Detalhes bibliográficos
| Ano de defesa: |
2022 |
| Autor(a) principal: |
Komo, Andrea Erina |
| Orientador(a): |
Não Informado pela instituição |
| Banca de defesa: |
Não Informado pela instituição |
| Tipo de documento: |
Dissertação
|
| Tipo de acesso: |
Acesso aberto |
| Idioma: |
eng |
| Instituição de defesa: |
Biblioteca Digitais de Teses e Dissertações da USP
|
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: |
|
| Link de acesso: |
https://www.teses.usp.br/teses/disponiveis/3/3141/tde-22052023-143703/
|
Resumo: |
Message integrity in mobile communication apps has become an important issue since such apps are being used as corporate tools. In particular, it is not uncommon for messages thereby exchanged to be used as negotiation documents, sales, bank transactions. However, by design, most of these applications do not provide any verification feature to confirm the integrity or authenticity of conversations after they have been delivered to their destinations. There are several examples in the literature of how it is possible to imperceptibly modify records in apps such as WhatsApp, Telegram, and others. In addition, most applications available on the market use a centralized architecture, which may raise doubts about messages integrity and authenticity. After all, because the central entity controls the service, it has the technical freedom to execute a man-in-the-middle (MitM) attack and perhaps modify messages without being detected. All of these characteristics can compromise the negotiations made on these message exchange platforms. To resolve this issue of conversation integrity, this work proposes a message structure composed of chained cryptographic hashes (hash chain) that ensure a way to audit and verify conversations. Also, we propose to use a distributed system as a communication infrastructure, leading to a scenario that is more independent from any controlling entity that may interfere with the flow of messages. For this, the proposed system combines technologies such as PGP (Pretty Good Privacy), peer-to-peer (P2P) communications, and a hash-chaining mechanism with selective disclosure. The different modules that make up this solution are architecture-independent and, therefore, can be integrated individually into any instant messaging application. The tests documented in this work proved to be satisfactory in terms of execution times of less than two seconds and the robustness of the independent audit solution. |
