29,380 research outputs found
Formal security analysis of registration protocols for interactive systems: a methodology and a case of study
In this work we present and formally analyze CHAT-SRP (CHAos based
Tickets-Secure Registration Protocol), a protocol to provide interactive and
collaborative platforms with a cryptographically robust solution to classical
security issues. Namely, we focus on the secrecy and authenticity properties
while keeping a high usability. In this sense, users are forced to blindly
trust the system administrators and developers. Moreover, as far as we know,
the use of formal methodologies for the verification of security properties of
communication protocols isn't yet a common practice. We propose here a
methodology to fill this gap, i.e., to analyse both the security of the
proposed protocol and the pertinence of the underlying premises. In this
concern, we propose the definition and formal evaluation of a protocol for the
distribution of digital identities. Once distributed, these identities can be
used to verify integrity and source of information. We base our security
analysis on tools for automatic verification of security protocols widely
accepted by the scientific community, and on the principles they are based
upon. In addition, it is assumed perfect cryptographic primitives in order to
focus the analysis on the exchange of protocol messages. The main property of
our protocol is the incorporation of tickets, created using digests of chaos
based nonces (numbers used only once) and users' personal data. Combined with a
multichannel authentication scheme with some previous knowledge, these tickets
provide security during the whole protocol by univocally linking each
registering user with a single request. [..]Comment: 32 pages, 7 figures, 8 listings, 1 tabl
Forensic Analysis of the ChatSecure Instant Messaging Application on Android Smartphones
We present the forensic analysis of the artifacts generated on Android
smartphones by ChatSecure, a secure Instant Messaging application that provides
strong encryption for transmitted and locally-stored data to ensure the privacy
of its users.
We show that ChatSecure stores local copies of both exchanged messages and
files into two distinct, AES-256 encrypted databases, and we devise a technique
able to decrypt them when the secret passphrase, chosen by the user as the
initial step of the encryption process, is known.
Furthermore, we show how this passphrase can be identified and extracted from
the volatile memory of the device, where it persists for the entire execution
of ChatSecure after having been entered by the user, thus allowing one to carry
out decryption even if the passphrase is not revealed by the user.
Finally, we discuss how to analyze and correlate the data stored in the
databases used by ChatSecure to identify the IM accounts used by the user and
his/her buddies to communicate, as well as to reconstruct the chronology and
contents of the messages and files that have been exchanged among them.
For our study we devise and use an experimental methodology, based on the use
of emulated devices, that provides a very high degree of reproducibility of the
results, and we validate the results it yields against those obtained from real
smartphones
Public Key Infrastructure based on Authentication of Media Attestments
Many users would prefer the privacy of end-to-end encryption in their online
communications if it can be done without significant inconvenience. However,
because existing key distribution methods cannot be fully trusted enough for
automatic use, key management has remained a user problem. We propose a
fundamentally new approach to the key distribution problem by empowering
end-users with the capacity to independently verify the authenticity of public
keys using an additional media attestment. This permits client software to
automatically lookup public keys from a keyserver without trusting the
keyserver, because any attempted MITM attacks can be detected by end-users.
Thus, our protocol is designed to enable a new breed of messaging clients with
true end-to-end encryption built in, without the hassle of requiring users to
manually manage the public keys, that is verifiably secure against MITM
attacks, and does not require trusting any third parties
The Proposed Development of Prototype with Secret Messages Model in Whatsapp Chat
Development of prototype at data security through secret messages is needed for disguising the messages sent in smartphone chatting application, WhatsApp (WA) Chat. We propose a model to disguise a plaintext message which is first encrypted by cryptosystem to change the plaintext message to ciphertext. Plaintext or plainimage entering the smartphone system is changed into encrypted text; receiver then can read the message by using similar key with the sender. The weakness of this proposal is the message random system is not planted directly in the chatting application; therefore message removing process from cryptosystem to WA application is still needed. The strength of using this model is the messages sent will not be easily re-encrypted by hacker and can be used at client computing section
Design of Secure Chatting Application with End to End Encryption for Android Platform
In this paper, a secure chatting application with end to end encryption for smart phones that used the android OS has beenproposed. This is achieved by the use of public key cryptography techniques. The proposed application used the Elliptic Curve DiffieHellman Key Exchange (ECDH) algorithm to generate the key pair and exchange to produce the shared key that will be used for theencryption of data by symmetric algorithms. The proposed Application allows the users to communicate via text messages, voicemessages and photos. For the text message security the standard AES algorithm with a 128 bit key are used. The generated key (160 bit)minimized to 128 bit length by selecting the first 128 bit of the generated key in order to be used by the AES algorithm. For the voice andimage security processes the proposed application used the symmetric algorithm RC4 for this purpose
- …