Bilkent University
Department of Computer Engineering


Designing Secure Mobile Messaging Over Internet


Burak Kocuroğlu
MS Student
(Supervisor: Assoc. Prof. Dr. İbrahim Körpeoğlu)
Computer Engineering Department
Bilkent University

Mobile messaging over Internet is one of the most actively used communication methods. As it is heavily used for almost all kind of topics, the security of it becomes a major concern. However, there is no widely accepted security protocol standard for it. Each implementation either defines its own security protocol or adopts an existing one. We have defined a set of security requirements for secure messaging applications. Some of the most popular secure messaging applications (Cryptocat, Telegram, Threema and Signal) are analyzed according to these requirements. We have also designed our solution to match the requirements and improved its security as much as possible without harming the usability. Our solution provides E2E encrypted messaging with PFS support, local disk encryption, certificate pinning, improved random number generation with user input and uses a strong KDF. Our design rationales for the requirements are presented and discussed in detail.


DATE: 20 January, 2016, Wednesday @ 10:00