Encrypted Messaging, Secure by Design – RedPhone and TextSecure for iOS

René Pfeiffer/ February 2, 2015/ Communication, Security

Encrypted communication is periodically in the news. A few weeks ago politicians asked companies and individuals all over the world to break the design of all secure communication. Demanding less security in an age where digital threats are increasing is a tremendously bad idea. Cryptographic algorithms are a basic component of information security. Encryption is used to protect data while being transported or stored on devices. Strong authentication is a part of this as well. If you don’t know who or what talks to you, then you are easy prey for frauds.

Should you be interested in ways to improve the security of your messaging and phone calls, we recommend watching the presentation of Dr. Christine Corbett Moran. She is the lead developer of the iOS team at Open WhisperSystems. She talks about bringing the TextSecure and RedPhone applications to the iOS platform. RedPhone can be used for encrypted voice calls. It uses ZRTP for the voice channel, and it displays a shared phrase to identify the integrity of the connection (communication partners can read the phrase to avoid falling victim to manipulation). Calls can be made between two RedPhone applications or to the Signal application on iOS. TextSecure can be used to send and receive SMS, MMS, and instant messages. It uses Curve25519, AES-256, and HMAC-SHA256 as primitives, and it has been audited by a researcher team from the Ruhr University Bochum.

The presentation held at DeepSec 2014 will tell you how these applications work, and what the current state of porting the code to iOS looks like (both apps are readily available for the Android platform for years now). In addition you get an inside view on the challenges and rewards of managing an active repository for open source iOS development. We strongly recommend watching the recording. You probably rely on secure communication more than you can imagine.