暂无分享,去创建一个
In this era of ubiquitous social media and messaging applications, users are becoming increasingly aware of the data privacy issues associated with such apps. Major messaging applications are moving towards end-to-end encryption (E2EE) to give their users the privacy they are demanding. However the current security mechanisms employed by different service providers are not unfeigned E2EE implementations, and are blended with many vulnerabilities. At present, the major part of the E2EE mechanism is controlled by the service provider’s servers, and the decryption keys are also stored by them in case of backup restoration. These shortcomings diminish user confidence in the privacy of their data when using these apps. A public key infrastructure (PKI) can be used to circumvent some of these issues, but it comes with high monetary costs, which makes it impossible to roll out on a global scale. This paper proposes a blockchain-based E2EE framework that can mitigate many of the contemporary vulnerabilities in today’s messaging applications. A user’s device generates the public/private key pair during application installation, and asks its mobile network operator (MNO) to issue a digital certificate and store it on a public blockchain. Any user can fetch a certificate for another user from the application server, and communicate securely with them using a ratchet forward encryption mechanism.
[1] Siyamak Shahpasand,et al. SINGLETON: A lightweight and secure end-to-end encryption protocol for the sensor networks in the Internet of Things based on cryptographic ratchets , 2020, The Journal of Supercomputing.
[2] Jörg Schwenk,et al. More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).
[3] Hitesh Tewari,et al. X509Cloud — Framework for a ubiquitous PKI , 2017, MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM).