Security Analysis of Mobile Messaging Traffic with an Automated Test Framework
The research paper "Analyzing Locality of Mobile Messaging Traffic using the MATAdOR Framework", building on the
Bachelor's thesis "Security Analysis of Mobile Messaging
Traffic with an Automated Test Framework", analyzes and compares the
communication paths of four well known mobile messaging applications in large
scale by exchanging over 6000 mobile messages. During the measurements the
senders and receivers of the mobile messages are distributed across 28 countries
worldwide to present a global perspective. Different locations of the mobile
phones are emulated by tunneling the complete network traffic through proxy
nodes from PlanetLab. The GPS coordinates of the mobile phones are additionally
changed to stay consistent with the proxy node location. The paths taken by
messages are reproduced using forward path measurements and mapped to
geolocations. These communication paths are analyzed and additionally compared
to direct network paths between the countries to derive the influence of the
mobile messaging applications. The direct network paths are made with additional
direct forward path measurements between the used PlanetLab nodes. The mobile
messaging applications used in this work are chosen based on a taxonomy
depicting their popularity, security, service architecture and server locations.
The taxonomy resulted in four applications: WhatsApp, WeChat, Threema and
TextSecure.
The analysis of the message paths shows that architecture
and infrastructure of applications have significant impact on users’ data
locality. The selected applications all use a centralized architecture, located
in a single country. The thesis shows that this architecture results in
deviations from direct paths for more than two thirds of the communication
paths. This has the implication that messages need to transition multiple
additional countries, even if the parties are in the same location, which
drastically reduces the users’ data security and communication privacy.
Framework
The MATAdOR
framework is a transparent, extensible and automated test framework to
conduct automated, large scale measurements with mobile applications. The
framework allows to automatically send messages between mobile phones, intercept
the network traffic of the mobile phones, tunnel the network traffic through
remote proxy nodes and execute path measurements to reproduce message paths. It
was used to create the given dataset and to analyze the communication behavior
of mobile messaging applications.
All source codes are provided and the
repository of the framework additionally contains example configurations for an
own set up. The repository contains an additional README that describes the
functionalities in detail.
Dataset
The collected data is released to allow future work to
validate or further analyze the communication behavior of mobile messaging
applications. The dataset contains the complete network traces of the mobile
phones during the message exchanges for all country pairs. Further imaginable
approaches to use the data could be certificate or protocol analyses of the
mobile messaging applications. Furthermore, the dataset contains the output of
all conducted path measurements and the results of all DNS requests from the
phones as text files.
The dataset contains additional network traces from an
empty measurement. During this empty measurement, no mobile messaging
application is active. The results of this empty measurement show background
processes and traffic from the mobile phones independent from the mobile
messaging applications.
The network traffic from the mobile phones during
the mobile messaging application installation is available as network traces as
well to round off the dataset and the available information about the
applications.
Screen records of the mobile phones during the message
exchanges and coordinate changes are available in the first version of the
dataset. They are made by the framework as a controlling mechanism to check
whether the mobile phone controller works properly. The second version omits
them and is therefore considerably smaller.
Dataset with screen records, [12 GB], Checksum, GPG signature with key@inproceedings{PAM16, Title = {{Analyzing Locality of Mobile Messaging Traffic using the MATAdOR Framework}}, Author = {Quirin Scheitle and Matthias Wachs and Johannes Zirngibl and Georg Carle}, Booktitle = {Passive and Active Measurements Conference (PAM) 2016 }, Year = {2016}, Address = {Heraklion, Greece}, Month = {March}, }
Dataset without screen records, [187 MB], Checksum, GPG signature with key
Additional table with DNS records for messengers (referenced in paper)
If you have any further questions feel free to contact us.
Johannes Zirngibl, Quirin Scheitle, Dr. Matthias Wachs
PGP Public Key
Download Public Key: Johannes ZirngiblFingerprint: 69CA CD56 7B6D D8DF F525 E7C7 0D05 28B3 ED88 5367
Feel free to encrypt any message you send to us.
Please remember to include your public key if you want us to encrypt follow up messages.
Background information
- Bachelor's Thesis (Zirngibl)
- Johannes Zirngibl
- Security Analysis of Mobile Messaging Traffic with an Automated Test Framework
- Technische Universität München
- Chair of Network Architecture and Service
- 2015