Aplicativo de Troca de Mensagens Instantâneas Utilizando Comunicação P2P
Abstract
Mobile messaging apps based on highly centralized architectures have some security vulnerabilities. In particular, they are prone to denial-of-service if the centralized server is taken down; also, if the server is responsible for managing the users’ public keys (e.g., as in WhatsApp), it can engage in Man-in-the-Middle attacks by distributing fake keys. Aiming to address both issues, this work describes messaging app built upon a peer-to-peer architecture. The proposal combines a DHT network to store the users’ connection information and a PGP based web of trust to validate the users’ public keys. As a result, the messaging app hereby presented creates a framework for improving the availability and security of existing, centralized messaging apps.
References
Abu-Salma, R., Sasse, M., Bonneau, J., Danilova, A., Naiakshina, A., and Smith, M. (2017). Obstacles to the Adoption of Secure Communication Tools. In IEEE Symposium on Security and Privacy (IEEE S&P), pages 137–153.
Barreto, I. and Lima, M. (2016). Marco Civil da Internet: Análise das Decisões Judiciais que Suspenderam o Aplicativo WhatsApp no Brasil – 2015-16. Rev. de Direito, Governança e Novas Tecnologias, 2(2).
Bocek, T. (2004). TomP2P: A P2P-based high performance key-value pair storage library. Disponível em: [link]. Acesso em nov/2017.
Boelter, T. (2016). WhatsApp Retransmission Vulnerability. Disponível em: [link]. Acesso em: jun/2018.
Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and Thayer, R. (2007). RFC 4880: OpenPGP Message Format. [link].
Chávez, A. G. M., Cortés, E. P., and Guerrero, M. L. (2015). A performance comparison of Chord and Kdemlia DHTs in high churn scenarios. Peer-to-Peer Networking and Applications, 8(5):807–821.
Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., and Stebila, D. (2017). A formal security analysis of the signal messaging protocol. In IEEE European Symposium on Security and Privacy (EuroS&P), pages 451–466.
Gartner (2018). Gartner Says Worldwide Sales of Smartphones Recorded First Ever Decline During the Fourth Quarter of 2017. Disponível em: [link]. Acesso em: jul/2018.
Kobeissi, N. (2011). Cryptocat. [link].
Maymounkov, P. and Mazières, D. (2002). Kademlia: A Peer-to-Peer Information System Based on the XOR Metric. In 1st Int. Workshop on Peer-to-Peer Systems (IPTPS’01), pages 53–65. Springer.
Mazières, D. (2000). Self-certifying File System. PhD thesis, MIT.
Schrittwieser, S., Kieseberg, P., Leithner, M., Mulazzani, M., and Huber, M. (2012). Guess Who’s Texting You? Evaluating the Security of Smartphone Messaging Applications. In NDSS. Internet Society.
Signal (2013). Signal. [link].
Srisuresh, P., Ford, B., and Kegel, D. (2008). RFC 5128 - State of Peer-to-Peer (P2P) Communication across Network Address Translators (NATs). Technical report, IETF. [link].
Stoica, I., Morris, R., Liben-Nowell, D., Karger, D. R., Kaashoek, M. F., Dabek, F., and Balakrishnan, H. (2003). Chord: a scalable peer-to-peer lookup protocol for Internet applications. IEEE/ACM Transactions on Networking, 11(1):17–32.
Telegram (2018). Telegram FAQ. [link].
Tyley, R. (2014). Spongy castle - a repackage of Bouncy Castle for Android. Disponível em: [link]. Acesso em nov/2017.
WhatsApp (2016). WhatsApp Encryption Overview. Disponível em: [link]. Acesso em: mai/2018.
Zhang, H., Wen, Y., Xie, H., and Yu, N. (2013). A Survey on Distributed Hash Table (DHT): Theory, Platforms, and Applications.
Zimmermann, P. (1995). Building in Big Brother. chapter Pretty Good Privacy: Public Key Encryption for the Masses, pages 93–107. Springer.
Barreto, I. and Lima, M. (2016). Marco Civil da Internet: Análise das Decisões Judiciais que Suspenderam o Aplicativo WhatsApp no Brasil – 2015-16. Rev. de Direito, Governança e Novas Tecnologias, 2(2).
Bocek, T. (2004). TomP2P: A P2P-based high performance key-value pair storage library. Disponível em: [link]. Acesso em nov/2017.
Boelter, T. (2016). WhatsApp Retransmission Vulnerability. Disponível em: [link]. Acesso em: jun/2018.
Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and Thayer, R. (2007). RFC 4880: OpenPGP Message Format. [link].
Chávez, A. G. M., Cortés, E. P., and Guerrero, M. L. (2015). A performance comparison of Chord and Kdemlia DHTs in high churn scenarios. Peer-to-Peer Networking and Applications, 8(5):807–821.
Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., and Stebila, D. (2017). A formal security analysis of the signal messaging protocol. In IEEE European Symposium on Security and Privacy (EuroS&P), pages 451–466.
Gartner (2018). Gartner Says Worldwide Sales of Smartphones Recorded First Ever Decline During the Fourth Quarter of 2017. Disponível em: [link]. Acesso em: jul/2018.
Kobeissi, N. (2011). Cryptocat. [link].
Maymounkov, P. and Mazières, D. (2002). Kademlia: A Peer-to-Peer Information System Based on the XOR Metric. In 1st Int. Workshop on Peer-to-Peer Systems (IPTPS’01), pages 53–65. Springer.
Mazières, D. (2000). Self-certifying File System. PhD thesis, MIT.
Schrittwieser, S., Kieseberg, P., Leithner, M., Mulazzani, M., and Huber, M. (2012). Guess Who’s Texting You? Evaluating the Security of Smartphone Messaging Applications. In NDSS. Internet Society.
Signal (2013). Signal. [link].
Srisuresh, P., Ford, B., and Kegel, D. (2008). RFC 5128 - State of Peer-to-Peer (P2P) Communication across Network Address Translators (NATs). Technical report, IETF. [link].
Stoica, I., Morris, R., Liben-Nowell, D., Karger, D. R., Kaashoek, M. F., Dabek, F., and Balakrishnan, H. (2003). Chord: a scalable peer-to-peer lookup protocol for Internet applications. IEEE/ACM Transactions on Networking, 11(1):17–32.
Telegram (2018). Telegram FAQ. [link].
Tyley, R. (2014). Spongy castle - a repackage of Bouncy Castle for Android. Disponível em: [link]. Acesso em nov/2017.
WhatsApp (2016). WhatsApp Encryption Overview. Disponível em: [link]. Acesso em: mai/2018.
Zhang, H., Wen, Y., Xie, H., and Yu, N. (2013). A Survey on Distributed Hash Table (DHT): Theory, Platforms, and Applications.
Zimmermann, P. (1995). Building in Big Brother. chapter Pretty Good Privacy: Public Key Encryption for the Masses, pages 93–107. Springer.
Published
2018-10-16
How to Cite
KOMO, Andrea E.; ARAKAKI, Bruno O.; SIMPLICIO JR., Marcos A.; LEVY, Mayer R..
Aplicativo de Troca de Mensagens Instantâneas Utilizando Comunicação P2P. In: TOOLS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 18. , 2018, Natal.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2018
.
p. 65-72.
DOI: https://doi.org/10.5753/sbseg_estendido.2018.4143.
