It is fascinating, and yet often neglected, that a user’s privacy can be invaded not only by the absence of security measures and mechanisms, but also by improperor inadequate usage of security services and mechanisms. When designing secure systems, we must consider what services are needed and what is not.
The work in this thesis revolves around privacy-friendly instant messaging (IM)systems. In such a system, an inadequate usage of security measures leads to having IM servers being able to intercept or gather users’ private conversations. An improper usage of security measures could bring about non-repudiation which is desirable when signing contracts, but unwelcome in IM and private conversations.
We will look into requirements of the desired IM system, study the currentstate-of-the-art solutions, deploy an IM server, and briefly extend an existing modern privacy-friendly IM protocol and an open source mobile application to meet our security and privacy requirements. This extended IM application is called Guidepal-IM and is available as open source1.
The thesis work is introduced and carried out at Guidepal, a startup company in Stockholm. It is therefore supervised partly at Guidepal and partly at KTH. Since Guidepal is also looking into possibilities of integrating an IM feature to its current social media apps, our contribution would also briefly extend to studying the limitations and recommendations for Guidepal’s social media app to help user privacy preservation.
Author: Abdi Kelishami, Alireza