Designing secure mobile messaging over the internet
Item Usage Stats
MetadataShow full item record
Mobile messaging over the Internet is one of the most actively used communication methods. As it is heavily used for almost all kind of topics, the security of it becomes a major concern. However, there is no widely accepted security protocol standard for it. Each implementation either de nes its own security protocol or adopts an existing one. We have de ned a set of security requirements for secure messaging applications. Some of the most popular secure messaging applications (Cryptocat, Telegram, Threema and Signal) are analyzed according to these requirements. We have also designed our solution to match the requirements and improved its security as much as possible without harming the usability. Our solution provides E2E encrypted messaging with PFS support, local disk encryption, certi cate pinning, improved random number generation with user input and uses a strong KDF. Our design rationales for the requirements are presented and discussed in detail.