Corelab Seminar

Konstantinos Andrikopoulos
OTR protocol

Off-The-Record Messaging (OTR) is a protocol that uses existing IM protocols in order to mimic real-life face-to-face conversations. To do that it provides:
-Secrecy, no one can read the contents of the messages.
-Authentication, the two parties are assured that they actually talk to the person they think they talk (or more precisely anyone who has control of the corresponding private key).
-Perfect Forward Secrecy, in the event of a private key compromise by an attacker, he can not read any old messages.
-Deniability, after the conversation has ended anyone can pose as as any of the two correspondents. That is, anyone can forge a message and make it look like it was sent by the conversing parties. During the conversation however this is impossible.
Various implementations of the protocol exist, plugins like pidgin-otr add OTR functionality to clients. Also many IM clients like adium support it natively.
The details of the protocol will be presented(AKE, ephimeral key generation using Diffie-Hellman, Signing Key reveal), as well as the Socialist Millionaires Protocol (SMP) that OTR uses in order to (re)authenticate two users by a shared secret.