In the era of social media and messaging applications, people are becoming increasingly aware of data privacy issues associated with such apps. Major messaging applications are moving towards end-to-end encryption (E2EE) to give their users the privacy they are demanding. However the current security mechanisms employed by different service providers are not unfeigned E2EE implementations, and are blended with many vulnerabilities. In the present scenario, the major part of the E2EE mechanism is controlled by the service provider's servers, and the decryption keys are stored by them in case of backup restoration. These shortcomings diminish the user's confidence in the privacy of their data while using these apps. A public Key infrastructure (PKI) mechanism can be used to circumvent some of these issues, but it comes with high monetary costs, which makes it impossible to roll out for millions of users. The paper proposes a blockchain-based E2EE framework that can mitigate the contemporary vulnerabilities in messaging applications. The user's device generates the public/private key pair during application installation, and asks its mobile network operator (MNO) to issue a digital certificate and store it on the blockchain. A user can fetch a certificate for another user from the chat server and communicate securely with them using a ratchet forward encryption mechanism.
翻译:在社交媒体和短信应用的时代,人们日益意识到与这些应用软件有关的数据隐私问题。主要信息应用程序正在走向终端到终端加密(E2EE),以便让用户拥有他们所要求的隐私。但是,不同的服务提供商目前所使用的安全机制并不是没有违抗的E2EE实施程序,而是与许多弱点混在一起。在目前情况下,E2EE机制的主要部分由服务提供商的服务器控制,在进行备份恢复时由他们储存解密键。这些缺陷降低了用户对其数据隐私的信心。使用这些应用程序时,用户对其数据隐私的信心。公共钥匙基础设施(PKI)机制可以用来规避其中一些问题,但需要高昂的货币成本,这使得数百万用户无法推出。本文提出了一个基于链的E2EE机制,可以减轻当前在短信应用中的脆弱性。用户的装置在应用程序安装期间生成公共/私人密钥,并要求其移动网络操作员(MNO)在使用这些应用程序时,签发数字证书并将其储存在街区链式服务器上。用户可以使用另一个加密的证书,以便用加密的服务器进行另一个链接通信。
相关内容
微信扫码咨询专知VIP会员