Advertisement

End-to-End Secure and Privacy Preserving Mobile Chat Application

  • Raja Naeem Akram
  • Ryan K. L. Ko
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8501)

Abstract

Since the 1990s, two technologies have reshaped how we see and experience the world around us. These technologies are the Internet and mobile communication, especially smartphones. The Internet provides a cheap and convenient way to explore and communicate with distant people. A multitude of services have converged on the smartphone platform, and potentially the most notable is social networking. With increased interconnectivity and use of online services, concerns about consumers’ security and privacy are growing. In this paper, we evaluate the security- and privacy-preserving features provided by existing mobile chat services. This paper also puts forwards a basic framework for an End-to-End (E2E) security and privacy-preserving mobile chat service and associated requirements. We implemented the proposal to provide proof-of-concept and evaluate the technical difficulty of satisfying the stipulated security and privacy requirements.

Keywords

Mobile Application Secure Socket Layer Transport Layer Security Membership Server Chat Application 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Thomas, D., Bradshaw, T.: Rapid Rise of Chat Apps Slims Texting Cash Cow for Mobile Groups. Online. Financial Times (April 2013), http://www.ft.com/intl/cms/s/0/226ef82e-aed3-11e2-bdfd-00144feabdc0.html#axzz2urfG5LDi
  2. 2.
    Paczkowski, J.: WhatsApp: Bigger Than Twitter. Online. All Things D (April 2013), http://allthingsd.com/20130416/whatsapp-bigger-than-twitter/
  3. 3.
    Greenwald, G.: English NSA Collecting Phone Record of Millions of Verizon Customers Daily. Online. The Guardian (June 2013), http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order
  4. 4.
    Vincent, J.: Affiliations, Emotion and the Mobile Phone. In: Esposito, A., Vích, R. (eds.) Cross-Modal Analysis. LNCS (LNAI), vol. 5641, pp. 28–41. Springer, Heidelberg (2009)Google Scholar
  5. 5.
    Ling, R.: New Tech, New Ties: How Mobile Communication Is Reshaping Social Cohesion. The MIT Press (2008)Google Scholar
  6. 6.
    Laugesen, J., Yuan, Y.: What Factors Contributed to the Success of Apple’s iPhone? In: Proceedings of the 2010 Ninth International Conference on Mobile Business / 2010 Ninth Global Mobility Roundtable ICMB-GMR 2010, pp. 91–99. IEEE Computer Society, Washington, DC (2010)CrossRefGoogle Scholar
  7. 7.
    Akram, R.N., Markantonakis, K., Mayes, K.: Building the Bridges – A Proposal for Merging different Paradigms in Mobile NFC Ecosystem. In: Xie, S. (ed.) The 8th International Conference on Computational Intelligence and Security (CIS 2012). IEEE Computer Society, Guangzhou (2012)Google Scholar
  8. 8.
    Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., Glezer, C.: Google Android: A Comprehensive Security Assessment. IEEE Security and Privacy 8(2), 35–44 (2010)CrossRefGoogle Scholar
  9. 9.
    Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices. In: 2011 IEEE Symposium on Security and Privacy (SP), pp. 96–111. IEEE (2011)Google Scholar
  10. 10.
    Goodin, D.: Crypto Weaknesses in WhatsApp “The Kind of Stuff the NSA would Love”. Online. ARS Technica (February 2014), http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/
  11. 11.
    The WhatsApp Architecture Facebook Bought for $19 Billion. Online. High Scalability, (February 2014) http://highscalability.com/blog/2014/2/26/the-whatsapp-architecture-facebook-bought-for-19-billion.html
  12. 12.
    Freier, A., Karlton, P., Kocher, P.: RFC:6101 - The Secure Sockets Layer (SSL) Protocol Version 3.0. Online. IETF (August 2011)Google Scholar
  13. 13.
    Security of BlackBerry PIN-to-PIN Messaging. Online. Communications Security Establishment Canada, http://www.cse-cst.gc.ca/its-sti/publications/itsb-bsti/itsb57b-eng.html (March 2011)
  14. 14.
    Dierks, T., Rescorla, E.: RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2., Tech. Rep. (August 2008)Google Scholar
  15. 15.
    Moscaritolo, V., Belvin, G., Zimmermann, P.: Silent Circle Instant Messaging Protocol: Protocol Specification, Online, White Paper (December 2012)Google Scholar
  16. 16.
    Landman, M.: Managing Smart Phone Security Risks. In: 2010 Information Security Curriculum Development Conference, pp. 145–155. ACM (2010)Google Scholar
  17. 17.
    Felt, A.P., Egelman, S., Wagner, D.: I’ve Got 99 Problems, but Vibration ain’t One: A Survey of Smartphone Users’ Concerns. In: Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 33–44. ACM (2012)Google Scholar
  18. 18.
    La Polla, M., Martinelli, F., Sgandurra, D.: A Survey on Security for Mobile Devices. IEEE Communications Surveys & Tutorials, 446–471 (2013)Google Scholar
  19. 19.
    Zimmermann, P., Johnston, A., Callas, J.: ZRTP: Media Path Key Agreement for Unicast Secure RTP. IETF, RFC 6189 (April 2011)Google Scholar
  20. 20.
    Alexander, C., Goldberg, I.: Improved User Authentication in Off-the-record Messaging. In: Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society, WPES 2007, pp. 41–47. ACM, New York (2007)CrossRefGoogle Scholar
  21. 21.
    Belvin, G.: A Secure Text Messaging Protocol. Cryptology ePrint Archive, Report 2014/036 (2014), http://eprint.iacr.org/
  22. 22.
    Dyreson, C.E., Snodgrass, R.T.: Timestamp semantics and representation. Information Systems 18(3), 143–166 (1993)CrossRefGoogle Scholar
  23. 23.
    Akram, R.N., Markantonakis, K., Mayes, K.: Pseudorandom Number Generation in Smart Cards: An Implementation, Performance and Randomness Analysis. In: Mana, A., Klonowski, M. (eds.) 5th International Conference on New Technologies, Mobility and Security (NTMS). IEEE Computer Society, Turkey (2012)Google Scholar
  24. 24.
    Rogers, R., Lombardo, J., Mednieks, Z., Meike, B.: Android Application Development: Programming with the Google SDK. O’Reilly, Beijing (2009)Google Scholar
  25. 25.
    Apache, Apache Tomcat (May 2007) http://tomcat.apache.org/
  26. 26.
    MySQL 5.6 Reference Manual, Online, Manual (March 2014), http://downloads.mysql.com/docs/refman-5.6-en.pdf
  27. 27.
    Wenz, C., Hauser, T.: PHP 5.1. Markt Technik, München (2006)Google Scholar
  28. 28.
    Wall, L., et al.: The Perl Language Reference Manual (for Perl version 5.12.1.). 5th edn. Perl Reference Manual (for Perl version 5.12.1), vol. 1. Network Theory Ltd, United Kingdom (2010), http://www.network-theory.co.uk/docs/perlref/
  29. 29.
    PHP Cryptogrpahy Extensions: Mcrypt. Online PHP (November 2013), http://nz2.php.net/mcrypt
  30. 30.
    The OpenSSL Project, OpenSSL: The Open Source Toolkit for SSL/TLS (April 2003), http://www.openssl.org
  31. 31.
    Mosquitto: An Open Source MQTT v3.1/v3.1.1 Broker, http://mosquitto.org/
  32. 32.
    MQ Telemetry Transport (MQTT) Protocol, http://mqtt.org/
  33. 33.
    Saint-Andre, P.: Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence. Internet RFC 3921 (October 2004)Google Scholar
  34. 34.
    Bray, T.: Extensible Markup Language - SW (XML-SW). Tech. Rep. (February 2002), http://www.textuality.com/xml/xmlSW.html
  35. 35.
    Singh, I., Leitch, J., Wilson, J.: GSON User Guide, User Guide, https://sites.google.com/site/gson/gson-user-guide
  36. 36.
    SQLCipher Documentation, http://sqlcipher.net/documentation
  37. 37.
    Eclipse Paho Project, http://www.eclipse.org/paho/
  38. 38.
    Bouncy Castle Crypto Package. Bouncy Castle, http://www.bouncycastle.org/documentation.html
  39. 39.

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Raja Naeem Akram
    • 1
  • Ryan K. L. Ko
    • 1
  1. 1.Cyber Security Lab., Department of Computer ScienceUniversity of WaikatoHamiltonNew Zealand

Personalised recommendations