Secure communication through untrusted server

Abstract

In recent times the usage of Smartphone has significantly increased. Instant Messaging (IM) is widely being used in smart phones. IM is a type of communication service over the Internet that enables individuals to exchange text messages and track availability of a list of users in real-time. Despite these good features and the continuous increase of Smartphone users, there have been very little concerns drawn towards the security measures of IM applications. For these kinds of applications, security is the main concern. These applications rely on servers to store user related information, key generation, key management, key exchange process and also the encryption of confidential information. Unfortunately, there always is a chance of malicious attacks in the server side. Anyone with access to the server may obtain all of the data stored there. In most of the existing applications, the public and private key pair is generated at server-side and the private key is shared with the user for use in communication. A man-in-the-middle attack can compromise the private key during the sharing and thus, make the communication vulnerable. Existing systems do not provide the entire security of private key that should never be shared with someone other than the authorized entity. The motivation for this work is the need to identifying security services of an IM application and to design a secure system for IM applications. Our prime goal is to restrict server to have access or store the private keys and ensure that the server can’t read messages users are sending. We aim to provide cryptographically strong security while generating the public and private keys and exchanging them with the client. To ensure that only the intended parties get access to the sent data, asymmetric encryption is used. Every client has their own private keys stored client-side and their public keys stored on the server attached to the user in a database. This forces the private key to be safe from the malicious attacks in the server. In this way, we ensure secure communication through untrusted server.