October 7, 2013
Carnegie Mellon University Researchers To Unveil New Smartphone App for secure messaging to protect against interception and impersonation
CyLab Scientists Provide Confidence for Communication in an Uncertain World
Carnegie Mellon University CyLab researchers have developed a free smartphone app for iOS and Android users, to help securely exchange identity data among smartphones users who wish to communicate without risk of interception and impersonation.
The new app was recently featured at the prestigious annual ACM Conference for Mobile Computing and Networking (MobiCom) in Miami, Fla.
"SafeSlinger provides you with the confidence that the person you are communicating with is actually the person they have represented themselves to be," said Michael W. Farb, a research programmer at Carnegie Mellon CyLab. "The most important feature is that SafeSlinger provides secure messaging and file transfer without trusting the phone company or any device other than my own smartphone."
As more and more consumers access the Internet from an ever-expanding pool of mobile devices, including cellphones and tablets, threats such as eavesdropping and impersonation continue to become more frequent and increasingly sophisticated. Impersonation is used by spammers to seduce a victim into trusting a message. Widespread eavesdropping and information disclosure have recently become apparent, which is a risk especially when hackers can capture the stored information.
"With SafeSlinger, users can gain control over their exchanged information through end-to-end encryption, preventing intermediate servers or service providers from reading their messages or other personal information that is exchanged," said Adrian Perrig, a professor at ETH (Eidgenossische Technische Hochschule) in Zurich, Switzerland, and former technical director of CMU CyLab.
Yue-Hsun Lin, a CyLab researcher and part of the SafeSlinger team, said, "Many mobile messenger apps still use unencrypted even unauthenticated messages for their communication. Adversaries can easily wiretap or hijack any communication between those insecure apps." SafeSlinger protects message secrecy and authenticity against network threats through modern cryptography, but still keeps a simple user experience like today’s messenger apps.
But CyLab researchers report that SafeSlinger's user-centric security design includes an advanced protocol, which incorporates elements of several cryptographic schemes and factors in the prevention of numerous types of attacks. "The details of the cryptographic schemes are complicated; however our user-centric design does not require user awareness, and with minimal user interactions, the benefits of SafeSlinger are amplified when several users wish to set up a secure communication channel," according to Tiffany Hyun-Jin Kim, a CyLab systems scientist who is a member of the SafeSlinger team. "Moreover," she emphasizes, "SafeSlinger’s easy-to-use interface brings cryptography and secure communication to non-expert users, meanwhile achieving military-grade security against hackers."
SafeSlinger provides users with an easy way to securely exchange messages for free, without the need to trust any external party.
For more information about SafeSlinger, see www.cylab.cmu.edu/safeslinger.
See all CyLab News articles