Following Edward Snowden’s revelations about government mass surveillance, end-to-end encryption is now widely available through services such as Facebook’s WhatsApp. The technique ensures that only sender and recipient can read a message. Dr. Jiangshan Yu at the University of Luxembourg has developed a solution to a longstanding problem in the field of end-to-end encryption: With current end-to-end encryption methods, if an attacker compromises a recipient’s device he can then intercept, read and alter all future communications without sender or recipient ever knowing. Dr. Yu’s solution, developed in collaboration with Prof. Mark Ryan (University of Birmingham) and Prof. Cas Cremers (University of Oxford), adds an extra layer of security, forcing attackers to leave evidence of any such activity and prompting users to take action.

The paper presenting the protocol, ‘DECIM: Detecting Endpoint Compromise in Messaging’, was published in the IEEE Transactions on Information Forensics and Security, a leading peer-reviewed journal in the field of computer security and cryptography. Dr. Yu, Research Associate at the University’s Interdisciplinary Centre for Security, Reliability and Trust (SnT), was motivated to undertake this research by the discovery of mass software vulnerabilities, such as the Heartbleed bug, that make the majority of devices vulnerable to compromise. “There are excellent end-to-end encryption services out there, but once a device has been compromised there’s little we can do. That’s the problem we wanted to solve,” he explained.


Current End-to-end encryption uses pairs of cryptographic ‘keys’, stored in the device, for the sender to encrypt and the recipient to decrypt messages; anyone wanting to read a user’s messages has to first hack into their phone to steal the latest keys. The attacker then performs a ‘Man-in-the-middle’ (MITM) attack, for example by taking control of the user’s WIFI router to intercept their messages, and uses the stolen keys to impersonate them.

Current encryption protocols such as Signal used by WhatsApp make the most of the fact that a MITM attacker can only intercept messages sent via the compromised network (in this case the WiFi). For example, as soon as you send a message via 3G rather than the compromised WiFi the attacker will no longer be able to act as an intermediary. They will lose track of the keys and be locked out of the conversation.


Dr. Yu’s DECIM solution addresses the question of what to do when the attacker is in a position to intercept all of a user’s messages on a long-term basis. Both Internet Service Providers and messaging service operators are in such a position – all messages pass through their servers. Unlike an attack via WiFi, if the attacker obtains a customer’s keys, he might never be locked out of a conversation, and the customer would never know.

With DECIM, the recipient’s device automatically certifies new key pairs, storing the certificates in a tamper-resistant public ledger. For example, to prepare for receiving a message, a recipient’s device (let’s call the recipient Robert) certifies an encryption key, and publishes the certificate in the ledger. To send a message, the sender’s device (let’s call the sender Sally) uses a cryptographic process to fetch and verify the certified encryption key from the ledger. She then uses it to send a message to Robert, whose device opens it with the corresponding decryption key.

If an attacker wants to impersonate Robert, he will need to put a forged key certificate in the ledger, persuading Sally’s device to use a fake encryption key. However, the DECIM ledger supports automatic cryptographic proof generation and verification to ensure that the log cannot be tampered with. So, if Robert’s device detects forged certificates, it is sure evidence of an attacker impersonating him. The log also records device activity, so if Robert sees a record for a device that he hasn’t used recently it is again evidence of an attack.

Dr. Yu and his collaborators undertook a formal security analysis (the so-called ‘Tamarin prover’), which tests against all possible attacks, verifying DECIM’s capabilities. This is a rare step for a messaging protocol, and the same analysis for other protocols revealed several security flaws. “There’s no silver bullet in the field of end-to-end encryption”, says Dr. Yu, a member of SnT’s Critical and Extreme Security and Dependability Research Group (CritiX), “but we hope that our contribution can add an extra layer of security and help to level the playing field between users and attackers.”

Photo: © University of Luxembourg

Read more

Luxembourg has 3rd largest share of ICT specialists in the EU


Over the past decade, the number of ICT specialists in the EU has increased by over 50%. Luxembourg is one of the countries with the highest proportion of ICT specialists in its workforce.
Read more

New cyber policy Chair at the University of Luxembourg


Together with the Directorate of Defence of the Luxembourg Ministry of Foreign and European Affairs, the University of Luxembourg will establish a Chair in cyber policy. The Chair, which reflects the importance given to digitalisation and cybersecurity in Luxembourg, is established for a period of five years beginning in September 2022.
Read more

Passbolt, the Luxembourg cybersecurity start-up that is making the news abroad


Based at Technoport, Passbolt was voted best European startup in April by the European Cyber Security Organisation (ECSO). This award comes on top of two others received by the cybersecurity start-up the same month.
Read more

Enhancing satellite communications applications with Luxembourg supercomputer


Luxembourg headquartered satellite communications giant SES and the University of Luxembourg have benefitted from the supercomputer MeluXina to carry out tests to effectively optimise satellite performance and allocate spectrum for broadband satellite communications systems.
Read more

“Making supercomputing accessible to all companies”


Luxembourg’s supercomputer MeluXina is among the 40 most powerful systems in the world. It is also unique in its strong focus on value to businesses. We spoke to Senior Solution Engineer Luis Vela at LuxProvide about solutions and services available for clients that want to harness the full power of data.
Read more

All news