Skip to main content
SpringerLink
Log in

End-to-End Encryption Schemes for Online Social Networks

  • Conference paper
  • First Online:
Security, Privacy, and Anonymity in Computation, Communication, and Storage (SpaCCS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11611))

Abstract

In a secure Online Social Network (OSN) an attacker with access to the server cannot use the saved data of any user to read the private communication. It should allow users to use the OSN even if they are not technically savvy and have no knowledge about cryptography. We present and discuss an end-to-end encryption based approach that uses the RSA public-key encryption algorithm, as well as the AES symmetric-key encryption algorithm. The result is a fully working personal message service, also known as online chat. Instead of relying on third-party projects with questionable or unknown security levels our prototype is built from scratch in JavaScript.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The \(senderId'\) variable is appended by the server automatically when it saves messages to the database.

References

  1. ANSI: Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA). Technical report ANSI X9.62, ANSI (1999)

    Google Scholar 

  2. Can I use web cryptography. https://caniuse.com/#feat=cryptography

  3. Chen, L., Zhou, S.: The comparisons between public key and symmetric key cryptography in protecting storage systems. In: 2010 International Conference on Computer Application and System Modeling (ICCASM 2010), vol. 4, pp. V4–494-V4-502, October 2010. https://doi.org/10.1109/ICCASM.2010.5620632

  4. Facebook Q3 2018 results. https://s21.q4cdn.com/399680738/files/doc_financials/2018/Q3/Q3-2018-Earnings-Presentation.pdf

  5. Finney, H., Donnerhacke, L., Callas, J., Thayer, R.L., Shaw, D.: OpenPGP message format. RFC 4880, November 2007. https://doi.org/10.17487/RFC4880, https://rfc-editor.org/rfc/rfc4880.txt

  6. Guha, S., Tang, K., Francis, P.: NOYB: privacy in online social networks. In: Proceedings of the First Workshop on Online Social Networks, WOSN 2008, pp. 49–54. ACM, New York (2008). https://doi.org/10.1145/1397735.1397747, http://doi.acm.org/10.1145/1397735.1397747

  7. Hassinen, M.: SafeSMS - end-to-end encryption for SMS. In: Proceedings of the 8th International Conference on Telecommunications, 2005. ConTEL 2005, vol. 2, pp. 359–365, June 2005. https://doi.org/10.1109/CONTEL.2005.185905

  8. Klensin, D.J.C.: Simple mail transfer protocol. RFC 5321, October 2008. https://doi.org/10.17487/RFC5321, https://rfc-editor.org/rfc/rfc5321.txt

  9. Lauinger, T., Chaabane, A., Arshad, S., Robertson, W., Wilson, C., Kirda, E.: Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. In: Proceedings of the 24th Annual Network and Distributed System Security Symposium (NDSS 2017). The Internet Society (2017)

    Google Scholar 

  10. Lucas, M.M., Borisov, N.: FlyByNight: mitigating the privacy risks of social networking. In: Proceedings of the 7th ACM Workshop on Privacy in the Electronic Society, WPES 2008, pp. 1–8. ACM, New York (2008). https://doi.org/10.1145/1456403.1456405, https://doi.acm.org/10.1145/1456403.1456405

  11. Marlinspike, M.: The double ratchet algorithm. https://signal.org/docs/specifications/doubleratchet/

  12. Marlinspike, M.: The X3DH key agreement protocol. https://signal.org/docs/specifications/x3dh/

  13. OTR development team: off-the-record messaging protocol version 3. https://otr.cypherpunks.ca/Protocol-v3-4.1.1.html

  14. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    Article  MathSciNet  Google Scholar 

  15. Straub, A.: XEP-0384: OMEMO encryption (1999–2018). https://xmpp.org/extensions/xep-0384.html

  16. Turner, S., Ramsdell, B.C.: Secure/multipurpose internet mail extensions (S/MIME) version 3.2 message specification. RFC 5751, January 2010. https://doi.org/10.17487/RFC5751, https://rfc-editor.org/rfc/rfc5751.txt

  17. Web cryptography API - W3C recommendation 26 January 2017. https://www.w3.org/TR/2017/REC-WebCryptoAPI-20170126/

  18. Number of daily active WhatsApp status users from 1st quarter 2017 to 2nd quarter 2018 (in millions). https://www.statista.com/statistics/730306/whatsapp-status-dau/

Download references

Acknowledgments

We would like to thank Mr. Aveg Chaudhary for the interesting discussions about end-to-end encryption during the supervision of his master’s thesis. The authors acknowledge the financial support by the Federal Ministry of Education and Research of Germany in the framework of SoNaTe (project number 16SV7405).

Author information

Authors and Affiliations

  1. Computer Networks and Telematics, Department of Computer Science, University of Freiburg, Freiburg im Breisgau, Germany

    Fabian Schillinger & Christian Schindelhauer

Authors
  1. Fabian Schillinger
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian Schindelhauer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fabian Schillinger .

Editor information

Editors and Affiliations

  1. Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Huazhong University of Science and Technology, Wuhan, China

    Jun Feng

  3. Fordham University, New York City, NY, USA

    Md Zakirul Alam Bhuiyan

  4. University of New Brunswick, Fredericton, NB, Canada

    Rongxing Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Schillinger, F., Schindelhauer, C. (2019). End-to-End Encryption Schemes for Online Social Networks. In: Wang, G., Feng, J., Bhuiyan, M., Lu, R. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2019. Lecture Notes in Computer Science(), vol 11611. Springer, Cham. https://doi.org/10.1007/978-3-030-24907-6_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-24907-6_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-24906-9

  • Online ISBN: 978-3-030-24907-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation