Abstract
Internet-based mobile messaging applications have become a ubiquitous means of communication, and have quickly gained popularity over cellular short messages (SMS). Unfortunately, from a security point of view, free messaging services do not guarantee the privacy of users. For example, free messaging providers can record and store exchanged messages indefinitely to collect information about specific users. Moreover, these messages can be accessed by criminals who gain access to social media accounts. In this paper, we introduce BabelCrypt, a system that addresses the problem of automatically retrofitting arbitrary mobile chat applications with end-to-end encryption. Our system works by transparently interfacing with the original client applications supplied by the respective service providers. It does not require any modification to the individual applications, nor does it require any knowledge or customization for specific chat applications. BabelCrypt is able to automatically inject control messages in-band, using the underlying application’s message exchange mechanism, and thus supports running arbitrarily complex encryption protocols such as OTR. We successfully used BabelCrypt with a number of popular messaging applications including Facebook Messenger, WhatsApp, and Skype. Our evaluation shows that BabelCrypt provides end-to-end security for arbitrary messaging applications while satisfactorily preserving the original user experience of the messaging application.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Audium. https://www.audium.im
Go SMS. http://gosms.goforandroid.com/
Pidgin, the universal chat client. https://www.pidgin.im
Bluebox Security: Bluebox. https://www.bluebox.com
Davis, B., Sanders, B., Khodaverdian, A., Chen, H.: I-ARM-Droid: a rewriting framework for in-app reference monitors for android applications. In: IEEE Workshop on Mobile Security Technologies (2012)
Egele, M., Brumley, D., Fratantonio, Y., Kruegel, C.: An empirical study of cryptographic misuse in android applications. In: ACM Conference on Computer and Communications Security (2013)
Feloni, R.: Facebook Sued For Allegedly Using Your Private Messages To Trigger Ads, January 2014. http://www.businessinsider.com/facebook-sued-for-allegedly-using-your-private-messages-to-trigger-ads-2014-1
Garfinkel, S.: PGP: Pretty Good Privacy. O’Reilly Media Inc., San Francisco (1995)
Goldberg, I.: Off-the-Record Messaging (OTR). https://otr.cypherpunks.ca/
Google: Accessibility|Android Developers. https://developer.android.com/guide/topics/ui/accessibility/
Jeon, J., Micinski, K.K., Vaughan, J.A., Fogel, A., Reddy, N., Foster, J.S., Millstein, T.: Dr. Android and Mr. Hide: fine-grained permissions in android applications. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (2012)
Lau, B., Chung, S., Song, C., Jang, Y., Lee, W., Boldyreva, A.: Mimesis aegis: a mimicry privacy shield. In: USENIX Security Symposium (2014)
Open Whisper Systems: TextSecure. https://whispersystems.org
Silent Circle: Silent Text. https://www.silentcircle.com
The Guardian Project: ChatSecure. https://guardianproject.info/apps/chatsecure
Threema GmbH: Threema. https://www.threema.ch
Xu, R., SaĂŻdi, H., Anderson, R.: Aurasium: practical policy enforcement for android applications. In: USENIX Security Symposium (2012)
Acknowledgment
This work was supported by the Office of Naval Research (ONR) under grant N000141210165, National Science Foundation (NSF) under grant CNS-1116777, and Secure Business Austria. The authors would like to thank Erik-Oliver Blass for insightful discussions and valuable feedback.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ozcan, A.T. et al. (2015). BabelCrypt: The Universal Encryption Layer for Mobile Messaging Applications. In: Böhme, R., Okamoto, T. (eds) Financial Cryptography and Data Security. FC 2015. Lecture Notes in Computer Science(), vol 8975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-47854-7_21
Download citation
DOI: https://doi.org/10.1007/978-3-662-47854-7_21
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-47853-0
Online ISBN: 978-3-662-47854-7
eBook Packages: Computer ScienceComputer Science (R0)