Securing Instant Messages With Hardware-Based Cryptography and Authentication in Browser Extension
Gabriel Arquelau Pimenta Rodrigues,
Robson De Oliveira Albuquerque,
Gabriel De Oliveira Alves,
Fabio Lucio Lopes De Mendonca,
William Ferreira Giozza,
Rafael Timoteo De Sousa,
Ana Lucila Sandoval Orozco
Affiliations
Gabriel Arquelau Pimenta Rodrigues
Decision Technologies Laboratory-LATITUDE, Electrical Engineering Department (ENE), Cybersecurity INCT Unit 6, Technology College, University of Brasília (UnB), Brasilia, Brazil
Robson De Oliveira Albuquerque
Decision Technologies Laboratory-LATITUDE, Electrical Engineering Department (ENE), Cybersecurity INCT Unit 6, Technology College, University of Brasília (UnB), Brasilia, Brazil
Gabriel De Oliveira Alves
Decision Technologies Laboratory-LATITUDE, Electrical Engineering Department (ENE), Cybersecurity INCT Unit 6, Technology College, University of Brasília (UnB), Brasilia, Brazil
Fabio Lucio Lopes De Mendonca
Decision Technologies Laboratory-LATITUDE, Electrical Engineering Department (ENE), Cybersecurity INCT Unit 6, Technology College, University of Brasília (UnB), Brasilia, Brazil
William Ferreira Giozza
Decision Technologies Laboratory-LATITUDE, Electrical Engineering Department (ENE), Cybersecurity INCT Unit 6, Technology College, University of Brasília (UnB), Brasilia, Brazil
Rafael Timoteo De Sousa
Decision Technologies Laboratory-LATITUDE, Electrical Engineering Department (ENE), Cybersecurity INCT Unit 6, Technology College, University of Brasília (UnB), Brasilia, Brazil
Decision Technologies Laboratory-LATITUDE, Electrical Engineering Department (ENE), Cybersecurity INCT Unit 6, Technology College, University of Brasília (UnB), Brasilia, Brazil
Instant Messaging (IM) provides near-real-time communication between users, which has shown to be a valuable tool for internal communication in companies and for general-purpose interaction among people. IM systems and supporting protocols, however, must consider security aspects to guarantee the messages' authenticity, confidentiality, and integrity. In this paper, we present a solution for integrating hardware-based public key cryptography into Converse.js, an open-source IM client for browsers enabled with the Extensible Messaging and Presence Protocol (XMPP). The proposal is developed as a plugin for Converse.js, thus overriding the original functions of the client; and a browser extension that is triggered by the plugin and is responsible for calling the encryption and decryption services for each sent and received message. This integrated artifact allowed the experimental validation of the proposal providing authenticity of IM users with digital certificates and protection of IM messages with hardware-based cryptography. Results also shows the proposed systems is resistent to adversarial attacks against confidentiality and integrity and it is secure when considering cryptrographic tests like the Hamming distance and the NIST SP800-22.