Popis: |
In the era of social media and messaging applications, people are becoming increasingly aware of data privacy issues associated with such apps. Major messaging applications are moving towards end-to-end encryption (E2EE) to give their users the privacy they are demanding. However the current security mechanisms employed by different service providers are not unfeigned E2EE implementations, and are blended with many vulnerabilities. In the present scenario, the major part of the E2EE mechanism is controlled by the service provider's servers, and the decryption keys are stored by them in case of backup restoration. These shortcomings diminish the user's confidence in the privacy of their data while using these apps. A public Key infrastructure (PKI) mechanism can be used to circumvent some of these issues, but it comes with high monetary costs, which makes it impossible to roll out for millions of users. The paper proposes a blockchain-based E2EE framework that can mitigate the contemporary vulnerabilities in messaging applications. The user's device generates the public/private key pair during application installation, and asks its mobile network operator (MNO) to issue a digital certificate and store it on the blockchain. A user can fetch a certificate for another user from the chat server and communicate securely with them using a ratchet forward encryption mechanism. |