Advertisement

End-to-End Encryption Schemes for Online Social Networks

  • Fabian SchillingerEmail author
  • Christian Schindelhauer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11611)

Abstract

In a secure Online Social Network (OSN) an attacker with access to the server cannot use the saved data of any user to read the private communication. It should allow users to use the OSN even if they are not technically savvy and have no knowledge about cryptography. We present and discuss an end-to-end encryption based approach that uses the RSA public-key encryption algorithm, as well as the AES symmetric-key encryption algorithm. The result is a fully working personal message service, also known as online chat. Instead of relying on third-party projects with questionable or unknown security levels our prototype is built from scratch in JavaScript.

Keywords

Cryptographic protocols Security Online social networks Personal message service Online chat system 

Notes

Acknowledgments

We would like to thank Mr. Aveg Chaudhary for the interesting discussions about end-to-end encryption during the supervision of his master’s thesis. The authors acknowledge the financial support by the Federal Ministry of Education and Research of Germany in the framework of SoNaTe (project number 16SV7405).

References

  1. 1.
    ANSI: Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA). Technical report ANSI X9.62, ANSI (1999)Google Scholar
  2. 2.
    Can I use web cryptography. https://caniuse.com/#feat=cryptography
  3. 3.
    Chen, L., Zhou, S.: The comparisons between public key and symmetric key cryptography in protecting storage systems. In: 2010 International Conference on Computer Application and System Modeling (ICCASM 2010), vol. 4, pp. V4–494-V4-502, October 2010.  https://doi.org/10.1109/ICCASM.2010.5620632
  4. 4.
  5. 5.
    Finney, H., Donnerhacke, L., Callas, J., Thayer, R.L., Shaw, D.: OpenPGP message format. RFC 4880, November 2007.  https://doi.org/10.17487/RFC4880, https://rfc-editor.org/rfc/rfc4880.txt
  6. 6.
    Guha, S., Tang, K., Francis, P.: NOYB: privacy in online social networks. In: Proceedings of the First Workshop on Online Social Networks, WOSN 2008, pp. 49–54. ACM, New York (2008).  https://doi.org/10.1145/1397735.1397747, http://doi.acm.org/10.1145/1397735.1397747
  7. 7.
    Hassinen, M.: SafeSMS - end-to-end encryption for SMS. In: Proceedings of the 8th International Conference on Telecommunications, 2005. ConTEL 2005, vol. 2, pp. 359–365, June 2005.  https://doi.org/10.1109/CONTEL.2005.185905
  8. 8.
    Klensin, D.J.C.: Simple mail transfer protocol. RFC 5321, October 2008.  https://doi.org/10.17487/RFC5321, https://rfc-editor.org/rfc/rfc5321.txt
  9. 9.
    Lauinger, T., Chaabane, A., Arshad, S., Robertson, W., Wilson, C., Kirda, E.: Thou shalt not depend on me: Analysing the use of outdated javascript libraries on the web. In: Proceedings of the 24th Annual Network and Distributed System Security Symposium (NDSS 2017). The Internet Society (2017)Google Scholar
  10. 10.
    Lucas, M.M., Borisov, N.: FlyByNight: mitigating the privacy risks of social networking. In: Proceedings of the 7th ACM Workshop on Privacy in the Electronic Society, WPES 2008, pp. 1–8. ACM, New York (2008).  https://doi.org/10.1145/1456403.1456405, https://doi.acm.org/10.1145/1456403.1456405
  11. 11.
    Marlinspike, M.: The double ratchet algorithm. https://signal.org/docs/specifications/doubleratchet/
  12. 12.
    Marlinspike, M.: The X3DH key agreement protocol. https://signal.org/docs/specifications/x3dh/
  13. 13.
    OTR development team: off-the-record messaging protocol version 3. https://otr.cypherpunks.ca/Protocol-v3-4.1.1.html
  14. 14.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Straub, A.: XEP-0384: OMEMO encryption (1999–2018). https://xmpp.org/extensions/xep-0384.html
  16. 16.
    Turner, S., Ramsdell, B.C.: Secure/multipurpose internet mail extensions (S/MIME) version 3.2 message specification. RFC 5751, January 2010.  https://doi.org/10.17487/RFC5751, https://rfc-editor.org/rfc/rfc5751.txt
  17. 17.
    Web cryptography API - W3C recommendation 26 January 2017. https://www.w3.org/TR/2017/REC-WebCryptoAPI-20170126/
  18. 18.
    Number of daily active WhatsApp status users from 1st quarter 2017 to 2nd quarter 2018 (in millions). https://www.statista.com/statistics/730306/whatsapp-status-dau/

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Computer Networks and Telematics, Department of Computer ScienceUniversity of FreiburgFreiburg im BreisgauGermany

Personalised recommendations