Signal (software)

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Signal
Signal Blue Icon.png
Developer(s) Open Whisper Systems
Initial release July 2014 (2014-07)[1]
Stable release iOS 2.0.1 (March 12, 2015; 6 days ago (2015-03-12)) [±]
Development status Active
Written in C, Objective-C, C++
Operating system iOS
Size 12.9 MB
Type Encrypted voice calling and instant messaging
License GPLv3[2]
Website whispersystems.org

Signal is a free and open-source encrypted voice calling and instant messaging application for iOS. Signal communications are compatible with RedPhone and TextSecure on Android. It uses end-to-end encryption with forward secrecy and deniable authentication to secure all communications to RedPhone, TextSecure, and other Signal users.

Signal is developed by Open Whisper Systems and published under the GPLv3 license.

History[edit]

Whisper Systems and Twitter (2010–2011)[edit]

Signal is the iOS counterpart of RedPhone and TextSecure. The beta versions of RedPhone and TextSecure were first launched in May 2010 by Whisper Systems,[3] a startup company co-founded by security researcher Moxie Marlinspike and roboticist Stuart Anderson.[4][5] Whisper Systems also produced a firewall and tools for encrypting other forms of data.[4][6] All of these were proprietary enterprise mobile security software and were only available for Android.

In November 2011, Whisper Systems announced that it had been acquired by Twitter. The financial terms of the deal were not disclosed by either company.[7] Shortly after the acquisition, Whisper Systems' RedPhone service was made unavailable.[8] Some criticized the removal, arguing that the software was "specifically targeted [to help] people under repressive regimes" and that it left people like the Egyptians in "a dangerous position" during the events of the 2011 Egyptian revolution.[9]

Twitter released TextSecure as free and open-source software under the GPLv3 license in December 2011.[4][10][11][12] RedPhone was also released under the same license in July 2012.[13] These were subsequently adopted by the user community and the collaborative open source project for their continued development later named itself Open Whisper Systems.[14]

Open Whisper Systems (2013–present)[edit]

Open Whisper Systems' website was launched in January 2013.[14]

Toward the end of July 2014, Open Whisper Systems announced plans to unify its RedPhone and TextSecure applications as Signal.[15]

Signal was first launched in July 2014 as the RedPhone counterpart for iOS. The developers said that their next steps would be to provide TextSecure instant messaging capabilities for iOS, unify the RedPhone and TextSecure applications on Android, and launch a web client.[15] It was the first iOS app to enable easy, strongly encrypted voice calls for free.[1][16]

Open Whisper Systems released Signal 2.0 with support for TextSecure private messaging in March 2015.[17][18]

Reception[edit]

In October 2014, the Electronic Frontier Foundation (EFF) included Signal in their updated surveillance self-defense guide.[19] In November 2014, "Signal / RedPhone" received a top score on the EFF's secure messaging scorecard, along with "ChatSecure + Orbot", Cryptocat, TextSecure, Silent Phone, and Silent Text.[20]

On December 28, 2014, Der Spiegel published slides from an internal NSA presentation dating to June 2012 in which the NSA deemed RedPhone on its own as a "major threat" to its mission, and when used in conjunction with other privacy tools such as Cspace, Tor, Tails, and TrueCrypt was ranked as "catastrophic," leading to a "near-total loss/lack of insight to target communications, presence..."[21][22]

In March 2015, Signal received endorsements from Edward Snowden and Barton Gellman.[23]

Features[edit]

Signal allows users to call other Signal users and RedPhone users on Android. All calls are made over a Wi-Fi or data connection and are free of charge, including long distance and international.[16] Signal also allows users to send group, text, picture, and video messages over a Wi-Fi or data connection to other Signal users and to TextSecure users on Android.

All communications to other Signal, RedPhone and TextSecure users are automatically end-to-end encrypted. The keys that are used to encrypt the user's communications are generated and stored at the endpoints (i.e. by users, not by servers). All three apps implement forward secrecy.[20][24]

Signal, RedPhone and TextSecure have built-in mechanisms for verifying that no man-in-the-middle attack has occurred. For calls, Signal and RedPhone display two words on the screen. If the words match on both ends of the call, the call is secure.[16][25] For messages, Signal and TextSecure users can verify key fingerprints out-of-band.

Architecture[edit]

Protocol[edit]

Further information: TextSecure § Protocol

Signal voice calls are encrypted with ZRTP (the VoIP encryption protocol developed by Phil Zimmermann) and AES 128.[1]

Signal instant messages are encrypted with the TextSecure protocol developed by Open Whisper Systems.[17] They took the Off-the-Record Messaging (OTR) protocol and made some improvements to the deniability and forward secrecy aspects, and added a mechanism to allow the ephemeral key negotiation to work asynchronously.[26][27][28]

Servers[edit]

Further information: TextSecure § Servers

Signal calls are routed through Open Whisper Systems' servers. Open Whisper Systems has set up dozens of servers to handle the encrypted calls in more than 10 countries around the world to minimize latency.[1] According to the developers, Signal does not leave metadata about who called who and when because the servers do not keep call logs.[24]

All client-server communications are protected by TLS.[29][30] Messages are handled by a REST API and push messaging (both GCM and APN).[31]

Licensing[edit]

The complete source code of Signal is available on GitHub under a free software license. This enables interested parties to examine the code and help the developers verify that everything is behaving as expected. It also allows advanced users to compile their own copy of the application and compare it with the version that is distributed by Open Whisper Systems.[2]

Developers[edit]

Main article: Open Whisper Systems

Signal is developed by Open Whisper Systems, a nonprofit software group[12] that develops collaborative open source projects with a mission to "make private communication simple".[32] The group was established in 2013 and consists of "a large community of open source contributors, as well as a small team of dedicated developers".[32] The group is funded by a combination of donations and grants, and all of its products are licensed under free software licenses.

The project has received financial support from, among others, the Freedom of the Press Foundation,[33] the Knight Foundation,[34] the Shuttleworth Foundation,[35] and the Open Technology Fund,[36] a U.S. government program that has also funded other privacy projects like the anonymity software Tor and the encrypted instant messaging website Cryptocat.

See also[edit]

Portal icon Freedom of speech portal
Portal icon Free software portal
Portal icon Cryptography portal
Portal icon Telecommunications portal


References[edit]

  1. ^ a b c d Andy Greenberg (29 July 2014). "Your iPhone Can Finally Make Free, Encrypted Calls". Wired. Retrieved 18 January 2015. 
  2. ^ a b Open Whisper Systems. "Signal-iOS". GitHub. Retrieved 14 January 2015. 
  3. ^ "Announcing the public beta". Whisper Systems. 25 May 2010. Archived from the original on 30 May 2010. Retrieved 22 January 2015. 
  4. ^ a b c Garling, Caleb (2011-12-20). "Twitter Open Sources Its Android Moxie | Wired Enterprise". Wired. Retrieved 2011-12-21. 
  5. ^ "Company Overview of Whisper Systems Inc.". Bloomberg Businessweek. Retrieved 2014-03-04. 
  6. ^ Andy Greenberg (2010-05-25). "Android App Aims to Allow Wiretap-Proof Cell Phone Calls". Forbes. Retrieved 2014-02-28. 
  7. ^ Tom Cheredar (November 28, 2011). "Twitter acquires Android security startup Whisper Systems". VentureBeat. Retrieved 2011-12-21. 
  8. ^ Andy Greenberg (2011-11-28). "Twitter Acquires Moxie Marlinspike's Encryption Startup Whisper Systems". Forbes. Retrieved 2011-12-21. 
  9. ^ Garling, Caleb (2011-11-28). "Twitter Buys Some Middle East Moxie | Wired Enterprise". Wired. Retrieved 2011-12-21. 
  10. ^ Chris Aniszczyk (20 December 2011). "The Whispers Are True". The Twitter Developer Blog. Twitter. Archived from the original on 24 October 2014. Retrieved 22 January 2015. 
  11. ^ "TextSecure is now Open Source!". Whisper Systems. 20 December 2011. Archived from the original on 6 January 2012. Retrieved 22 January 2015. 
  12. ^ a b Pete Pachal (2011-12-20). "Twitter Takes TextSecure, Texting App for Dissidents, Open Source". Mashable. Retrieved 2014-03-01. 
  13. ^ "RedPhone is now Open Source!". Whisper Systems. 18 July 2012. Archived from the original on 31 July 2012. Retrieved 22 January 2015. 
  14. ^ a b "A New Home". Open Whisper Systems. 2013-01-21. Retrieved 2014-03-01. 
  15. ^ a b Michael Mimoso (29 July 2014). "New Signal App Brings Encrypted Calling to iPhone". Threatpost. 
  16. ^ a b c Jon Evans (29 July 2014). "Talk Private To Me: Free, Worldwide, Encrypted Voice Calls With Signal For iPhone". TechCrunch. AOL. 
  17. ^ a b Micah Lee (2015-03-02). "You Should Really Consider Installing Signal, an Encrypted Messaging App for iPhone". The Intercept. Retrieved 2015-03-03. 
  18. ^ Megan Geuss (2015-03-03). "Now you can easily send (free!) encrypted messages between Android, iOS". Ars Technica. Retrieved 2015-03-03. 
  19. ^ "Surveillance Self-Defense. Communicating with Others". Electronic Frontier Foundation. 2014-10-23. 
  20. ^ a b "Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?". Electronic Frontier Foundation. 2014-11-04. 
  21. ^ SPIEGEL Staff (28 December 2014). "Prying Eyes: Inside the NSA's War on Internet Security". Der Spiegel. Retrieved 23 January 2015. 
  22. ^ "Presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can be attacked and which not" (PDF). Der Spiegel. 28 December 2014. Retrieved 23 January 2015. 
  23. ^ http://www.dailydot.com/politics/edward-snowden-signal-encryption-privacy-messaging/?tw=dd
  24. ^ a b Brandom, Russell (29 July 2014). "Signal brings painless encrypted calling to iOS". The Verge. Retrieved 26 January 2015. 
  25. ^ "Exactly how does Zfone and ZRTP protect against a man-in-the-middle (MiTM) attack?". The Zfone Project. Retrieved 25 January 2015. 
  26. ^ DJ Pangburn (3 March 2014). "TextSecure Is the Easiest Encryption App To Use (So Far)". Motherboard. Retrieved 14 March 2014. 
  27. ^ Moxie Marlinspike (22 August 2013). "Forward Secrecy for Asynchronous Messages". Open Whisper Systems. Retrieved 2014-03-01. 
  28. ^ Open Whisper Systems. "ProtocolV2". GitHub. Retrieved 21 January 2015. 
  29. ^ Frosch, Tilman; Mainka, Christian; Bader, Christoph; Bergsma, Florian; Schwenk, Jörg; Holz, Thorsten. "How Secure is TextSecure?" (PDF). Horst Görtz Institute for IT Security, Ruhr University Bochum. Retrieved 4 November 2014. 
  30. ^ https://github.com/WhisperSystems/RedPhone/wiki/Encryption-Protocols
  31. ^ Open Whisper Systems. "TextSecure-Server". GitHub. Retrieved 2 March 2014. 
  32. ^ a b Open Whisper Systems. "About us". Retrieved 2015-01-18. 
  33. ^ "Open Whisper Systems". Freedom of the Press Foundation. Retrieved 18 January 2015. 
  34. ^ "TextSecure". Knight Foundation. Retrieved 5 January 2015. 
  35. ^ "Moxie Marlinspike". Shuttleworth Foundation. Retrieved 14 January 2015. 
  36. ^ "Projects". Open Technology Fund. Retrieved 14 January 2015. 

External links[edit]

Wikimedia Commons has media related to Open Whisper Systems.
Email clients
Secure Messaging
Disk encryption
(Comparison)
Anonymity
Cryptographic file systems
Educational
Related topics
Protocols
(comparison)
Open
Closed
Services
Clients
(comparison)
Single protocol
Multi-protocol
See also
Retrieved from "http://en.wikipedia.org/w/index.php?title=Signal_(software)&oldid=651955854"