Top

Wireless Personal Communications

Published in:

31-01-2020

Reinforcing the Security of Instant Messaging Systems Using an Enhanced Honey Encryption Scheme: The Case of WhatsApp

Authors: Esther Omolara Abiodun, Aman Jantan, Oludare Isaac Abiodun, Humaira Arshad

Published in: Wireless Personal Communications | Issue 4/2020

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In this paper, an enhanced honey encryption (HE) scheme for reinforcing the security of instant messaging systems and confounding the time and resources of malicious persons is presented. HE offers security beyond the brute-force bound by yielding plausible-looking but fake plaintext upon decryption with an incorrect key. Recent developments have seen the application of HE in the security of specific real-world systems, such as passwords and credit cards. However, applying the HE scheme to address other economic problems remains a daunting task as it requires modifying the HE algorithm to fit into the problem-in-view. For instance, applying the scheme for robust transmission of chat-messages upon decryption with an incorrect key will demand to generate contextually correct, valid-looking but fake chat-message which is indistinguishable from a human-generated message. This paper enhances the HE scheme by leveraging natural language processing techniques to build semantically plausible but fake chat-messages which will be served to the adversary during his attacks. Findings from evaluations reveal that the novel system is resilient to eavesdropping as an adversary is unable to distinguish decoy messages from the plaintext upon decryption with an incorrect key.

previous article Performance Analysis of Modular RF Front End for RF Fingerprinting of Bluetooth Devices

next article Joint User Patterning and Power Control Optimization of MIMO–NOMA Systems

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Miguel, F. (2017). The rise of messaging platforms—The Economist, via Chatbot News Daily. Retrieved March 19, 2018 from https://chatbotnewsdaily.com/the-rise-of-messenger-platforms-and-its-legal-implications-62fe73355122.

Wang, Z., Ma, Z., Luo, S., & Gao, H. (2018). Enhanced instant message security and privacy protection scheme for mobile social network systems. IEEE Access,6, 13706–13715.CrossRef

Eli, B. (2017). Benefits of Instant Messaging in the Workplace. Retrieved November 7, 2019 from https://www.eztalks.com/unified-communications/benefits-of-instant-messaging-in-the-workplace.html.

Tang, Y., & Hew, K. F. (2017). Is mobile instant messaging (MIM) useful in education? Examining its technological, pedagogical, and social affordances. Educational Research Review,21, 85–104.CrossRef

Omolara, A. E., Jantan, A., Abiodun, O. I., Dada, K. V., Arshad, H., & Emmanuel, E. (2019). A deception model robust to eavesdropping over communication for social network systems. IEEE Access,7, 100881–100898.CrossRef

Kim, J. I., & Yoon, J. W. (2016). Honey chatting: A novel instant messaging system robust to eavesdropping over communication. In Acoustics, speech and signal processing (ICASSP), 2016 IEEE International Conference on (pp. 2184–2188). IEEE.

Muftic, S., bin Abdullah, N., & Kounelis, I. (2016). Business information exchange system with security, privacy, and anonymity. Journal of Electrical and Computer Engineering. https://doi.org/10.1155/2016/7093642.

Statista. (2019). Most popular messaging apps 2019. Retrieved January 15, 2019 from https://www.statista.com/statistics/258749/most-popular-global-mobile-messenger-apps/.

WhatsApp.com. (2019). WhatsApp Security. Retrieved January 15, 2019 from https://www.whatsapp.com/security/.

10.

Ali, S. S., & Mukhopadhyay, D. (2011). Differential fault analysis of AES-128 key schedule using a single multi-byte fault. In International conference on smart card research and advanced applications (pp. 50–64). Berlin: Springer.

11.

Gulmezoglu, B., Inci, M. S., Irazoqui, G., Eisenbarth, T., & Sunar, B. (2016). Cross-VM cache attacks on AES. IEEE Transactions on Multi-Scale Computing Systems,2(3), 211–222.CrossRef

12.

Beunardeau, M., Ferradi, H., Géraud, R., & Naccache, D. (2016). Honey encryption for language. In International conference on cryptology in Malaysia (pp. 127–144). Cham: Springer.

13.

Bonneau, J. (2012). The science of guessing: Analyzing an anonymized corpus of 70 million passwords. In 2012 IEEE symposium on security and privacy (pp. 538–552). IEEE.

14.

Ur, B., Noma, F., Bees, J., Segreti, S. M., Shay, R., Bauer, L., … & Cranor, L. F. (2015). " I Added'!'at the End to Make It Secure": Observing Password Creation in the Lab. In Eleventh Symposium on Usable Privacy and Security ({SOUPS} 2015) (pp. 123–140).

15.

Florêncio, D., Herley, C., Coskun, B. (2007). Do strong web passwords accomplish anything? HotSec, 7(6), 159.

16.

Mark Burnett, A Glimpse into the World of Internet Password Dumps. Retrieved January 15, 2019 from https://xato.net/a-glimpse-into-the-world-of-internet-password-dumps-5ee4609da237.

17.

Juels, A., & Ristenpart, T. (2014). Honey encryption: Security beyond the brute-force bound. In Annual international conference on the theory and applications of cryptographic techniques (pp. 293–310). Berlin: Springer.

18.

Juels, A., & Ristenpart, T. (2014). Honey encryption: Encryption beyond the brute-force barrier. IEEE Security & Privacy,12(4), 59–62.CrossRef

19.

Hoffstein, J., Pipher, J., Silverman, J. H., & Silverman, J. H. (2008). An introduction to mathematical cryptography (Vol. 1). New York: Springer.MATH

20.

Paar, C., Pelzl, J., & Preneel, B. (2010). Understanding cryptography: A textbook for students and practitioners. Berlin: Springer.CrossRef

21.

Bernstein, D. J., & Lange, T., (2018). Cryptanalysis using GPUs. Retrieved May 29, 2018 from https://fmt.ewi.utwente.nl/NIRICT_GPGPU/slides/4th2018/Bernstein-Lange.pdf.

22.

Biryukov, A., & Großschädl, J. (2012). Cryptanalysis of the full AES using GPU-like special-purpose hardware. Fundamenta Informaticae,114(3–4), 221–237.MathSciNetCrossRef

23.

Kipper, M., Slavkin, J., & Denisenko, D. (2009). Implementing AES on GPU final report. Toronto: University of Toronto.

24.

Milo, F., Bernaschi, M., & Bisson, M. (2011). A fast, GPU based, dictionary attack to OpenPGP secret keyrings. Journal of Systems and Software,84(12), 2088–2096.CrossRef

25.

Bernstein, D. J., Chen, H. C., Cheng, C. M., Lange, T., Niederhagen, R., Schwabe, P., & Yang, B. Y. (2010). ECC2K-130 on Nvidia GPUs. In International conference on cryptology in India (pp. 328–346). Berlin: Springer.

26.

Jo, H. J., & Yoon, J. W. (2015). A new countermeasure against brute-force attacks that use high performance computers for big data analysis. International Journal of Distributed Sensor Networks,11(6), 406915.CrossRef

27.

Bogdanov, A., Khovratovich, D., & Rechberger, C. (2011). Biclique cryptanalysis of the full AES. In International conference on the theory and application of cryptology and information security (pp. 344–371). Berlin : Springer.

28.

Grassi, L. (2018). Mixture differential cryptanalysis: A new approach to distinguishers and attacks on round-reduced AES. IACR Transactions on Symmetric Cryptology, 2018(2), 133–160.

29.

Paganini, P. (2018). A security issue in WhatsApp potentially allows attackers to eavesdrop on encrypted Group chats. Retrieved January 15, 2019 from https://securityaffairs.co/wordpress/67627/hacking/whatapp-group-chat-hack.html.

30.

Greenberg, A. (2018). WhatsApp Flaws Could Allow Snoops to Slide into Group Chats, WIRED, 2018. Retrieved January 15, 2019 from https://www.wired.com/story/whatsapp-security-flaws-encryption-group-chats/.

31.

Pettit, H. (2019). WhatsApp security flaw lets ANYONE spy on private chats. Retrieved January 15, 2019 from https://www.dailymail.co.uk/sciencetech/article-5257713/WhatsApp-security-flaw-lets-spy-private-chats.html.

32.

Shah, S. (2009). WhatsApp hack warning—newly discovered exploit lets hackers access your group chat to spread fake messages. Retrieved March 15, 2019 from https://www.thesun.co.uk/tech/6967953/whatsapp-hack-fake-group-chat-messages/.

33.

Gizmodo.com. (2019). Retrieved February 12, 2019 from https://gizmodo.com/nasty-whatsapp-bug-left-users-vulnerable-to-attack-by-s-1829658664.

34.

NewsComAu. (2019). Terrifying WhatsApp flaw allows hackers to impersonate you. Retrieved April 15, 2019 from https://www.news.com.au/technology/online/hacking/the-latest-whatsapp-hack-sees-usersimpersonated-by-attackers/news-story/096085d222657dc25d919e39d3d9385e.

35.

Yusof, M. K., & Abidin, A. F. A. (2011). A secure private instant messenger. In The 17th Asia Pacific conference on communications (pp. 821–825). IEEE.

36.

Del Pozo, I., & Iturralde, M. (2015). CI: A new encryption mechanism for instant messaging in mobile devices. Procedia Computer Science,63, 533–538.CrossRef

37.

Wang, C. J., Lin, W. L., & Lin, H. T. (2013). Design of an instant messaging system using identity-based cryptosystems. In 2013 Fourth international conference on emerging intelligent data and web technologies (pp. 277–281). IEEE.

38.

Karabey, I., & Akman, G. (2016). A cryptographic approach for secure client–server chat application using public key infrastructure (PKI). In 2016 11th international conference for internet technology and secured transactions (ICITST) (pp. 442–446). IEEE.

39.

Chen, H. C., Wijayanto, H., Chang, C. H., Leu, F. Y., & Yim, K. (2016). Secure mobile instant messaging key exchanging protocol with one-time-pad substitution transposition cryptosystem. In 2016 IEEE conference on computer communications workshops (INFOCOM WKSHPS) (pp. 980–984). IEEE.

40.

Chatterjee, R., Bonneau, J., Juels, A., & Ristenpart, T. (2015). Cracking-resistant password vaults using natural language encoders. In Security and privacy (SP), 2015 IEEE symposium on (pp. 481–498). IEEE.

41.

Golla, M., Beuscher, B., & Dürmuth, M. (2016). On the security of cracking-resistant password vaults. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 1230–1241). ACM.

42.

Huang, Z., Ayday, E., Fellay, J., Hubaux, J. P., & Juels, A. (2015). Genoguard: Protecting genomic data against brute-force attacks. In Security and Privacy (SP), 2015 IEEE Symposium on (pp. 447–462). IEEE.

43.

Omolara, A. E., & Jantan, A. (2019). Modified honey encryption scheme for encoding natural language message. International Journal of Electrical and Computer Engineering (IJECE),9(3), 1871.CrossRef

44.

Omolara, A. E., Jantan, A., Abiodun, O. I., & Poston, H. E. (2018). A novel approach for the adaptation of honey encryption to support natural language message. In Proceedings of the International multiconference of engineers and computer scientists (Vol. 1).

45.

Almeshekah, M., & Spafford, E. (2014). Using deceptive information in computer security defenses. International Journal of Cyber Warfare and Terrorism,4(3), 63–80. https://doi.org/10.4018/ijcwt.2014070105.CrossRef

46.

Yuill, J. (2006). Defensive computer-security deception operations: Processes, principles and techniques (Ph.D. Dissertation). North Carolina State University.

47.

Whitham, B. (2014). Design requirements for generating deceptive content to protect document repositories. In Australian information warfare and security conference (pp. 20–30).

48.

Rowe, N. C., & Rrushi, J. (2016). Introduction to cyberdeception. New York, NY: Springer.CrossRef

49.

Karuna, P., Purohit, H., Ganesan, R., & Jajodia, S. (2018). Generating hard to comprehend fake documents for defensive cyber deception. IEEE Intelligent Systems,33(5), 16–25. https://doi.org/10.1109/mis.2018.2877277.CrossRef

50.

Han, X., Kheir, N., & Balzarotti, D. (2018). Deception techniques in computer security. ACM Computing Surveys,51(4), 1–36. https://doi.org/10.1145/3214305.CrossRef

51.

Miller, G. (1995). WordNet: A lexical database for English. Communications of the ACM,38(11), 39–41. https://doi.org/10.1145/219717.219748.CrossRef

52.

Cover, T. M., & Thomas, J. A. (2012). Elements of information theory. New York: Wiley.MATH

53.

Choi, H., Nam, H., & Hur, J. (2017). Password typos resilience in honey encryption. In 2017 International conference on information networking (ICOIN) (pp. 593–598). IEEE.

Title: Reinforcing the Security of Instant Messaging Systems Using an Enhanced Honey Encryption Scheme: The Case of WhatsApp
Authors: Esther Omolara Abiodun
Aman Jantan
Oludare Isaac Abiodun
Humaira Arshad
Publication date: 31-01-2020
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 4/2020
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-020-07163-y

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 4/2020

Performance Evaluation and Analysis of Peak to Average Power Reduction in OFDM Signal

An Intrusion Detection System on Ping of Death Attacks in IoT Networks

Underdetermined DOA Estimation Algorithm Based on an Improved Nested Array

Performance Analysis of Resource Scheduling Techniques in Homogeneous and Heterogeneous Small Cell LTE-A Networks

Impact of Rain Attenuation to Ka-Band Signal Propagation in Tropical Region: A Study of 5-Year MEASAT-5’s Beacon Measurement Data

A Solar Energy Forecast Model Using Neural Networks: Application for Prediction of Power for Wireless Sensor Networks in Precision Agriculture