encryption scheme employed by WhatsApp
Read the WhatsApp Encryption Overview whitepaper (https://www.whatsapp.com/security/ à in-depth technical explanation) and then use resources from the web to explain in plain language how WhatsApp ensures end-to-end encryption and user verification. Please include a List of references (cited in your report). Do include figures (your own – do not copy and paste). Specifically,
Max three pages
1. Prepare a report on the overall encryption scheme employed by WhatsApp
a. Does WhatsApp authenticate (verify) the user? What is two-factor authentication? (see http://www.makeuseof.com/tag/enable-two-step-verification-whatsapp/)
b. What is a IdentityKey pair? Where is it employed?
c. What type of security technology is used for distributing the user’s public key?
d. What protection does a(n) digital (electronic) signature provide? Does WhatsApp use digital signatures? What is a signed Prekey?
e. What is a one time key? How is it replenished? Why and when is it used?
f. What is Session Key? What is a Rootkey? What is a Chain key? What is a message key? How and when are these 3 types of session keys used by WhatsApp?
g. How and when are these keys used for session initiation, receiving a session setup and exchanging messages?
h. Why should the WhatsApp user protect her/his session key from being used by imposter? What strategies does WhatsApp use so that only the authorized user access her/his session keys?
i. How can a WhatsApp user know that the public key(s) of another user is(are) genuine?
2. Security is always a major concern, especially with the wireless network being implemented. What measures have been taken by WhatsApp to increase the level of security on the wireless network?
a. What type on encryption does WhatsApp employ to ensure message confidentiality in wireless devices? What protection does confidentiality provide? How many keys are used in the encryption methods used by WhatsApp? Are the keys employed by WhatsApp considered strong? How often are the different types of keys changed by the user’s device when using WhatsApp?
b. What scheme does WhatsApp employ for key management? Explain the architecture used for authentication and key management (with diagram and explanations).
