Apple has enhanced iMessage security with ‘Contact Key Authentication’, strengthening user privacy and authentication against evolving threats using cryptographic methods and key transparency. Contact Key Authentication is a security feature that helps detect sophisticated attacks on iMessage servers and allows users to verify the identity of their communication partners. This feature specifically addresses vulnerabilities associated with critical directory services.
Apple brings Contact Key Verification to iMessage
Such services often match user identifiers with public keys. This can become a single point of failure if they are compromised. Communication Key Authentication aims to overcome this problem by providing a more reliable way to verify the identities of communication partners. To solve this problem, Apple introduced a mechanism known as Key Transparency (KT). Similar to Certificate Transparency, KT uses a verifiable, log-backed map data structure that allows for cryptographic proofs and audits for consistency over time, offering scalability and user privacy. Apple’s implementation of Key Transparency goes beyond the current key index system.
Provides an account-level ECSDA signing key that is created and stored in the iCloud Keychain on the user’s device. Devices use this synchronized account key to sign iMessage public keys, and this data is stored in the Identity Directory Service (IDS) database and synced with the Key Transparency service.