Pandora Messaging: An Enhanced Self-Message-Destructing Secure Instant Messaging Architecture for Mobile Devices

We propose the Pandora Messaging, an enhanced secure instant messaging architecture which is equipped with a self-message-destructing feature for sensitive personal information applications in a mobile environment. We design the Pandora Message Encryption and Exchange Scheme and the format of a self-destructible message to show how to exchange these messages atop the existing instant messaging service architecture (in this case, XMPP). The Pandora Messaging-based system enables senders to set time, frequency, and location constraints. These conditions determine when the transmitted messages should be destructed and thus become unreadable for receivers. The Pandora Messaging-based system securely sends self-destructible messages to receivers in a way that it uses ephemeral keys to encrypt the messages and transmits the encrypted messages to the designated receivers via the XMPP instant messaging service in real time. When the transmitted messages' constraints are satisfied, the ephemeral key used for encryption will be deleted. Thus, the encrypted messages become unrecoverable. We have implemented a simple messenger application on the Android platform and have evaluated its performance to show that our proposed Pandora Messaging architecture is practical and feasible for sensitive personal information communication on mobile devices.

[1]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[2]  Alexey Melnikov,et al.  Simple Authentication and Security Layer (SASL) , 2006, RFC.

[3]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[4]  Radia J. Perlman,et al.  File system design with assured delete , 2005, Third IEEE International Security in Storage Workshop (SISW'05).

[5]  Srdjan Capkun,et al.  Keeping data secret under full compromise using porter devices , 2010, ACSAC '10.

[6]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[7]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[8]  Mohammad Mannan Secure Public Instant Messaging: A Survey † , 2004 .

[9]  Richard J. Lipton,et al.  A Revocable Backup System , 1996, USENIX Security Symposium.

[10]  Radia Perlman,et al.  The ephemerizer: making data disappear , 2005 .

[11]  Dirk Fox,et al.  Advanced Encryption Standard (AES) , 1999, Datenschutz und Datensicherheit.

[12]  Brent Waters,et al.  Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs , 2010, NDSS.

[13]  Shohachiro Nakanishi,et al.  Secure instant messaging protocol preserving confidentiality against administrator , 2004, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004..

[14]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.