DEVELOPMENT OF BLOCKCHAIN BASED KEY MANAGEMENT TO ENSURE SECURITY OF INSTANT MESSAGING APPLICATION
The increasingly need of instant messaging, demand a stronger security and privacy of every conversation carried out in the application. Threats such as communication tapping, message manipulation, or even communication spoofing can hurt security and privacy of the message. These threats not only co...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/35450 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | The increasingly need of instant messaging, demand a stronger security and privacy of every conversation carried out in the application. Threats such as communication tapping, message manipulation, or even communication spoofing can hurt security and privacy of the message. These threats not only come from the outside, there are also threats that come from within the service provider. User’s personal data that stored in service provider’s server can cause threat where user’s data is misused which will hurt message security and privacy. In this study, a key management method is developed that utilizes blockchain to ensure message confidentiality, integrity, and deniability so that avoid it from communication tapping, message manipulation and communication spoofing. Security and privacy of an instant messaging depends on the key management that it applies. By utilizing blockchain, which a decentralize technology, a key management technique which does not depend on a third party provider in term of data (cryptographic keys and user identities) storage is developed. This will ensure the integrity of the stored data. Moreover, the immutable properties of blockchain will make it hard to change the data once it has been written. All of this properties can provide a strong foundation in ensuring confidentiality, integrity, and deniability of messages. Key management technique developed in this study includes key agreement, key storage, key derivation and key revocation. Diffie-Hellman (DH) protocol is used in the key agreement process. The use of this protocol requires users to have a private-public key pair. The public key of the user stored in a key storage which utilizes smart contract on the Ethereum network, so that the integrity of the key is guaranteed. In order to ensure forward secrecy, a PBKDF2 algorithm is applied in the process of key derivation. There’s also developed key revocation mechanism to revoke access of a public key so that it can’t be used in the key management process. Based on the results of testing on the messaging system, it can be concluded that the proposed method can avoid communication spoofing and ensure message integrity and confidentiality. However, deniability of the message can’t be fully guaranteed, because of the message’s metadata. |
|---|