Designing a secure messaging application together
Most of us know that the “secure” messaging apps that we use every day (SMS, WhatsApp, Viber, Skype, etc.) are actually full of email interception capabilities. They use intermediate servers to send messages and keep a copy of each message. Automatically a copy of each message is duplicated on state servers and is never deleted from there. Also automatically logged information about what IP at what time with whom he spoke.
For a couple of months, I thought about how to implement a truly secure messaging application that cannot be intercepted in any way.
Sometimes messages try to encrypt and send them to the server already encrypted, but does it really work? The Man In The Middle attack is easily implemented here, when the server pretends to be the client to whom the message is intended and receives the message in unencrypted form, although the client thinks that the message can only be read by the final recipient.
Discussing the architecture of the application, which could be used every day and at the same time not to think about privacy issues, I came to the following set:
What did I miss when developing a secure application architecture? What can be improved?
For a couple of months, I thought about how to implement a truly secure messaging application that cannot be intercepted in any way.
Sometimes messages try to encrypt and send them to the server already encrypted, but does it really work? The Man In The Middle attack is easily implemented here, when the server pretends to be the client to whom the message is intended and receives the message in unencrypted form, although the client thinks that the message can only be read by the final recipient.
Discussing the architecture of the application, which could be used every day and at the same time not to think about privacy issues, I came to the following set:
- Open source. Thus, anyone can study in detail how the application works and make sure there are no backdoors.
- P2P. Clients connect directly to each other. Messages never pass through the server, which eliminates the possibility of interception in any form. I am currently considering WebRTC Jingle to implement P2P using libjingle for iOS and Android.
- TOR . All connections are made by the client within the anonymous Tor network. In this way, the IP addresses of clients are hidden, as well as the initial encryption of traffic, which prevents listening.
- OTR is used to further encrypt all messages between users and authentication purposes.
- The Android version is being developed based on ChatSecure . The iOS version is being developed from scratch.
- In order to help customers find each other and establish direct P2P connections, an XMPP server is used. At the moment, the choice lies between Openfire and ejabberd.
What did I miss when developing a secure application architecture? What can be improved?