2/2024 - 6 |
Enhancing Security and Privacy in Modern Text-Based Instant Messaging CommunicationsVUKOVIC GRBIC, D. , DJURIC, Z., KELEC, A. |
View the paper record and citations in |
Click to see author's profile in SCOPUS, IEEE Xplore, Web of Science |
Download PDF (1,334 KB) | Citation | Downloads: 374 | Views: 420 |
Author keywords
cryptography, formal protocol verification, privacy, security, steganography
References keywords
security(12), protocol(10), steganography(9), secure(8), communication(8), verification(6), text(5), science(5), link(5), formal(5)
Blue keywords are present in both the references section and the paper title.
About this article
Date of Publication: 2024-05-31
Volume 24, Issue 2, Year 2024, On page(s): 49 - 60
ISSN: 1582-7445, e-ISSN: 1844-7600
Digital Object Identifier: 10.4316/AECE.2024.02006
Web of Science Accession Number: 001242091800006
SCOPUS ID: 85195681328
Abstract
Modern society changed the way of communication: instead of communicating face-to-face, people more often communicate using text-based instant messaging (IM) applications. These applications use appropriate protocols to facilitate communication between end users. It is crucial to ensure both the security and an adequate level of privacy for end users. Many existing protocols having the same purpose might be considered potentially suspicious. The reason for this is the usage of encryption - encrypted traffic is often targeted by mass surveillance tools. This paper presents a novel protocol named StegaCloak. By combining cryptography with steganography, this protocol enhances security and privacy in modern text-based IM communication. Furthermore, it addresses one important weakness of other similar protocols - detectability, by hiding real communication within regular chat messages. We described our protocol using two approaches: a simple diagram of messages flow and formal protocol flow notation. The proposed protocol is compared to some of the most well-known IM protocols today, OTR and Signal. Its security is verified using the AVISPA tool, a tool designed for the formal verification of security protocols. |
References | | | Cited By «-- Click to see who has cited this paper |
[1] J. M. Hudson, P. L. Witt, "Internet Relay Chat (IRC)," in Handbook of Computer Networks, 1st ed., H. Bidgoli, Ed., Wiley, 2007, pp. 889-897. [CrossRef] [SCOPUS Times Cited 2] [2] C. Fuchs, D. Trottier, "Internet surveillance after Snowden: A critical empirical study of computer experts' attitudes on commercial and state surveillance of the Internet and social media post-Edward Snowden," JICES, vol. 15, no. 4, pp. 412-444, Dec. 2017. [CrossRef] [Web of Science Times Cited 21] [SCOPUS Times Cited 25] [3] B. Schneier. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. First published as a Norton paperback in 2016. New York London: W.W. Norton & Company, 2016 [4] D. Vukovic, D. Gligoroski, Z. Djuric, "CryptoCloak protocol and the prototype application," 2015 IEEE Conference on Communications and Network Security (CNS), Florence, Italy: IEEE, Sep. 2015, pp. 721-722. [CrossRef] [SCOPUS Times Cited 3] [5] R. Stedman, K. Yoshida, I. Goldberg, "A user study of off-the-record messaging," in Proceedings of the 4th symposium on Usable privacy and security, Pittsburgh Pennsylvania USA: ACM, Jul. 2008, pp. 95-104. [CrossRef] [SCOPUS Times Cited 17] [6] O. Bini, S. Celi, "No evidence of communication and implementing a protocol: Off-the-Record protocol version 4," presented at PoPETS symposium 2018. [Online] Available: Temporary on-line reference link removed - see the PDF document [7] OTRv4, [Online] Available: Temporary on-line reference link removed - see the PDF document [8] K. Cohn-Gordon, C. Cremers, B. Dowling, L. Garratt, D. Stebila, "A formal security analysis of the signal messaging protocol," J Cryptol, vol. 33, no. 4, pp. 1914-1983, Oct. 2020. [CrossRef] [Web of Science Times Cited 55] [SCOPUS Times Cited 77] [9] M. S. Taha, M. S. Mohd Rahim, S. A. Lafta, M. M. Hashim, H. M. Alzuabidi, "Combination of steganography and cryptography: A short survey," IOP Conf. Ser.: Mater. Sci. Eng., vol. 518, no. 5, p. 052003, May 2019. [CrossRef] [Web of Science Times Cited 29] [SCOPUS Times Cited 77] [10] S. Saraireh, "A secure data communication system using cryptography and steganography," International Journal of Computer Networks & Communications (IJCNC) Vol.5, No.3, May 2013. [Online] Available: Temporary on-line reference link removed - see the PDF document [11] P. P. Aung, T. M. Naing, "A novel secure combination technique of steganography and cryptography," IJITMC, vol. 2, no. 1, pp. 55-62, Feb. 2014. [CrossRef] [12] A. Jan, S. A. Parah, M. Hussan, B. A. Malik, "Double layer security using crypto-stego techniques: A comprehensive review," Health Technol., vol. 12, no. 1, pp. 9-31, Jan. 2022. [CrossRef] [Web of Science Times Cited 8] [SCOPUS Times Cited 16] [13] A. M. Ahmed, A. S. Nori, "Improve security using steganography and cryptography based on smartphone users locations," in 2022 Second International Conference on Advances in Electrical, Computing, Communication and Sustainable Technologies (ICAECT), Bhilai, India: IEEE, Apr. 2022, pp. 1-7. [CrossRef] [Web of Science Times Cited 1] [SCOPUS Times Cited 1] [14] M. Junaid, K. Farhan, "Enhanced audio LSB steganography for secure communication," IJACSA, vol. 7, no. 1, 2016. [CrossRef] [15] E. W. Abood et al., "Audio steganography with enhanced LSB method for securing encrypted text with bit cycling," Bulletin EEI, vol. 11, no. 1, pp. 185-194, Feb. 2022. [CrossRef] [SCOPUS Times Cited 7] [16] J. Peng, S. Tang, "Covert communication over VoIP streaming media with dynamic key distribution and authentication," IEEE Trans. Ind. Electron., vol. 68, no. 4, pp. 3619-3628, Apr. 2021. [CrossRef] [Web of Science Times Cited 12] [SCOPUS Times Cited 17] [17] A. Chandragiri, P. A. Cooper, L. Yanxin, L. Qingzhong, "Implementing secure communication on short text messaging," In Proceedings of the 2nd International Symposium on Digital Forensics and Security, pp. 77-80, 2014 [18] M. Taleby Ahvanooey, Q. Li, J. Hou, H. Dana Mazraeh, J. Zhang, "AITSteg: An innovative text steganography technique for hidden transmission of text message via social media," IEEE Access, vol. 6, pp. 65981-65995, 2018. [CrossRef] [Web of Science Times Cited 30] [SCOPUS Times Cited 46] [19] S. Kingslin, N. Kavitha, "Evaluative approach towards text steganographic techniques," Indian Journal of Science and Technology, vol. 8, no. 29, Nov. 2015. [CrossRef] [20] A. Yahya, "Steganography techniques," in Steganography Techniques for Digital Images, Cham: Springer International Publishing, 2019, pp. 9-42. [CrossRef] [21] A. Armando et al., "The AVISPA tool for the automated validation of internet security protocols and applications," in Computer Aided Verification, vol. 3576, K. Etessami and S. K. Rajamani, Eds., in Lecture Notes in Computer Science, vol. 3576. , Berlin, Heidelberg: Springer Berlin Heidelberg, 2005, pp. 281-285. [CrossRef] [SCOPUS Times Cited 1011] [22] A. H. Shinde, A. Umbarkar, N. R. Pillai, "Cryptographic protocols specification and verification tools - A Survey," IJCT, vol. 08, no. 02, pp. 1533-1539, Jun. 2017. [CrossRef] [23] P. R. Yogesh, D. S. R, "Formal verification of secure evidence collection protocol using BAN Logic and AVISPA," Procedia Computer Science, vol. 167, pp. 1334-1344, 2020. [CrossRef] [Web of Science Times Cited 20] [SCOPUS Times Cited 36] [24] M. Singh, M. Ranganathan, "Formal verification of bootstrapping remote secure key infrastructures (BRSKI) protocol using AVISPA," National Institute of Standards and Technology Technical Note 2123, Oct. 2020. [CrossRef] [25] A. D. Azzahra, Y. Farida, A. A. Lestari, "Formal Analysis of SMAP Fog/Edge Protocol Using AVISPA," in 2022 1st International Conference on Smart Technology, Applied Informatics, and Engineering (APICS), Surakarta, Indonesia: IEEE, Aug. 2022, pp. 31-35. [CrossRef] [SCOPUS Times Cited 1] [26] M. M. Modiri, J. Mohajeri, M. Salmasizadeh, "A novel group-based secure lightweight authentication and key agreement protocol for machine-type communication," Scientia Iranica, Feb. 2021. [CrossRef] [Web of Science Times Cited 3] [SCOPUS Times Cited 5] [27] H. Dalkilic, M. H. Ozcanhan, "A strong mutual authentication protocol for securing wearable smart textile applications," Adv. Electr. Comp. Eng., vol. 22, no. 1, pp. 31-38, 2022. [CrossRef] [Full Text] [Web of Science Times Cited 3] [SCOPUS Times Cited 3] [28] T. Genet, "A Short SPAN+AVISPA Tutorial," [Research Report] IRISA, 2015. [Online] Available: Temporary on-line reference link removed - see the PDF document [29] A. Gotsman, F. Massacci, M. Pistore, "Towards an independent semantics and verification technology for the HLPSL specification language," Electronic Notes in Theoretical Computer Science, vol. 135, no. 1, pp. 59-77, Jul. 2005. [CrossRef] [Web of Science Times Cited 7] [SCOPUS Times Cited 8] [30] D. Dolev, A. Yao, "On the security of public key protocols," IEEE Trans. Inform. Theory, vol. 29, no. 2, pp. 198-208, Mar. 1983. [CrossRef] [Web of Science Times Cited 3090] [SCOPUS Times Cited 4075] [31] D. Adrian et al., "Imperfect forward secrecy: How Diffie-Hellman fails in practice," in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver Colorado USA: ACM, Oct. 2015, pp. 5-17. [CrossRef] [Web of Science Times Cited 183] [SCOPUS Times Cited 299] [32] C. Johansen, A. Mujaj, H. Arshad, J. Noll, "The snowden phone: A comparative survey of secure instant messaging mobile applications," Security and Communication Networks, vol. 2021, pp. 1-30, Jul. 2021. [CrossRef] [Web of Science Times Cited 2] [SCOPUS Times Cited 3] [33] J. Alwen, S. Coretti, Y. Dodis, "The double ratchet: Security notions, proofs, and modularization for the signal protocol," in Advances in Cryptology - EUROCRYPT 2019, vol. 11476, Y. Ishai and V. Rijmen, Eds., in Lecture Notes in Computer Science, vol. 11476, Cham: Springer International Publishing, 2019, pp. 129-158. [CrossRef] [Web of Science Times Cited 61] [SCOPUS Times Cited 71] [34] N. Kobeissi, "Formal verification for real-world cryptographic protocols and implementations," Cryptography and Security [cs.CR]. Universite Paris sciences et lettres, 2018. English. ffNNT: 2018PSLEE065ff, fftel-03245433v4. [Online] Available: Temporary on-line reference link removed - see the PDF document Web of Science® Citations for all references: 3,525 TCR SCOPUS® Citations for all references: 5,800 TCR Web of Science® Average Citations per reference: 101 ACR SCOPUS® Average Citations per reference: 166 ACR TCR = Total Citations for References / ACR = Average Citations per Reference We introduced in 2010 - for the first time in scientific publishing, the term "References Weight", as a quantitative indication of the quality ... Read more Citations for references updated on 2024-10-04 04:25 in 183 seconds. Note1: Web of Science® is a registered trademark of Clarivate Analytics. Note2: SCOPUS® is a registered trademark of Elsevier B.V. Disclaimer: All queries to the respective databases were made by using the DOI record of every reference (where available). Due to technical problems beyond our control, the information is not always accurate. Please use the CrossRef link to visit the respective publisher site. |
Faculty of Electrical Engineering and Computer Science
Stefan cel Mare University of Suceava, Romania
All rights reserved: Advances in Electrical and Computer Engineering is a registered trademark of the Stefan cel Mare University of Suceava. No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from the Editor. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Faculty of Electrical Engineering and Computer Science, Stefan cel Mare University of Suceava, Romania, if and only if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.
Permission for other use: The copyright owner's consent does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific written permission must be obtained from the Editor for such copying. Direct linking to files hosted on this website is strictly prohibited.
Disclaimer: Whilst every effort is made by the publishers and editorial board to see that no inaccurate or misleading data, opinions or statements appear in this journal, they wish to make it clear that all information and opinions formulated in the articles, as well as linguistic accuracy, are the sole responsibility of the author.