PreprintPDF Available

Blockchain-Enabled End-to-End Encryption for Instant Messaging Applications (To appear in WoWMoM 2022, Belfast, UK)

Authors:

Abstract and Figures

In the era of social media and messaging applications, people are becoming increasingly aware of data privacy issues associated with such apps. Major messaging applications are moving towards end-to-end encryption (E2EE) to give their users the privacy they are demanding. However the current security mechanisms employed by different service providers are not unfeigned E2EE implementations, and are blended with many vulnerabilities. In the present scenario, the major part of the E2EE mechanism is controlled by the service provider's servers, and the decryption keys are stored by them in case of backup restoration. These shortcomings diminish the user's confidence in the privacy of their data while using these apps. A public Key infrastructure (PKI) mechanism can be used to circumvent some of these issues, but it comes with high monetary costs, which makes it impossible to roll out for millions of users. The paper proposes a blockchain-based E2EE framework that can mitigate the contemporary vulnerabilities in messaging applications. The user's device generates the public/private key pair during application installation, and asks its mobile network operator (MNO) to issue a digital certificate and store it on the blockchain. A user can fetch a certificate for another user from the chat server and communicate securely with them using a ratchet forward encryption mechanism.
Content may be subject to copyright.
A preview of the PDF is not available
ResearchGate has not been able to resolve any citations for this publication.
Article
Full-text available
For many systems, safe connectivity is an important requirement, even if the transmitting machines are resource-constrained. The advent of the Internet of Things (IoT) has also increased the demand for low-power devices capable of connecting with each other or sending data to a central processing site. The IoT allows many applications in a smart environment, such as outdoor activity control, smart energy, infrastructure management, environmental sensing, or cyber-security issues. Security in such situations remains an open challenge because of the resource-constrained design of sensors and objects, or the multi-purpose adversaries may target the process during the life cycle of a smart sensor. This paper discusses widely used protocols that provide safe communications for various applications in IoT and also different attacks are defined. In this paper, to protect the IoT objects and sensors, we propose a comprehensive and lightweight security protocol based on Cryptographic Ratchets. That is, an encrypted messaging protocol using the Double Ratchet Algorithm is defined which we call Singleton, and the implementation of protocol is tested and compared to the implementation of the IoT standard protocols and a post-quantum version of the protocol. Various cryptographic primitives are also evaluated, and their suitability for use in the protocol is tested. The results show that the protocol as the building stone not only enables efficient resource-wise protocols and architectures but also provides advanced and scalable IoT sensors. Our design and analysis demonstrate that Singleton security architecture can be easily integrated into existing network protocols such as IEEE 802.15.4 or OMA LWM2M, which offers several benefits that existing approaches cannot offer both performance and important security services. For chat applications such as WhatsApp, Skype, Facebook Private Messenger, Google Allo, and Signal, a cryptographic ratchet-based protocol provides end-to-end encryption, forward secrecy, backward secrecy, authentication, and deniability.
Conference Paper
Full-text available
The SSL protocol has been widely used for verifying digital identities and to secure Internet traffic since the early days of the web. Although X.509 certificates have been in existence for more than two decades, individual user uptake has been low due to the high cost of issuance and maintenance of such certs. This has led to a situation whereby users are able to verify the identity of an organization or e-commerce retailer via their digital certificate, but organizations have to rely on weak username and password combinations to verify the identity of customers registered with their service. We propose the X509Cloud framework which enables organizations to issue certificates to their users at zero cost, and allows them to securely store and disseminate client certificates using the Bitcoin inspired blockchain protocol. This in turn will enable organizations and individuals to authenticate and to securely communicate with other users on the Internet.