used as transports to make network traffic harder to distinguish and block, origins in Tor
- [Selected Research Papers in Internet Censorship](https://censorbib.nymity.ch/) - meta-list of papers on censorship and resistance thereof
2018-12-03 03:22:48 +00:00
## Cocercion Resistance
- [Coercion-Resistance and Receipt-Freeness in Electronic Voting](http://people.irisa.fr/Stephanie.Delaune/PUBLICATIONS/DKR-csfw06.pdf) - academic paper that outlines ways to provide coercion-resistance for electronic voting
- [Coercion-Resistant Electronic Elections](https://eprint.iacr.org/2002/165.pdf) - paper on coercion resistance and trusted setup requirement
- [On-Chain Vote Buying and the Rise of Dark DAOs](http://hackingdistributed.com/2018/07/02/on-chain-vote-buying/) - on problems of user generated keys and electronic voting
2018-12-03 04:17:28 +00:00
## Attacks
- [The Sybil Attack](https://www.freehaven.net/anonbib/cache/sybil.pdf) - attack on p2p systems from cheap identity generation, requiring some form of logically centralized authority
2018-12-03 04:27:34 +00:00
- [Tagging Attacks](https://crypto.is/blog/tagging_attacks) - adversary recognizing traffic by modfiying it in acceptable fashion
2018-11-29 04:32:35 +00:00
## Applications
- [Briar](https://briarproject.org/) - messaging app employing several censorship-resitance techniques, like direct device-to-device comms (bluetooth, wifi), Tor routing
2018-11-29 05:30:51 +00:00
- [Signal](https://signal.org/) - widely used security-based messaging app with intermediate server and phone based registration, includes voice calls