Messenger services have over the recent decade been the most dominant, ubiquitous, and widespread form of communication globally. While the service has evolved to enable reliable real-time communication between people across different technologies, there have been privacy and security concerns that were initially remediated by implementing TLS/SSL and E2E Encryption as a standard. However, new privacy challenges and security gaps have been identified and exploited through the capture and analysis of communication traffic metadata. These methods exploit the use of readily available advanced machine learning and data mining algorithms to identify users’ communication networks and patterns without reading the actual messages sent between end-users just by analyzing readily available metadata such as the sender and receiver IDs, time sent, and communication frequency. To close these gaps the need to anonymize users’ communications while maintaining reliable contact with each other is necessary. Randomized anonymization of metadata parameters can ensure it becomes nearly impossible for current analytics algorithms to identify user patterns from communication traffic over time. Also, to guarantee seamless communication between users with changing identities there needs to be a real-time contact exchange protocol enabling users to randomly change their IDs and secretly inform other users in their contacts without the physical intervention or involvement of the human user. This research paper proposes a solution through the use of a randomized contact reassignment and exchange protocol by using the PKI encryption protocol to share its new identity with its existing contacts defeating the creation of traceable logs over time.
| Published in | Mathematics and Computer Science (Volume 7, Issue 1) |
| DOI | 10.11648/j.mcs.20220701.12 |
| Page(s) | 9-17 |
| Creative Commons |
This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited. |
| Copyright |
Copyright © The Author(s), 2024. Published by Science Publishing Group |
CID, PKI Shared Secret, E-2-E End to End, D-2-D Device to Device, MQTT, XMPP, Metadata, Protocol,Contact Configuration Message, IoT Communications
| [1] | Wanda, P. and J. Jie, H. (2018). “Efficient Data Security for Mobile Instant Messenger”. TELKOMNIKA (Telecommunication Computing Electronics and Control), 16 (3), p. 1426. |
| [2] | Johansson, Leif (April 18, 2005). "XMPP as MOM - Greater NOrdic MIddleware Symposium (GNOMIS)" (PDF). Oslo: University of Stockholm. Archived from the original (PDF) on May 10, 2011. |
| [3] | Saint-Andre, P. (March 2011). “Extensible Messaging and Presence Protocol (XMPP)”: Core. IETF. doi: 10.17487/RFC6120. RFC 6120. Retrieved May 4, 2014. |
| [4] | O'Hara, J. (2007). "Toward a commodity enterprise middleware" (PDF). ACM Queue. 5 (4): 48–55. doi: 10.1145/1255421.1255424. |
| [5] | Michael M Kangethe, Robert Oboko. “Associations Rankings Model for Cellular Surveillance Analysis”. Journal of Computer Sciences and Applications. Vol. 8, No. 2, 2020, pp 40-45. |
| [6] | Chan, Rosalie. "The Cambridge Analytica whistleblower explains how the firm used Facebook data to sway elections". Business Insider. Retrieved May 7, 2020. |
| [7] | Hay Newman, L., 2021. “WhatsApp’s New Privacy Policy Just Kicked In. Here’s What You Need to Know”. [online] Wired. Available at: https://www.wired.com/story/whatsapp-privacy-policy-facebook-data-sharing/ [Accessed 21 July 2021]. |
| [8] | "Openfire: Plugin Developer Guide", Download.igniterealtime.org, 2021. [Online]. Available: http://download.igniterealtime.org/openfire/docs/latest/documentation/plugin-dev-guide.html. [Accessed: 21- Jul- 2021]. |
| [9] | E. Team, "The 5 Reasons WhatsApp Could be a National Security Risk", Groupsense.io, 2021. [Online]. Available: https://www.groupsense.io/resources/the-5-reasons-whatsapp-could-be-a-national-security-risk. [Accessed: 21- Jul- 2021]. |
| [10] | Sam Shead, “WhatsApp is fined $267 million for breaching EU privacy rules”, [Accessed 3-Sep-21], https://www.cnbc.com/2021/09/02/whatsapp-has-been-fined-267-million-for-breaching-eu-privacy-rules.html. |
| [11] | Doffman, Z. (n.d.). Why You Should Stop Using Facebook Messenger In 2021. [online] Forbes. Available at: https://www.forbes.com/sites/zakdoffman/2021/12/30/why-apple-iphone-and-google-android-users-should-stop-using-facebook-messenger-app/?sh=5db6ebb7321d [Accessed 23 Feb. 2022]. |
| [12] | Dennis Wijnberg, Nhien-An Le-Khac,Identifying interception possibilities for WhatsApp communication, Forensic Science International: Digital Investigation, Volume 38, Supplement, 2021, 301132, ISSN 2666-2817, https://doi.org/10.1016/j.fsidi.2021.301132. (https://www.sciencedirect.com/science/article/pii/S2666281721000305). |
| [13] | Chris Chao-Chun Cheng, Chen Shi, Neil Zhenqiang Gong, Yong Guan, LogExtractor: Extracting digital evidence from android log messages via string and taint analysis, Forensic Science International: Digital Investigation, Volume 37, Supplement, 2021, 301193, ISSN 2666-2817, https://doi.org/10.1016/j.fsidi.2021.301193. (https://www.sciencedirect.com/science/article/pii/S2666281721001013). |
| [14] | Wired. (n.d.). Facebook Messenger Adds Safety Alerts—Even in Encrypted Chats. [online] Available at: https://www.wired.com/story/facebook-messenger-safety-alerts-encryption/. |
| [15] | Robbins S. (2022) Machine Learning, Mass Surveillance, and National Security: Data, Efficacy, and Meaningful Human Control. In: Clarke M., Henschke A., Sussex M., Legrand T. (eds) The Palgrave Handbook of National Security. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-030-53494-3_16. |
| [16] | Confessore, N. (2018). Cambridge Analytica and Facebook: The Scandal and the Fallout So Far. The New York Times. [online] 4 Apr. Available at: https://www.nytimes.com/2018/04/04/us/politics/cambridge-analytica-scandal-fallout.html. |
APA Style
Michael Maigwa Martin Kangethe, Elisha Odira Abade. (2022). Secure Contact Agreement Protocol for Messenger Services Through Randomized ID Assignments. Mathematics and Computer Science, 7(1), 9-17. https://doi.org/10.11648/j.mcs.20220701.12
ACS Style
Michael Maigwa Martin Kangethe; Elisha Odira Abade. Secure Contact Agreement Protocol for Messenger Services Through Randomized ID Assignments. Math. Comput. Sci. 2022, 7(1), 9-17. doi: 10.11648/j.mcs.20220701.12
AMA Style
Michael Maigwa Martin Kangethe, Elisha Odira Abade. Secure Contact Agreement Protocol for Messenger Services Through Randomized ID Assignments. Math Comput Sci. 2022;7(1):9-17. doi: 10.11648/j.mcs.20220701.12
Share This Article
Twitter
Linked In
Facebook
Copy
Download@article{10.11648/j.mcs.20220701.12,
author = {Michael Maigwa Martin Kangethe and Elisha Odira Abade},
title = {Secure Contact Agreement Protocol for Messenger Services Through Randomized ID Assignments},
journal = {Mathematics and Computer Science},
volume = {7},
number = {1},
pages = {9-17},
doi = {10.11648/j.mcs.20220701.12},
url = {https://doi.org/10.11648/j.mcs.20220701.12},
eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.mcs.20220701.12},
abstract = {Messenger services have over the recent decade been the most dominant, ubiquitous, and widespread form of communication globally. While the service has evolved to enable reliable real-time communication between people across different technologies, there have been privacy and security concerns that were initially remediated by implementing TLS/SSL and E2E Encryption as a standard. However, new privacy challenges and security gaps have been identified and exploited through the capture and analysis of communication traffic metadata. These methods exploit the use of readily available advanced machine learning and data mining algorithms to identify users’ communication networks and patterns without reading the actual messages sent between end-users just by analyzing readily available metadata such as the sender and receiver IDs, time sent, and communication frequency. To close these gaps the need to anonymize users’ communications while maintaining reliable contact with each other is necessary. Randomized anonymization of metadata parameters can ensure it becomes nearly impossible for current analytics algorithms to identify user patterns from communication traffic over time. Also, to guarantee seamless communication between users with changing identities there needs to be a real-time contact exchange protocol enabling users to randomly change their IDs and secretly inform other users in their contacts without the physical intervention or involvement of the human user. This research paper proposes a solution through the use of a randomized contact reassignment and exchange protocol by using the PKI encryption protocol to share its new identity with its existing contacts defeating the creation of traceable logs over time.},
year = {2022}
}
TY - JOUR T1 - Secure Contact Agreement Protocol for Messenger Services Through Randomized ID Assignments AU - Michael Maigwa Martin Kangethe AU - Elisha Odira Abade Y1 - 2022/03/04 PY - 2022 N1 - https://doi.org/10.11648/j.mcs.20220701.12 DO - 10.11648/j.mcs.20220701.12 T2 - Mathematics and Computer Science JF - Mathematics and Computer Science JO - Mathematics and Computer Science SP - 9 EP - 17 PB - Science Publishing Group SN - 2575-6028 UR - https://doi.org/10.11648/j.mcs.20220701.12 AB - Messenger services have over the recent decade been the most dominant, ubiquitous, and widespread form of communication globally. While the service has evolved to enable reliable real-time communication between people across different technologies, there have been privacy and security concerns that were initially remediated by implementing TLS/SSL and E2E Encryption as a standard. However, new privacy challenges and security gaps have been identified and exploited through the capture and analysis of communication traffic metadata. These methods exploit the use of readily available advanced machine learning and data mining algorithms to identify users’ communication networks and patterns without reading the actual messages sent between end-users just by analyzing readily available metadata such as the sender and receiver IDs, time sent, and communication frequency. To close these gaps the need to anonymize users’ communications while maintaining reliable contact with each other is necessary. Randomized anonymization of metadata parameters can ensure it becomes nearly impossible for current analytics algorithms to identify user patterns from communication traffic over time. Also, to guarantee seamless communication between users with changing identities there needs to be a real-time contact exchange protocol enabling users to randomly change their IDs and secretly inform other users in their contacts without the physical intervention or involvement of the human user. This research paper proposes a solution through the use of a randomized contact reassignment and exchange protocol by using the PKI encryption protocol to share its new identity with its existing contacts defeating the creation of traceable logs over time. VL - 7 IS - 1 ER -
Information
Email: