| Peer-Reviewed

Secure Contact Agreement Protocol for Messenger Services Through Randomized ID Assignments

Received: 27 January 2022     Accepted: 23 February 2022     Published: 4 March 2022
Views:       Downloads:
Abstract

Messenger services have over the recent decade been the most dominant, ubiquitous, and widespread form of communication globally. While the service has evolved to enable reliable real-time communication between people across different technologies, there have been privacy and security concerns that were initially remediated by implementing TLS/SSL and E2E Encryption as a standard. However, new privacy challenges and security gaps have been identified and exploited through the capture and analysis of communication traffic metadata. These methods exploit the use of readily available advanced machine learning and data mining algorithms to identify users’ communication networks and patterns without reading the actual messages sent between end-users just by analyzing readily available metadata such as the sender and receiver IDs, time sent, and communication frequency. To close these gaps the need to anonymize users’ communications while maintaining reliable contact with each other is necessary. Randomized anonymization of metadata parameters can ensure it becomes nearly impossible for current analytics algorithms to identify user patterns from communication traffic over time. Also, to guarantee seamless communication between users with changing identities there needs to be a real-time contact exchange protocol enabling users to randomly change their IDs and secretly inform other users in their contacts without the physical intervention or involvement of the human user. This research paper proposes a solution through the use of a randomized contact reassignment and exchange protocol by using the PKI encryption protocol to share its new identity with its existing contacts defeating the creation of traceable logs over time.

Published in Mathematics and Computer Science (Volume 7, Issue 1)
DOI 10.11648/j.mcs.20220701.12
Page(s) 9-17
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2022. Published by Science Publishing Group

Keywords

CID, PKI Shared Secret, E-2-E End to End, D-2-D Device to Device, MQTT, XMPP, Metadata, Protocol,Contact Configuration Message, IoT Communications

References
[1] Wanda, P. and J. Jie, H. (2018). “Efficient Data Security for Mobile Instant Messenger”. TELKOMNIKA (Telecommunication Computing Electronics and Control), 16 (3), p. 1426.
[2] Johansson, Leif (April 18, 2005). "XMPP as MOM - Greater NOrdic MIddleware Symposium (GNOMIS)" (PDF). Oslo: University of Stockholm. Archived from the original (PDF) on May 10, 2011.
[3] Saint-Andre, P. (March 2011). “Extensible Messaging and Presence Protocol (XMPP)”: Core. IETF. doi: 10.17487/RFC6120. RFC 6120. Retrieved May 4, 2014.
[4] O'Hara, J. (2007). "Toward a commodity enterprise middleware" (PDF). ACM Queue. 5 (4): 48–55. doi: 10.1145/1255421.1255424.
[5] Michael M Kangethe, Robert Oboko. “Associations Rankings Model for Cellular Surveillance Analysis”. Journal of Computer Sciences and Applications. Vol. 8, No. 2, 2020, pp 40-45.
[6] Chan, Rosalie. "The Cambridge Analytica whistleblower explains how the firm used Facebook data to sway elections". Business Insider. Retrieved May 7, 2020.
[7] Hay Newman, L., 2021. “WhatsApp’s New Privacy Policy Just Kicked In. Here’s What You Need to Know”. [online] Wired. Available at: https://www.wired.com/story/whatsapp-privacy-policy-facebook-data-sharing/ [Accessed 21 July 2021].
[8] "Openfire: Plugin Developer Guide", Download.igniterealtime.org, 2021. [Online]. Available: http://download.igniterealtime.org/openfire/docs/latest/documentation/plugin-dev-guide.html. [Accessed: 21- Jul- 2021].
[9] E. Team, "The 5 Reasons WhatsApp Could be a National Security Risk", Groupsense.io, 2021. [Online]. Available: https://www.groupsense.io/resources/the-5-reasons-whatsapp-could-be-a-national-security-risk. [Accessed: 21- Jul- 2021].
[10] Sam Shead, “WhatsApp is fined $267 million for breaching EU privacy rules”, [Accessed 3-Sep-21], https://www.cnbc.com/2021/09/02/whatsapp-has-been-fined-267-million-for-breaching-eu-privacy-rules.html.
[11] Doffman, Z. (n.d.). Why You Should Stop Using Facebook Messenger In 2021. [online] Forbes. Available at: https://www.forbes.com/sites/zakdoffman/2021/12/30/why-apple-iphone-and-google-android-users-should-stop-using-facebook-messenger-app/?sh=5db6ebb7321d [Accessed 23 Feb. 2022].
[12] Dennis Wijnberg, Nhien-An Le-Khac,Identifying interception possibilities for WhatsApp communication, Forensic Science International: Digital Investigation, Volume 38, Supplement, 2021, 301132, ISSN 2666-2817, https://doi.org/10.1016/j.fsidi.2021.301132. (https://www.sciencedirect.com/science/article/pii/S2666281721000305).
[13] Chris Chao-Chun Cheng, Chen Shi, Neil Zhenqiang Gong, Yong Guan, LogExtractor: Extracting digital evidence from android log messages via string and taint analysis, Forensic Science International: Digital Investigation, Volume 37, Supplement, 2021, 301193, ISSN 2666-2817, https://doi.org/10.1016/j.fsidi.2021.301193. (https://www.sciencedirect.com/science/article/pii/S2666281721001013).
[14] Wired. (n.d.). Facebook Messenger Adds Safety Alerts—Even in Encrypted Chats. [online] Available at: https://www.wired.com/story/facebook-messenger-safety-alerts-encryption/.
[15] Robbins S. (2022) Machine Learning, Mass Surveillance, and National Security: Data, Efficacy, and Meaningful Human Control. In: Clarke M., Henschke A., Sussex M., Legrand T. (eds) The Palgrave Handbook of National Security. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-030-53494-3_16.
[16] Confessore, N. (2018). Cambridge Analytica and Facebook: The Scandal and the Fallout So Far. The New York Times. [online] 4 Apr. Available at: https://www.nytimes.com/2018/04/04/us/politics/cambridge-analytica-scandal-fallout.html.
Cite This Article
  • APA Style

    Michael Maigwa Martin Kangethe, Elisha Odira Abade. (2022). Secure Contact Agreement Protocol for Messenger Services Through Randomized ID Assignments. Mathematics and Computer Science, 7(1), 9-17. https://doi.org/10.11648/j.mcs.20220701.12

    Copy | Download

    ACS Style

    Michael Maigwa Martin Kangethe; Elisha Odira Abade. Secure Contact Agreement Protocol for Messenger Services Through Randomized ID Assignments. Math. Comput. Sci. 2022, 7(1), 9-17. doi: 10.11648/j.mcs.20220701.12

    Copy | Download

    AMA Style

    Michael Maigwa Martin Kangethe, Elisha Odira Abade. Secure Contact Agreement Protocol for Messenger Services Through Randomized ID Assignments. Math Comput Sci. 2022;7(1):9-17. doi: 10.11648/j.mcs.20220701.12

    Copy | Download

  • @article{10.11648/j.mcs.20220701.12,
      author = {Michael Maigwa Martin Kangethe and Elisha Odira Abade},
      title = {Secure Contact Agreement Protocol for Messenger Services Through Randomized ID Assignments},
      journal = {Mathematics and Computer Science},
      volume = {7},
      number = {1},
      pages = {9-17},
      doi = {10.11648/j.mcs.20220701.12},
      url = {https://doi.org/10.11648/j.mcs.20220701.12},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.mcs.20220701.12},
      abstract = {Messenger services have over the recent decade been the most dominant, ubiquitous, and widespread form of communication globally. While the service has evolved to enable reliable real-time communication between people across different technologies, there have been privacy and security concerns that were initially remediated by implementing TLS/SSL and E2E Encryption as a standard. However, new privacy challenges and security gaps have been identified and exploited through the capture and analysis of communication traffic metadata. These methods exploit the use of readily available advanced machine learning and data mining algorithms to identify users’ communication networks and patterns without reading the actual messages sent between end-users just by analyzing readily available metadata such as the sender and receiver IDs, time sent, and communication frequency. To close these gaps the need to anonymize users’ communications while maintaining reliable contact with each other is necessary. Randomized anonymization of metadata parameters can ensure it becomes nearly impossible for current analytics algorithms to identify user patterns from communication traffic over time. Also, to guarantee seamless communication between users with changing identities there needs to be a real-time contact exchange protocol enabling users to randomly change their IDs and secretly inform other users in their contacts without the physical intervention or involvement of the human user. This research paper proposes a solution through the use of a randomized contact reassignment and exchange protocol by using the PKI encryption protocol to share its new identity with its existing contacts defeating the creation of traceable logs over time.},
     year = {2022}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Secure Contact Agreement Protocol for Messenger Services Through Randomized ID Assignments
    AU  - Michael Maigwa Martin Kangethe
    AU  - Elisha Odira Abade
    Y1  - 2022/03/04
    PY  - 2022
    N1  - https://doi.org/10.11648/j.mcs.20220701.12
    DO  - 10.11648/j.mcs.20220701.12
    T2  - Mathematics and Computer Science
    JF  - Mathematics and Computer Science
    JO  - Mathematics and Computer Science
    SP  - 9
    EP  - 17
    PB  - Science Publishing Group
    SN  - 2575-6028
    UR  - https://doi.org/10.11648/j.mcs.20220701.12
    AB  - Messenger services have over the recent decade been the most dominant, ubiquitous, and widespread form of communication globally. While the service has evolved to enable reliable real-time communication between people across different technologies, there have been privacy and security concerns that were initially remediated by implementing TLS/SSL and E2E Encryption as a standard. However, new privacy challenges and security gaps have been identified and exploited through the capture and analysis of communication traffic metadata. These methods exploit the use of readily available advanced machine learning and data mining algorithms to identify users’ communication networks and patterns without reading the actual messages sent between end-users just by analyzing readily available metadata such as the sender and receiver IDs, time sent, and communication frequency. To close these gaps the need to anonymize users’ communications while maintaining reliable contact with each other is necessary. Randomized anonymization of metadata parameters can ensure it becomes nearly impossible for current analytics algorithms to identify user patterns from communication traffic over time. Also, to guarantee seamless communication between users with changing identities there needs to be a real-time contact exchange protocol enabling users to randomly change their IDs and secretly inform other users in their contacts without the physical intervention or involvement of the human user. This research paper proposes a solution through the use of a randomized contact reassignment and exchange protocol by using the PKI encryption protocol to share its new identity with its existing contacts defeating the creation of traceable logs over time.
    VL  - 7
    IS  - 1
    ER  - 

    Copy | Download

Author Information
  • School of Computing and Informatics, University of Nairobi, Nairobi, Kenya

  • School of Computing and Informatics, University of Nairobi, Nairobi, Kenya

  • Sections