The instant messaging services provided by applications like WhatsApp and Apple iMessage are overtaking traditional SMS services, becoming the preferred medium of communication for millions of smartphone users. However, the security and privacy-preserving features of different mobile applications have come under the spot-light. There are different security and privacy features provided by different mobile chat applications, but there are not many mobile chat applications that provide an End-to-End (E2E) security and privacy-preserving service to their customers.
Malicious users are always interested to hack servers and reveal information about users in a certain system including celebrities and this happens almost every day in the Internet world. Unfortunately, Mobile instant messaging applications are not an exception. There are many mobile chat applications available for users. Many of these applications claim that they are providing confidentiality, integrity and availability of user’s information. However, daily hacking news prove that many developers do not consider security as the primary goal of their applications.
It is because we have to rely as much as of our personal information while chatting in fact is not safe. In the public instant messaging systems process the messages are travelling from the client to the server and back to the second client. This type of data is potentially visible to eavesdroppers anywhere along its Internet path or within the network. So, this information at any prestigious moment could have gone to somebody else. For this particular reason, this project work is of the concern with the development of secure messaging system using certain cryptographic technique. End-to-end encryption (E2EE) is a method of secure communication which prevents third-parties to access data when it’s being transferred from one end system or device to another.
End to End Encryption: -In this type of encryption the data is encrypted on the sender’s system or on the device and only the recipient is able to decrypt it. Nobody in the between could act as an Internet service provider, application service provider or a hacker, could read it or tamper with it.
The cryptographic keys that are used to encrypt and decrypt the messages are stored exclusively on the endpoints, a trick is made possible through usage of public key encryption. Although this key exchange in this scenario is considered unbreakable by using particular known algorithms and which are currently obtainable computing power, there are at least two type of potential weaknesses that exist outside of the mathematics.
First, at each endpoint we must obtain the public key of the other endpoint, but a would-be attacker could provide one or both endpoints at a time with the attacker’s public key could execute a so-called man-in-the-middle attack.