Beyond one server: Decentralizing secure group messaging

- Advertisement -
- Advertisement -
- Advertisement -

Credit: CC0 Public Domain

In May, WhatsApp made some controversial modifications to its phrases of service, leaving WhatsApp customers with a selection: conform to the phrases, or be pressured to depart.

Similarly, journalists and activists who’re frightened about their being intercepted or spied on—particularly in nations with weaker free speech ensures—are confronted with a selection relating to how the app handles their messages: conform to the phrases, or go away the app.

“Right now, messaging app companies are in charge of users, when really it should be the other way around,” says Matthew Weidner, a Ph.D. scholar suggested by CyLab’s Heather Miller in Carnegie Mellon University’s Computer Science Department. “Users should have the freedom to choose how their messages are handled.”

That’s why Weidner argues that the providers that group messaging apps use—resembling end-to-end encryption or group administration—needs to be de-centralized. That is, customers should not be tethered to a single firm’s server, which leaves them on the mercy of the corporate.

In a brand new research introduced ultimately week’s ACM Conference on Computer and Communications Security, Weidner outlined a brand new safety protocol that would carry this concept of decentralization to fruition.

“The idea of our work is to give users the same security, but support a more flexible network, thus giving more power to users,” says Weidner, who served because the research’s lead writer. “If your message thread is routed through one server and the company raises the prices or shuts down, you could switch to another server seamlessly.”

Core to Weidner’s work is what’s referred to as steady group key settlement (CGKA)—a previously-developed safety protocol that permits a group of people to hitch and go away a group message thread after it has been created and never need to depend on a message group supervisor. CGKA additionally prevents the necessity to fear about when or how lengthy members of the group are on-line. Typically, group messages are routed by means of a single server that applies CGKA, however Weidner and his colleagues aimed to review the extent to which secure messaging was attainable for extra versatile, decentralized networks. Thus, they outline decentralized CGKA, or DCGKA.

“What makes our paper different is we work in a decentralized setting, where we don’t necessarily assume there’s a central server to route messages and help out maintaining the group,” Weidner says. “Instead, users can send messages to each other however they’d like.”

A decentralized mannequin introduces a number of challenges, Weidner says. Messages may very well be delayed or delivered in an inconsistent order, and with no central authority, there isn’t a single supply of fact. To clear up this, messages are rigorously designed so that they have the identical impact it doesn’t matter what order they’re acquired in. That approach, even when one thing uncommon however uncommon occurs—like two customers eradicating one another from the group concurrently—the entire group finally sees the identical consequence.

How, then, does this play into the lives of journalists or activists attempting to securely talk in nations with weaker free speech rights? Weidner says DCGKA supplies an answer.

“If the journalists are using a central server run by a company to communicate, but it gets blocked or shut down, they could switch to a ‘self-hosted’ server that’s physically in one of their homes,” Weidner says. “If that’s blocked too, or if the whole Internet is shut down, they could switch to using a mesh network in which nearby devices connect over Bluetooth. Even if some messages get delayed or reordered during the transition, DCGKA will continue working and providing security.”

Talek: A non-public messaging system that hides message contents and person communication patterns

More data:
Matthew Weidner et al, Key Agreement for Decentralized Secure Group Messaging with Strong Security Guarantees, Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (2021). DOI: 10.1145/3460120.3484542

Beyond one server: Decentralizing secure group messaging (2021, November 24)
retrieved 24 November 2021

This doc is topic to copyright. Apart from any honest dealing for the aim of personal research or analysis, no
half could also be reproduced with out the written permission. The content material is offered for data functions solely.

Source hyperlink

- Advertisement -

More from the blog

India says not to preorder Starlink until it obtains a license

India has instructed the general public not to preorder Starlink, SpaceX’s satellite-based web service, in accordance to a report from Reuters....

The best Black Friday 2021 tech deals still available

Black Friday could also be over, however the reminiscence — and deals — stay. Right now, there are still a ton...

Black Friday 2021 Lightning Deal Liveblog from Verge Deals

After weeks of monitoring early offers, Black Friday is lastly upon us. The offers crew at The Verge has been working...

Apple gets hit by its second fine by Italian regulators in a week

Apple and Google have every been fined €10 million (round $11.3 million) by Italy’s competitors authority for not correctly acquiring a...