Abstract
Since the 1990s, two technologies have reshaped how we see and experience the world around us. These technologies are the Internet and mobile communication, especially smartphones. The Internet provides a cheap and convenient way to explore and communicate with distant people. A multitude of services have converged on the smartphone platform, and potentially the most notable is social networking. With increased interconnectivity and use of online services, concerns about consumers’ security and privacy are growing. In this paper, we evaluate the security- and privacy-preserving features provided by existing mobile chat services. This paper also puts forwards a basic framework for an End-to-End (E2E) security and privacy-preserving mobile chat service and associated requirements. We implemented the proposal to provide proof-of-concept and evaluate the technical difficulty of satisfying the stipulated security and privacy requirements.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Thomas, D., Bradshaw, T.: Rapid Rise of Chat Apps Slims Texting Cash Cow for Mobile Groups. Online. Financial Times (April 2013), http://www.ft.com/intl/cms/s/0/226ef82e-aed3-11e2-bdfd-00144feabdc0.html#axzz2urfG5LDi
Paczkowski, J.: WhatsApp: Bigger Than Twitter. Online. All Things D (April 2013), http://allthingsd.com/20130416/whatsapp-bigger-than-twitter/
Greenwald, G.: English NSA Collecting Phone Record of Millions of Verizon Customers Daily. Online. The Guardian (June 2013), http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order
Vincent, J.: Affiliations, Emotion and the Mobile Phone. In: Esposito, A., VĂch, R. (eds.) Cross-Modal Analysis. LNCS (LNAI), vol. 5641, pp. 28–41. Springer, Heidelberg (2009)
Ling, R.: New Tech, New Ties: How Mobile Communication Is Reshaping Social Cohesion. The MIT Press (2008)
Laugesen, J., Yuan, Y.: What Factors Contributed to the Success of Apple’s iPhone? In: Proceedings of the 2010 Ninth International Conference on Mobile Business / 2010 Ninth Global Mobility Roundtable ICMB-GMR 2010, pp. 91–99. IEEE Computer Society, Washington, DC (2010)
Akram, R.N., Markantonakis, K., Mayes, K.: Building the Bridges – A Proposal for Merging different Paradigms in Mobile NFC Ecosystem. In: Xie, S. (ed.) The 8th International Conference on Computational Intelligence and Security (CIS 2012). IEEE Computer Society, Guangzhou (2012)
Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google Android: A Comprehensive Security Assessment. IEEE Security and Privacy 8(2), 35–44 (2010)
Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices. In: 2011 IEEE Symposium on Security and Privacy (SP), pp. 96–111. IEEE (2011)
Goodin, D.: Crypto Weaknesses in WhatsApp “The Kind of Stuff the NSA would Love”. Online. ARS Technica (February 2014), http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/
The WhatsApp Architecture Facebook Bought for $19 Billion. Online. High Scalability, (February 2014) http://highscalability.com/blog/2014/2/26/the-whatsapp-architecture-facebook-bought-for-19-billion.html
Freier, A., Karlton, P., Kocher, P.: RFC:6101 - The Secure Sockets Layer (SSL) Protocol Version 3.0. Online. IETF (August 2011)
Security of BlackBerry PIN-to-PIN Messaging. Online. Communications Security Establishment Canada, http://www.cse-cst.gc.ca/its-sti/publications/itsb-bsti/itsb57b-eng.html (March 2011)
Dierks, T., Rescorla, E.: RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2., Tech. Rep. (August 2008)
Moscaritolo, V., Belvin, G., Zimmermann, P.: Silent Circle Instant Messaging Protocol: Protocol Specification, Online, White Paper (December 2012)
Landman, M.: Managing Smart Phone Security Risks. In: 2010 Information Security Curriculum Development Conference, pp. 145–155. ACM (2010)
Felt, A.P., Egelman, S., Wagner, D.: I’ve Got 99 Problems, but Vibration ain’t One: A Survey of Smartphone Users’ Concerns. In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 33–44. ACM (2012)
La Polla, M., Martinelli, F., Sgandurra, D.: A Survey on Security for Mobile Devices. IEEE Communications Surveys & Tutorials, 446–471 (2013)
Zimmermann, P., Johnston, A., Callas, J.: ZRTP: Media Path Key Agreement for Unicast Secure RTP. IETF, RFC 6189 (April 2011)
Alexander, C., Goldberg, I.: Improved User Authentication in Off-the-record Messaging. In: Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society, WPES 2007, pp. 41–47. ACM, New York (2007)
Belvin, G.: A Secure Text Messaging Protocol. Cryptology ePrint Archive, Report 2014/036 (2014), http://eprint.iacr.org/
Dyreson, C.E., Snodgrass, R.T.: Timestamp semantics and representation. Information Systems 18(3), 143–166 (1993)
Akram, R.N., Markantonakis, K., Mayes, K.: Pseudorandom Number Generation in Smart Cards: An Implementation, Performance and Randomness Analysis. In: Mana, A., Klonowski, M. (eds.) 5th International Conference on New Technologies, Mobility and Security (NTMS). IEEE Computer Society, Turkey (2012)
Rogers, R., Lombardo, J., Mednieks, Z., Meike, B.: Android Application Development: Programming with the Google SDK. O’Reilly, Beijing (2009)
Apache, Apache Tomcat (May 2007) http://tomcat.apache.org/
MySQL 5.6 Reference Manual, Online, Manual (March 2014), http://downloads.mysql.com/docs/refman-5.6-en.pdf
Wenz, C., Hauser, T.: PHP 5.1. Markt Technik, MĂĽnchen (2006)
Wall, L., et al.: The Perl Language Reference Manual (for Perl version 5.12.1.). 5th edn. Perl Reference Manual (for Perl version 5.12.1), vol. 1. Network Theory Ltd, United Kingdom (2010), http://www.network-theory.co.uk/docs/perlref/
PHP Cryptogrpahy Extensions: Mcrypt. Online PHP (November 2013), http://nz2.php.net/mcrypt
The OpenSSL Project, OpenSSL: The Open Source Toolkit for SSL/TLS (April 2003), http://www.openssl.org
Mosquitto: An Open Source MQTT v3.1/v3.1.1 Broker, http://mosquitto.org/
MQ Telemetry Transport (MQTT) Protocol, http://mqtt.org/
Saint-Andre, P.: Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence. Internet RFC 3921 (October 2004)
Bray, T.: Extensible Markup Language - SW (XML-SW). Tech. Rep. (February 2002), http://www.textuality.com/xml/xmlSW.html
Singh, I., Leitch, J., Wilson, J.: GSON User Guide, User Guide, https://sites.google.com/site/gson/gson-user-guide
SQLCipher Documentation, http://sqlcipher.net/documentation
Eclipse Paho Project, http://www.eclipse.org/paho/
Bouncy Castle Crypto Package. Bouncy Castle, http://www.bouncycastle.org/documentation.html
Spongy Castle, http://rtyley.github.io/spongycastle/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Akram, R.N., Ko, R.K.L. (2014). End-to-End Secure and Privacy Preserving Mobile Chat Application. In: Naccache, D., Sauveron, D. (eds) Information Security Theory and Practice. Securing the Internet of Things. WISTP 2014. Lecture Notes in Computer Science, vol 8501. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43826-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-662-43826-8_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43825-1
Online ISBN: 978-3-662-43826-8
eBook Packages: Computer ScienceComputer Science (R0)