Skip to main content

Advertisement

SpringerLink
Log in

Reinforcing the Security of Instant Messaging Systems Using an Enhanced Honey Encryption Scheme: The Case of WhatsApp

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

In this paper, an enhanced honey encryption (HE) scheme for reinforcing the security of instant messaging systems and confounding the time and resources of malicious persons is presented. HE offers security beyond the brute-force bound by yielding plausible-looking but fake plaintext upon decryption with an incorrect key. Recent developments have seen the application of HE in the security of specific real-world systems, such as passwords and credit cards. However, applying the HE scheme to address other economic problems remains a daunting task as it requires modifying the HE algorithm to fit into the problem-in-view. For instance, applying the scheme for robust transmission of chat-messages upon decryption with an incorrect key will demand to generate contextually correct, valid-looking but fake chat-message which is indistinguishable from a human-generated message. This paper enhances the HE scheme by leveraging natural language processing techniques to build semantically plausible but fake chat-messages which will be served to the adversary during his attacks. Findings from evaluations reveal that the novel system is resilient to eavesdropping as an adversary is unable to distinguish decoy messages from the plaintext upon decryption with an incorrect key.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Miguel, F. (2017). The rise of messaging platforms—The Economist, via Chatbot News Daily. Retrieved March 19, 2018 from https://chatbotnewsdaily.com/the-rise-of-messenger-platforms-and-its-legal-implications-62fe73355122.

  2. Wang, Z., Ma, Z., Luo, S., & Gao, H. (2018). Enhanced instant message security and privacy protection scheme for mobile social network systems. IEEE Access,6, 13706–13715.

    Article  Google Scholar 

  3. Eli, B. (2017). Benefits of Instant Messaging in the Workplace. Retrieved November 7, 2019 from https://www.eztalks.com/unified-communications/benefits-of-instant-messaging-in-the-workplace.html.

  4. Tang, Y., & Hew, K. F. (2017). Is mobile instant messaging (MIM) useful in education? Examining its technological, pedagogical, and social affordances. Educational Research Review,21, 85–104.

    Article  Google Scholar 

  5. Omolara, A. E., Jantan, A., Abiodun, O. I., Dada, K. V., Arshad, H., & Emmanuel, E. (2019). A deception model robust to eavesdropping over communication for social network systems. IEEE Access,7, 100881–100898.

    Article  Google Scholar 

  6. Kim, J. I., & Yoon, J. W. (2016). Honey chatting: A novel instant messaging system robust to eavesdropping over communication. In Acoustics, speech and signal processing (ICASSP), 2016 IEEE International Conference on (pp. 2184–2188). IEEE.

  7. Muftic, S., bin Abdullah, N., & Kounelis, I. (2016). Business information exchange system with security, privacy, and anonymity. Journal of Electrical and Computer Engineering. https://doi.org/10.1155/2016/7093642.

  8. Statista. (2019). Most popular messaging apps 2019. Retrieved January 15, 2019 from https://www.statista.com/statistics/258749/most-popular-global-mobile-messenger-apps/.

  9. WhatsApp.com. (2019). WhatsApp Security. Retrieved January 15, 2019 from https://www.whatsapp.com/security/.

  10. Ali, S. S., & Mukhopadhyay, D. (2011). Differential fault analysis of AES-128 key schedule using a single multi-byte fault. In International conference on smart card research and advanced applications (pp. 50–64). Berlin: Springer.

  11. Gulmezoglu, B., Inci, M. S., Irazoqui, G., Eisenbarth, T., & Sunar, B. (2016). Cross-VM cache attacks on AES. IEEE Transactions on Multi-Scale Computing Systems,2(3), 211–222.

    Article  Google Scholar 

  12. Beunardeau, M., Ferradi, H., Géraud, R., & Naccache, D. (2016). Honey encryption for language. In International conference on cryptology in Malaysia (pp. 127–144). Cham: Springer.

  13. Bonneau, J. (2012). The science of guessing: Analyzing an anonymized corpus of 70 million passwords. In 2012 IEEE symposium on security and privacy (pp. 538–552). IEEE.

  14. Ur, B., Noma, F., Bees, J., Segreti, S. M., Shay, R., Bauer, L., … & Cranor, L. F. (2015). " I Added'!'at the End to Make It Secure": Observing Password Creation in the Lab. In Eleventh Symposium on Usable Privacy and Security ({SOUPS} 2015) (pp. 123–140).

  15. Florêncio, D., Herley, C., Coskun, B. (2007). Do strong web passwords accomplish anything? HotSec, 7(6), 159.

    Google Scholar 

  16. Mark Burnett, A Glimpse into the World of Internet Password Dumps. Retrieved January 15, 2019 from https://xato.net/a-glimpse-into-the-world-of-internet-password-dumps-5ee4609da237.

  17. Juels, A., & Ristenpart, T. (2014). Honey encryption: Security beyond the brute-force bound. In Annual international conference on the theory and applications of cryptographic techniques (pp. 293–310). Berlin: Springer.

  18. Juels, A., & Ristenpart, T. (2014). Honey encryption: Encryption beyond the brute-force barrier. IEEE Security & Privacy,12(4), 59–62.

    Article  Google Scholar 

  19. Hoffstein, J., Pipher, J., Silverman, J. H., & Silverman, J. H. (2008). An introduction to mathematical cryptography (Vol. 1). New York: Springer.

    MATH  Google Scholar 

  20. Paar, C., Pelzl, J., & Preneel, B. (2010). Understanding cryptography: A textbook for students and practitioners. Berlin: Springer.

    Book  Google Scholar 

  21. Bernstein, D. J., & Lange, T., (2018). Cryptanalysis using GPUs. Retrieved May 29, 2018 from https://fmt.ewi.utwente.nl/NIRICT_GPGPU/slides/4th2018/Bernstein-Lange.pdf.

  22. Biryukov, A., & Großschädl, J. (2012). Cryptanalysis of the full AES using GPU-like special-purpose hardware. Fundamenta Informaticae,114(3–4), 221–237.

    Article  MathSciNet  Google Scholar 

  23. Kipper, M., Slavkin, J., & Denisenko, D. (2009). Implementing AES on GPU final report. Toronto: University of Toronto.

    Google Scholar 

  24. Milo, F., Bernaschi, M., & Bisson, M. (2011). A fast, GPU based, dictionary attack to OpenPGP secret keyrings. Journal of Systems and Software,84(12), 2088–2096.

    Article  Google Scholar 

  25. Bernstein, D. J., Chen, H. C., Cheng, C. M., Lange, T., Niederhagen, R., Schwabe, P., & Yang, B. Y. (2010). ECC2K-130 on Nvidia GPUs. In International conference on cryptology in India (pp. 328–346). Berlin: Springer.

  26. Jo, H. J., & Yoon, J. W. (2015). A new countermeasure against brute-force attacks that use high performance computers for big data analysis. International Journal of Distributed Sensor Networks,11(6), 406915.

    Article  Google Scholar 

  27. Bogdanov, A., Khovratovich, D., & Rechberger, C. (2011). Biclique cryptanalysis of the full AES. In International conference on the theory and application of cryptology and information security (pp. 344–371). Berlin : Springer.

  28. Grassi, L. (2018). Mixture differential cryptanalysis: A new approach to distinguishers and attacks on round-reduced AES. IACR Transactions on Symmetric Cryptology, 2018(2), 133–160.

    Google Scholar 

  29. Paganini, P. (2018). A security issue in WhatsApp potentially allows attackers to eavesdrop on encrypted Group chats. Retrieved January 15, 2019 from https://securityaffairs.co/wordpress/67627/hacking/whatapp-group-chat-hack.html.

  30. Greenberg, A. (2018). WhatsApp Flaws Could Allow Snoops to Slide into Group Chats, WIRED, 2018. Retrieved January 15, 2019 from https://www.wired.com/story/whatsapp-security-flaws-encryption-group-chats/.

  31. Pettit, H. (2019). WhatsApp security flaw lets ANYONE spy on private chats. Retrieved January 15, 2019 from https://www.dailymail.co.uk/sciencetech/article-5257713/WhatsApp-security-flaw-lets-spy-private-chats.html.

  32. Shah, S. (2009). WhatsApp hack warning—newly discovered exploit lets hackers access your group chat to spread fake messages. Retrieved March 15, 2019 from https://www.thesun.co.uk/tech/6967953/whatsapp-hack-fake-group-chat-messages/.

  33. Gizmodo.com. (2019). Retrieved February 12, 2019 from https://gizmodo.com/nasty-whatsapp-bug-left-users-vulnerable-to-attack-by-s-1829658664.

  34. NewsComAu. (2019). Terrifying WhatsApp flaw allows hackers to impersonate you. Retrieved April 15, 2019 from https://www.news.com.au/technology/online/hacking/the-latest-whatsapp-hack-sees-usersimpersonated-by-attackers/news-story/096085d222657dc25d919e39d3d9385e.

  35. Yusof, M. K., & Abidin, A. F. A. (2011). A secure private instant messenger. In The 17th Asia Pacific conference on communications (pp. 821–825). IEEE.

  36. Del Pozo, I., & Iturralde, M. (2015). CI: A new encryption mechanism for instant messaging in mobile devices. Procedia Computer Science,63, 533–538.

    Article  Google Scholar 

  37. Wang, C. J., Lin, W. L., & Lin, H. T. (2013). Design of an instant messaging system using identity-based cryptosystems. In 2013 Fourth international conference on emerging intelligent data and web technologies (pp. 277–281). IEEE.

  38. Karabey, I., & Akman, G. (2016). A cryptographic approach for secure client–server chat application using public key infrastructure (PKI). In 2016 11th international conference for internet technology and secured transactions (ICITST) (pp. 442–446). IEEE.

  39. Chen, H. C., Wijayanto, H., Chang, C. H., Leu, F. Y., & Yim, K. (2016). Secure mobile instant messaging key exchanging protocol with one-time-pad substitution transposition cryptosystem. In 2016 IEEE conference on computer communications workshops (INFOCOM WKSHPS) (pp. 980–984). IEEE.

  40. Chatterjee, R., Bonneau, J., Juels, A., & Ristenpart, T. (2015). Cracking-resistant password vaults using natural language encoders. In Security and privacy (SP), 2015 IEEE symposium on (pp. 481–498). IEEE.

  41. Golla, M., Beuscher, B., & Dürmuth, M. (2016). On the security of cracking-resistant password vaults. In  Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 1230–1241). ACM.

  42. Huang, Z., Ayday, E., Fellay, J., Hubaux, J. P., & Juels, A. (2015). Genoguard: Protecting genomic data against brute-force attacks. In Security and Privacy (SP), 2015 IEEE Symposium on (pp. 447–462). IEEE.

  43. Omolara, A. E., & Jantan, A. (2019). Modified honey encryption scheme for encoding natural language message. International Journal of Electrical and Computer Engineering (IJECE),9(3), 1871.

    Article  Google Scholar 

  44. Omolara, A. E., Jantan, A., Abiodun, O. I., & Poston, H. E. (2018). A novel approach for the adaptation of honey encryption to support natural language message. In Proceedings of the International multiconference of engineers and computer scientists (Vol. 1).

  45. Almeshekah, M., & Spafford, E. (2014). Using deceptive information in computer security defenses. International Journal of Cyber Warfare and Terrorism,4(3), 63–80. https://doi.org/10.4018/ijcwt.2014070105.

    Article  Google Scholar 

  46. Yuill, J. (2006). Defensive computer-security deception operations: Processes, principles and techniques (Ph.D. Dissertation). North Carolina State University.

  47. Whitham, B. (2014). Design requirements for generating deceptive content to protect document repositories. In Australian information warfare and security conference (pp. 20–30).

  48. Rowe, N. C., & Rrushi, J. (2016). Introduction to cyberdeception. New York, NY: Springer.

    Book  Google Scholar 

  49. Karuna, P., Purohit, H., Ganesan, R., & Jajodia, S. (2018). Generating hard to comprehend fake documents for defensive cyber deception. IEEE Intelligent Systems,33(5), 16–25. https://doi.org/10.1109/mis.2018.2877277.

    Article  Google Scholar 

  50. Han, X., Kheir, N., & Balzarotti, D. (2018). Deception techniques in computer security. ACM Computing Surveys,51(4), 1–36. https://doi.org/10.1145/3214305.

    Article  Google Scholar 

  51. Miller, G. (1995). WordNet: A lexical database for English. Communications of the ACM,38(11), 39–41. https://doi.org/10.1145/219717.219748.

    Article  Google Scholar 

  52. Cover, T. M., & Thomas, J. A. (2012). Elements of information theory. New York: Wiley.

    MATH  Google Scholar 

  53. Choi, H., Nam, H., & Hur, J. (2017). Password typos resilience in honey encryption. In 2017 International conference on information networking (ICOIN) (pp. 593–598). IEEE.

Download references

Acknowledgements

Funding was provided by USM RUI Grant (Grant No. 1001/PKCOMP/8014017).

Author information

Authors and Affiliations

  1. Security and Forensic Research Group (SFRG), School of Computer Science, Universiti Sains Malaysia, Penang, Malaysia

    Esther Omolara Abiodun, Aman Jantan & Oludare Isaac Abiodun

  2. Department of Computer Science, The Islamia University of Bahawalpur, Bahawalpur, Pakistan

    Humaira Arshad

Authors
  1. Esther Omolara Abiodun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aman Jantan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Oludare Isaac Abiodun
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Humaira Arshad
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Esther Omolara Abiodun.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Abiodun, E.O., Jantan, A., Abiodun, O.I. et al. Reinforcing the Security of Instant Messaging Systems Using an Enhanced Honey Encryption Scheme: The Case of WhatsApp. Wireless Pers Commun 112, 2533–2556 (2020). https://doi.org/10.1007/s11277-020-07163-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-020-07163-y

Keywords

Search

Navigation