Messaging Security with Peer-to-Peer Blockchain Encryption

College of Natural Sciences. Department of Computer Science

CS 356 Computer Security. Instructor: Indrajit Ray. TA: Subhojeet Mukherjee, Pratik Warade. UTA: Noah Cain by Ben Newell, Alex Meier Kreienbaum, Rudy Figueroa, Nikolay Radaev

Introduction

Most common internet messaging applications today follow the server-client model for sending data. In this model, the data is sent from one user to a central server, and then to another user. In the peer-to-peer model, one user sends the data directly over the internet to another.

Consider this

With most messengers (Facebook, WhatsApp, iMessage, etc.), when you send a message to an offline user and go offline, the other user will still receive the message when they go online. This means that the message has been stored somewhere on a server! Someone could potentially access your messages.

Problem Characterization


1. Server participates in key creation. In modern messengers the server creates the public-private key pairs for the accounts. So if the server is hacked, the key pairs can be compromised.
2. Server stores messages. Because messages are stored permanently on a server, they are vulnerable to attacks, even if the data is encrypted.
3. Encryption is static. Encryption is done only once and doesn’t change with time. So if the key pair is stolen, the messaging data can be accessed.

Proposed Solution

Our proposed solution addresses each of the three problems with peer-to-peer blockchain encryption.
1. Server doesn’t participate in key creation. The initial message between users will exchange a shared key using public key cryptography. The public/private key generation will be done on the user’s device, not on a server.
2. Messages stored locally on the clients devices. Because this is peer-to-peer and no server is involved, the messaging is more secure and less vulnerable to centralized attacks.
3. Blockchain encryption. Keys are updated dynamically using blockchain techniques, so the security of messages increases over time. Even if one key is found, it will become out of date and no longer useful. 

In the News
Facebook Message Storage Logs Subject to Change Facebook stores its chats on offsite servers allowing attackers to overwrite a message with the same ID and sent time in the log making them indistinguishable from authentic messages.
Apple's Single Keygen Encrypts your Messages. Except from them iMessage uses private/public key encryption. Although it is end to end encrypted, the key generation is only done once by apple on initial startup of the phone. Therefore apple could have those keys and can decrypt messages, or encrypt new messages with a user’s key – masquerading as that user.
WhatsApp Browser Version Housing Vulnerability WhatsApp sent out an update to their app for end to end encryption, but in doing so exposed a vulnerability on the browser version allowing people to send html code to give access to chat logs and stored info. 

1. Use Devices for Key Generation

Establish trust with secure key generation.


To guarantee security, the app will only be offered on trusted vendors. From here, only the client devices will participate in key creation. Using public key cryptography, they can establish a secure connection to each other. 

2. No Middleman. Secured Channel 

Encrypted communication without using servers.


Because no server is involved, all communication will happen directly. This makes it difficult for hackers to compromise encrypted messages or steal keys. In addition, all messages a user receives will be stored in his or her device where they can be kept or removed permanently. It is not only decentralized, it is distributed.

3. Maintaining Security with Blockchaining

Using the past to secure the future.


What information do the parties share that nobody else knows? By using previous message and the previous key as input data for new key generation, security can be enhanced over time. Even if an old key is stolen, security is not compromised because the key is updated when new messages are sent.

Conclusion

Just like in friendship – the more we communicate, the stronger the relationship.


Our proposed solution will result in high security messaging that strengthens over time. Potential difficulties with our solution include: complexity introduced by encryption, multiple devices per user, and group chat. All these would need adaptations to work with our model. We see the distributed model of networking with blockchain encryption as the future of online communication.


The Poster

Nik

I am passionate about creating stuff and want to change the world.

No comments:

Post a Comment