What's new in v0.4 - Improved security features

Feb 13, 2022

Version 0.4 of CoyIM is coming in February 2022. When you read this, it might already be out there! This release contains many important improvements and new functionality. Many of these large improvements are obviously significant, but as we have worked on a few of these big features we have also worked hard on improving the basic security features of CoyIM. In this post we’ll take a look at some of these additions and improvements.

The goal of CoyIM was always to create a messenger client that was more secure and privacy preserving than the alternatives. The goal was also to make this the default, so that anyone turning on the application would immediately get a secure experience. We accomplish this primarily with three major features. The automatic recognition, configuration and use of Tor. The integration of the OTR protocol for end-to-end encryption. And the choice of a programming language that minimizes the risk of vulnerabilities. But outside of these major features, CoyIM also includes a myriad smaller security related aspects. Some are simply related to how we implement things, while others are direct security features. One thing to keep in mind with CoyIM is that we always have to balance different types of features based on their complexity, the risk that they could be exploited in some way, and whether they might have an impact on any of the security properties of CoyIM. In some cases we have to look extra carefully at how a feature might reveal information about a user in different ways, breaking their anonymity.

While most of the features described in this post are directly related to security, the first one is more indirect. Specifically, it has to do with improvements in testing. While automated testing doesn’t automatically lead to improved security, there can definitely be benefits to it. CoyIM has always had a test suite covering parts of the implementation, but in version 0.4 we have covered almost everything in the program outside of the pure graphical user interface aspects. In the process we found some smaller issues here and there as well. The process of writing comprehensive tests really help think through what code is supposed to do. And while we didn’t find any actual security issues, we did improve the code in many places, and making sure that our tests check that it’s doing what it’s supposed to be doing. On top of that, we are strong believers in automated testing. For this purpose we use continuous integration, making sure that our test suite is run every time we push new code. We also make sure to run it on all the Golang versions we support. But one problem has been that it’s been quite hard to run this same suite on Windows and macOS. And in fact, we noticed that many tests were failing on Windows, for various reasons. We have now remedied this situation and every single commit on CoyIM will be tested on Windows, macOS and Linux. This means we have a significantly higher certainty that our code does what we want it to do. At the same time, it reduces the complexity of the code, making it less likely that bugs are hiding in strange corners of the application.

As mentioned above, CoyIM adds many different kinds of protections and security features. And while we do have end-to-end security for all chats (unless you turn it off), and while we will automatically use the Tor network for all connections, we also want to encrypt the communication between your machine and the server. In fact, we require this encryption. We use the TLS standard for this kind of protection. And we have done this for a long time. But TLS can be quite complex. It supports many different ways of encrypting and securing your connection. Our configuration here is conservative and only uses the best versions possible. But one feature that is new in CoyIM version 0.4 is support for the newest version of TLS, called 1.3. This upgrade simplifies and speeds up the connection while improving security as well.

One problem with the XMPP standard is that by default it requires you to connect without encryption and then upgrade the connection to use TLS. This is a standard procedure and used by all servers and clients. However, it does leave a small window of vulnerability where the connection is not protected. In the new version of CoyIM we protect against this by supporting something called direct TLS using SRV lookup. What this actually means is that an XMPP server can advertise in the global domain name system that it wants you to connect directly using TLS. CoyIM will look up this advertisement and use a direct TLS connection if the server so indicates. In this way, another potential attack vector is removed.

When connecting to a server you always have to authenticate in some way. The standard way to do this with XMPP is with a password. But how does the client actually send the password to the server? Since the connection is protected with TLS, it might make sense to just send the password as is. And this is exactly what many clients do. However, the problem is that it forces the server to store the password as well. Other methods exist to reduce these kinds of security risks as well. The most used one is called SCRAM. This involves the server sending a challenge to the user and the user responding to this challenge in a way that shows they have the password. CoyIM has supported SCRAM for a long time, but what we have added in the new version is support for more advanced and stronger versions of the protocol, using larger and more recent versions of the hash primitives. We also added support for something called channel binding, which ties together the SCRAM authentication with the current TLS session. In this way, it becomes harder for an attacker to replay or use the SCRAM challenge in a different connection. All of these are incremental improvements, but they move the CoyIM state of security forward.

CoyIM has a list of XMPP servers that we recommend. This list also contains the address for a large amount of servers that are reachable using Tor onion services. Onion services are basically a method that Tor offers that improves the security of the connection even more than the regular Tor connection does. Fundamentally, when connecting using an onion service, your traffic will never leave the Tor network at all, before reaching the server. However, not all XMPP servers offers support for onion services, and it can sometimes be hard to find the information for those that do. For this reason, CoyIM shipped with a list of known onion services, and the application will automatically use the onion service if one is available for your service. However, these onion services were based on version 2 of the onion service protocol, and this protocol has been deprecated by the Tor network. For this reason, we have now moved over to using the version 3 onion services instead. This version is more powerful and significantly more secure, and you will get the benefit of it without doing anything at all. With the new version of CoyIM, it will simply do the right thing.

In CoyIM we use the OTR protocol for providing end-to-end encryption. We use our own implementation of this protocol, called otr3. Overall, this implementation has been quite stable for a long time. During the development process of CoyIM v0.4 we felt it was time to have a security audit done of this library. Radically Open Security helped us with this audit. You can read the report on the CoyIM website, but basically it says that there were some smaller issues to fix - which we have done - but nothing major. So, the 0.4 version of CoyIM will ship with a cryptographic library that has been thoroughly reviewed by an outside organization, and all their findings have been fixed. This means that you can comfortable rely on the security of the encryption in CoyIM.

On top of all these specific things, we have also resolved a large number of bugs in the program. In general, these did not have any security impact, but it’s still nice to know that the quality of the code base has improved significantly. Overall, CoyIM v0.4 is the largest release we have ever made, and at the same time it significantly improves on the security of the system, which has always been the most important aspect of our work.