Apple on Friday introduced contact key verification, a new capability meant to improve the security of its iMessage service.
To ensure the privacy of conversations, iMessage offers end-to-end encryption, so that only the sender and receiver can read a message, and relies on sets of encryption keys, where public keys are stored on a key directory service, while private keys rest on the device and never leave it.
Key directory services, like Apple’s identity directory service, represent a single point of failure, where a powerful adversary may be able to compromise the service to intercept or monitor encrypted messages.
To address the shortcoming, iMessage contact key verification, Apple explains, relies on key transparency, a mechanism that uses a verifiable log-backed map data structure to deliver cryptographic proofs of inclusion, ensuring user privacy and allowing audits.
“iMessage contact key verification advances the state of the art of key transparency deployments by having user devices themselves verify consistency proofs and ensure consistency of the KT system across all user devices for an account,” Apple says.
This mechanism, the tech giant notes, is meant to protect against both key directory and transparency service compromises, allowing changes to the log-backed map while making device keys immediately verifiable.
iMessage contact key verification, Apple explains, uses an account-level elliptic curve digital signature algorithm (ECDSA) signing key that is generated on the device, stored in iCloud keychain, and available to the user on their trusted devices only.
“Each device uses the synchronized account key to sign its iMessage public keys. The account keys and signatures are included in the IDS service database along with the existing data,” Apple notes.
When the user enables iMessage contact key verification, their devices verify that the key transparency map includes the data presented by the identity directory service, and notifies the user if a validation error occurs.
Users’ devices will periodically query the service for account information, verify the response against the key transparency mechanism, and flag inconsistencies.
“[The user’s] devices will additionally compare the KT data for identifiers, device records, and opt-in state against records stored in an end-to-end encrypted CloudKit container. This database is maintained by [the user’s] devices and is not readable or modifiable by Apple,” the tech giant explains.
Additionally, iMessage contact key verification allows users to perform manual contact verification code comparisons using the Vaudenay SAS protocol. Upon successful verification, the hash of the peer’s account key is saved to an end-to-end encrypted CloudKit container and linked to the peer’s card.
“Because the contact card is linked, all conversations with the peer’s identifiers — phone number and email address — are marked as verified. Group chats with peers that have been independently verified one-to-one are also automatically marked as verified,” Apple explains.
iMessage contact key verification is now available in the developer previews of iOS 17.2, macOS 14.2, and watchOS 10.2.