Abstract
A message is defined as any piece of information that a person communicates to another individual or group. On the other hand, a secure messaging system protects and secures individuals’ and organizations’ communication infrastructure. End-to-end encryption uses encryption and decryption keys to ensure the privacy of messages and the authenticity of the sender and recipient. Technological advancements, such as cloud-based and blockchain-based platforms, drive growth in the secure messaging market. However, risks like phishing and cyberattacks remain persistent and are projected to continue targeting messages in the future.
You have full access to this open access chapter, Download chapter PDF
1 Introduction
In today’s digital world, instant messaging and social networking have become ubiquitous. The widespread use of these communication channels, especially in the workplace, has raised security concerns for individuals and organizations. Secure messaging refers to protecting and safeguarding communication infrastructure, such as emails, messaging apps, and instant messaging platforms, through various security mechanisms like end-to-end encryption (E2EE). E2EE uses encryption and decryption keys to ensure the privacy of messages and the authenticity of the sender and recipient. With the increasing number of mobile messaging users, the need for secure messaging systems is rising. Technological advancements, such as cloud-based and blockchain-based platforms, drive growth in the secure messaging market. However, risks like phishing and cyberattacks remain persistent and are projected to continue targeting messages in the future.
2 Analysis
2.1 Definition
A message is defined as any piece of information that a person communicates to another individual or group. On the other hand, a secure messaging system is a method of protecting and securing individuals’ and organizations’ communication infrastructure [1]. Among the communication channels are emails, messaging apps, and social networking platforms for instant messaging (e.g., WhatsApp). Access to these channels is possible from various systems, such as mobile phones and computer messaging applications. In addition to preventing cyberattacks, appropriate security mechanisms can also enhance confidentiality (i.e., only intended recipients can view messages) and authenticity (i.e., verifying the identity of senders and recipients) [2].
E2EE (end-to-end encryption) can be used to secure messages while transferring them from one system or device to another. E2EE is intended to secure communication in a way that prevents third parties from accessing information. A message in E2EE is encrypted on the system or device of the sender, and only the intended recipient is permitted to decrypt it. The encryption and decryption keys are stored on each endpoint of the communication system. To facilitate key management (see Chap. 4), most systems make use of Public Key Cryptography (see Chap. 3).
2.2 Trends
It is anticipated that the number of mobile messaging users will increase from 2.9 billion users in 2020 to 3.5 billion in 2025 [3]. The increasing need for organizations to secure their messaging infrastructure is a key driver for growth, especially as businesses increasingly use mobile messaging applications to communicate. A list of key trends in the coming years is presented in Table 37.1.
3 Consequences for Switzerland
Threema is a Swiss solution used by more than 7’000 corporate customers, including the Swiss government. This solution provides some significant advantages like zero-knowledge security, on-premise servers, and metadata restrains [12]. However, vulnerabilities were discovered in the messenger application by the Applied Cryptography Group at the ETH Zurich [13]. They were fixed after 3 months, the time, Threema asked the researchers to hold the information.
It is common for Switzerland to conduct research on topics related to security and privacy, which lay the foundation for secure messaging, for example the Zurich Information Security & Privacy Center at ETH Zurich [14], Identity and Access Management (IAM) at Bern University of Applied Sciences (BFH) [15], or Center for Intelligent Systems (CIS) at EPFL [16]. The IBM Research Zurich team conducts commercial research on system security and cryptography [17].
3.1 Implementation possibilities: Make or Buy
In response to increased public attention, more and more solutions for secure messaging have emerged. However, many of these solutions do not provide strong and well-defined security features [7]. Many of the secure messaging solutions have no answer to the problem of protecting the metadata [7].
Secure messaging solutions should be purchased with a strong analysis based on the needs of each organization as end-to-end encrypted messages sent on unique channels could be easily attacked by spam, flooding, and denial-of-service [7].
4 Conclusion
The demand for secure messaging solutions is growing, and the solutions are becoming more convenient and secure. However, if solutions exist, choosing them and implementing them in a efficient way remains a big challenge.
References
Justin Engler and Cara Marie. Secure Messaging for Normal People. Technical report, NCC Group, August 2022.
Benjamin Dowling and Britta Hale. Secure Messaging Authentication against Active Man-in-the-Middle Attacks. In 2021 IEEE European Symposium on Security and Privacy (EuroS&P), pages 54–70, Vienna, Austria, September 2021. IEEE.
Mobile messaging users worldwide 2025. https://www.statista.com/statistics/483255/number-of-mobile-messaging-users-worldwide/, August 2022. Statista.
Council Post: The CPaaS Industry Is In Hyper Growth: A Blueprint Of CPaaS And Its Future.
Session | Send Messages, Not Metadata. | Private Messenger. https://getsession.org/, August 2022. Session.
Global Relay. Engineered Anonymity: How Blockchain is Disrupting Secure Messaging. https://www.globalrelay.com/how-blockchain-is-disrupting-secure-messaging/, May 2022.
Nik Unger, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg, and Matthew Smith. SoK: Secure Messaging. In 2015 IEEE Symposium on Security and Privacy, pages 232–249, May 2015. ISSN: 2375-1207.
NIST. Back to Basics: What’s multi-factor authentication - and why should I care? https://www.nist.gov/blogs/cybersecurity-insights/back-basics-whats-multi-factor-authentication-and-why-should-i-care, August 2022.
MIT Technology Review Insights. Preparing for AI-enabled cyberattacks. Technical report, April 2021.
Expert Insights. What Does AI Mean For The Future Of Email Security? https://expertinsights.com/insights/ai-and-the-future-of-cyber-security-for-business/#:~:text=AI%20is%20helping%20businesses%20achieve,before%20it%20can%20take%20place, March 2022.
IBM. What is a cyberattack? https://www.ibm.com/topics/cyber-attack, August 2022.
Threema – Maximum Security Chat App. For Companies and Individuals.–Overview. https://threema.ch/en, December 2022.
Vulnerabilities in secure messenger Threema discovered. https://inf.ethz.ch/news-and-events/spotlights/infk-news-channel/2023/01/threema.html.
ZISC – Zurich Information Security and Privacy Center. https://zisc.ethz.ch/, August 2022.
Identity and Access Management (IAM). https://www.bfh.ch/en/research/research-areas/identity-access-management-iam/, August 2022.
Center for Intelligent Systems (CIS). https://www.epfl.ch/research/domains/cis/, August 2022. EPFL.
Security Research, IBM Research Europe Zurich. https://www.zurich.ibm.com/security/, August 2022.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2023 The Author(s)
About this chapter
Cite this chapter
Nunes, E. (2023). Secure Messaging. In: Mulder, V., Mermoud, A., Lenders, V., Tellenbach, B. (eds) Trends in Data Protection and Encryption Technologies . Springer, Cham. https://doi.org/10.1007/978-3-031-33386-6_37
Download citation
DOI: https://doi.org/10.1007/978-3-031-33386-6_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-33385-9
Online ISBN: 978-3-031-33386-6
eBook Packages: Computer ScienceComputer Science (R0)