Designing a secure messaging application together.
Most of us know that the “protected” messaging applications that we use every day (SMS, WhatsApp, Viber, Skype, etc.) are actually replete with interception interception capabilities. They use intermediate servers to send messages and save a copy of each message. Automatically a copy of each message is duplicated on state servers and from there it is never deleted. It also automatically logs information about which IP at which time it communicated with.
For a couple of months, I thought about how to implement a truly secure messaging application that cannot be intercepted in any way.
Sometimes messages try to encrypt and send them to the server already encrypted, but does it really work? Here, the Man In The Middle attack is easily implemented when the server pretends to be the client to whom the message is intended and receives the message in an unencrypted form, although the client thinks that the message can only be read by the final recipient.
Arguing over the architecture of the application, which could be used every day without worrying about privacy issues, I came to the following set:
')
What did I miss when developing a secure application architecture? What could be improved?
For a couple of months, I thought about how to implement a truly secure messaging application that cannot be intercepted in any way.
Sometimes messages try to encrypt and send them to the server already encrypted, but does it really work? Here, the Man In The Middle attack is easily implemented when the server pretends to be the client to whom the message is intended and receives the message in an unencrypted form, although the client thinks that the message can only be read by the final recipient.
Arguing over the architecture of the application, which could be used every day without worrying about privacy issues, I came to the following set:
')
- Open source. Thus, anyone can study in detail exactly how the application works and make sure that there are no backdoors.
- P2P. Clients establish a connection with each other directly. Messages never pass through the server, which excludes the possibility of their interception in any form. I am currently reviewing WebRTC Jingle to implement P2P using libjingle for iOS and Android.
- TOR . All connections are made by the client inside the anonymous Tor network. This hides the IP addresses of the clients, as well as the initial encryption of the traffic, which prevents eavesdropping.
- OTR is used for additional encryption of all messages between users and authentication purposes.
- The Android version is developed based on ChatSecure . The iOS version is developed from scratch.
- To help customers find each other and establish direct P2P connections, an XMPP server is used. At the moment, the choice lies between Openfire and ejabberd.
What did I miss when developing a secure application architecture? What could be improved?
Source: https://habr.com/ru/post/200248/
All Articles