Abstract
In a secure Online Social Network (OSN) an attacker with access to the server cannot use the saved data of any user to read the private communication. It should allow users to use the OSN even if they are not technically savvy and have no knowledge about cryptography. We present and discuss an end-to-end encryption based approach that uses the RSA public-key encryption algorithm, as well as the AES symmetric-key encryption algorithm. The result is a fully working personal message service, also known as online chat. Instead of relying on third-party projects with questionable or unknown security levels our prototype is built from scratch in JavaScript.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The \(senderId'\) variable is appended by the server automatically when it saves messages to the database.
References
ANSI: Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA). Technical report ANSI X9.62, ANSI (1999)
Can I use web cryptography. https://caniuse.com/#feat=cryptography
Chen, L., Zhou, S.: The comparisons between public key and symmetric key cryptography in protecting storage systems. In: 2010 International Conference on Computer Application and System Modeling (ICCASM 2010), vol. 4, pp. V4–494-V4-502, October 2010. https://doi.org/10.1109/ICCASM.2010.5620632
Facebook Q3 2018 results. https://s21.q4cdn.com/399680738/files/doc_financials/2018/Q3/Q3-2018-Earnings-Presentation.pdf
Finney, H., Donnerhacke, L., Callas, J., Thayer, R.L., Shaw, D.: OpenPGP message format. RFC 4880, November 2007. https://doi.org/10.17487/RFC4880, https://rfc-editor.org/rfc/rfc4880.txt
Guha, S., Tang, K., Francis, P.: NOYB: privacy in online social networks. In: Proceedings of the First Workshop on Online Social Networks, WOSN 2008, pp. 49–54. ACM, New York (2008). https://doi.org/10.1145/1397735.1397747, http://doi.acm.org/10.1145/1397735.1397747
Hassinen, M.: SafeSMS - end-to-end encryption for SMS. In: Proceedings of the 8th International Conference on Telecommunications, 2005. ConTEL 2005, vol. 2, pp. 359–365, June 2005. https://doi.org/10.1109/CONTEL.2005.185905
Klensin, D.J.C.: Simple mail transfer protocol. RFC 5321, October 2008. https://doi.org/10.17487/RFC5321, https://rfc-editor.org/rfc/rfc5321.txt
Lauinger, T., Chaabane, A., Arshad, S., Robertson, W., Wilson, C., Kirda, E.: Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. In: Proceedings of the 24th Annual Network and Distributed System Security Symposium (NDSS 2017). The Internet Society (2017)
Lucas, M.M., Borisov, N.: FlyByNight: mitigating the privacy risks of social networking. In: Proceedings of the 7th ACM Workshop on Privacy in the Electronic Society, WPES 2008, pp. 1–8. ACM, New York (2008). https://doi.org/10.1145/1456403.1456405, https://doi.acm.org/10.1145/1456403.1456405
Marlinspike, M.: The double ratchet algorithm. https://signal.org/docs/specifications/doubleratchet/
Marlinspike, M.: The X3DH key agreement protocol. https://signal.org/docs/specifications/x3dh/
OTR development team: off-the-record messaging protocol version 3. https://otr.cypherpunks.ca/Protocol-v3-4.1.1.html
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Straub, A.: XEP-0384: OMEMO encryption (1999–2018). https://xmpp.org/extensions/xep-0384.html
Turner, S., Ramsdell, B.C.: Secure/multipurpose internet mail extensions (S/MIME) version 3.2 message specification. RFC 5751, January 2010. https://doi.org/10.17487/RFC5751, https://rfc-editor.org/rfc/rfc5751.txt
Web cryptography API - W3C recommendation 26 January 2017. https://www.w3.org/TR/2017/REC-WebCryptoAPI-20170126/
Number of daily active WhatsApp status users from 1st quarter 2017 to 2nd quarter 2018 (in millions). https://www.statista.com/statistics/730306/whatsapp-status-dau/
Acknowledgments
We would like to thank Mr. Aveg Chaudhary for the interesting discussions about end-to-end encryption during the supervision of his master’s thesis. The authors acknowledge the financial support by the Federal Ministry of Education and Research of Germany in the framework of SoNaTe (project number 16SV7405).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Schillinger, F., Schindelhauer, C. (2019). End-to-End Encryption Schemes for Online Social Networks. In: Wang, G., Feng, J., Bhuiyan, M., Lu, R. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2019. Lecture Notes in Computer Science(), vol 11611. Springer, Cham. https://doi.org/10.1007/978-3-030-24907-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-24907-6_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24906-9
Online ISBN: 978-3-030-24907-6
eBook Packages: Computer ScienceComputer Science (R0)