Direkt zum Inhalt springen

Technische Universität München

Security Analysis of Mobile Messaging Traffic with an Automated Test Framework

The research paper "Analyzing Locality of Mobile Messaging Traffic using the MATAdOR Framework", building on the Bachelor's thesis "Security Analysis of Mobile Messaging Traffic with an Automated Test Framework", analyzes and compares the communication paths of four well known mobile messaging applications in large scale by exchanging over 6000 mobile messages. During the measurements the senders and receivers of the mobile messages are distributed across 28 countries worldwide to present a global perspective. Different locations of the mobile phones are emulated by tunneling the complete network traffic through proxy nodes from PlanetLab. The GPS coordinates of the mobile phones are additionally changed to stay consistent with the proxy node location. The paths taken by messages are reproduced using forward path measurements and mapped to geolocations. These communication paths are analyzed and additionally compared to direct network paths between the countries to derive the influence of the mobile messaging applications. The direct network paths are made with additional direct forward path measurements between the used PlanetLab nodes. The mobile messaging applications used in this work are chosen based on a taxonomy depicting their popularity, security, service architecture and server locations. The taxonomy resulted in four applications: WhatsApp, WeChat, Threema and TextSecure.

The analysis of the message paths shows that architecture and infrastructure of applications have significant impact on users’ data locality. The selected applications all use a centralized architecture, located in a single country. The thesis shows that this architecture results in deviations from direct paths for more than two thirds of the communication paths. This has the implication that messages need to transition multiple additional countries, even if the parties are in the same location, which drastically reduces the users’ data security and communication privacy.

Framework

The MATAdOR framework is a transparent, extensible and automated test framework to conduct automated, large scale measurements with mobile applications. The framework allows to automatically send messages between mobile phones, intercept the network traffic of the mobile phones, tunnel the network traffic through remote proxy nodes and execute path measurements to reproduce message paths. It was used to create the given dataset and to analyze the communication behavior of mobile messaging applications.
All source codes are provided and the repository of the framework additionally contains example configurations for an own set up. The repository contains an additional README that describes the functionalities in detail.


Dataset

The collected data is released to allow future work to validate or further analyze the communication behavior of mobile messaging applications. The dataset contains the complete network traces of the mobile phones during the message exchanges for all country pairs. Further imaginable approaches to use the data could be certificate or protocol analyses of the mobile messaging applications. Furthermore, the dataset contains the output of all conducted path measurements and the results of all DNS requests from the phones as text files.
The dataset contains additional network traces from an empty measurement. During this empty measurement, no mobile messaging application is active. The results of this empty measurement show background processes and traffic from the mobile phones independent from the mobile messaging applications.
The network traffic from the mobile phones during the mobile messaging application installation is available as network traces as well to round off the dataset and the available information about the applications.

Screen records of the mobile phones during the message exchanges and coordinate changes are available in the first version of the dataset. They are made by the framework as a controlling mechanism to check whether the mobile phone controller works properly. The second version omits them and is therefore considerably smaller.

When using the data, please cite our paper [BibTeX]: 
@inproceedings{PAM16,
  Title                    = {{Analyzing Locality of Mobile Messaging Traffic using the MATAdOR Framework}},
  Author                   = {Quirin Scheitle and Matthias Wachs and Johannes Zirngibl and Georg Carle},
  Booktitle                = {Passive and Active Measurements Conference (PAM) 2016 },
  Year                     = {2016},
  Address                  = {Heraklion, Greece},
  Month                    = {March},
}
Dataset with screen records, [12 GB], Checksum, GPG signature with key
Dataset without screen records, [187 MB], Checksum, GPG signature with key
Additional table with DNS records for messengers (referenced in paper)

If you have any further questions feel free to contact us.

Johannes Zirngibl, Quirin Scheitle, Dr. Matthias Wachs




PGP Public Key

Download Public Key: Johannes Zirngibl
Fingerprint: 69CA CD56 7B6D D8DF F525 E7C7 0D05 28B3 ED88 5367

Feel free to encrypt any message you send to us.
Please remember to include your public key if you want us to encrypt follow up messages.


Background information

Bachelor's Thesis (Zirngibl)
Johannes Zirngibl
Security Analysis of Mobile Messaging Traffic with an Automated Test Framework
Technische Universität München
Chair of Network Architecture and Service
2015

Rechte Seite

Chair for Network Architectures and Services (I8)
TU München

Boltzmannstraße 3
85748 Garching

Tel.: +49 89 289 - 18032
Fax: +49 89 289 - 18033