Encrypted SMS

Posted on by jnh0477

Team Name

ESMS

Timeline

Fall 2023 – Spring 2024

Students

  • Jacob Holz
  • Nam Huynh
  • Gilbert Lavin
  • Landon Moon
  • Parker Steach

Abstract

Secure communication is a very useful tool for many people. Internet based communication systems require servers in between users that are controlled by the service creators, thus granting an opportunity for back door access. SMS is an inherently insecure protocol, but the vast majority of modern phones are able to use it and it requires no intermediate servers to be controlled by our team. The goal of the project is to add a pleasant interface to allow the encryption, transmission, receipt, and decryption of messages over SMS that appears similar to standard messaging apps. We have created a secure program that takes advantage of SMS and avoids its pitfalls.

Background

Messaging apps send data one of two ways: through SMS which is unencrypted, or through the internet which uses a server or servers to relay messages. Nowadays phones use modern protocols that are encrypted but are sent using internet protocols. These protocols are secure but require the user to have mobile data and trust the relay server owners. If a user is in a remote location, they are less likely to have a consistent internet connection. When this happens, messages will be sent using SMS which is unencrypted and insecure as mentioned before. There are also apps such as WhatsApp and Facebook Messenger that are available but utilize a server to relay information between phones. This exposes two risks to anybody who uses these services. The first is that user information has the possibility of being accessed through intentional means by the service. This could be a backdoor that the company uses to moderate your messages, or for law enforcement to see your ‘encrypted’ messages. Secondly, since your information might be saved on a server, attackers don’t need to attack you directly to get your messaging history. Users depend on their messages being either not saved or having no security vulnerabilities. ESMS avoids these risks by using the SMS protocol which can be found on any phone and is a peer-to-peer protocol. Encrypting SMS messages doesn’t require our internet server to handle requests and insulates the encrypted data from systems that may have the knowledge required to decrypt the message besides the destination system. This gives security guarantees to the messages that people and businesses send every day.

Businesses, like any other users, need to communicate and send messages. Businesses have a lot of internal communication between coworkers that can contain company secrets. Most companies depend on service providers similar to the ones mentioned above which suffer from the security risk of those providers. Services like Microsoft Teams have become very popular for communication within medium-sized and large organizations. Companies that are focused on security consider all of their attack surfaces which include their internal service communication. Because this information is being sent to a service outside of the business, it adds one more way company information may leak. The pitfall of this approach is that conversation history is stored on a central server, SMS on the other hand communicates the information and then the device saves it. SMS does not allow attackers the ability to view unencrypted previously sent messages.

ESMS has the opportunity to provide a single solution to securely send messages between any two phones1. This provides a security guarantee for both individual users and internal communication at a large company.

1Apple does not allow 3rd party SMS applications, so this app will only be available for Android devices.

Project Requirements

  • Encrypted SMS shall use SMS exclusively for communication of data between devices.
  • Encrypted SMS shall access the device contacts to load pictures and phone numbers of existing contacts.
  • Encrypted SMS shall conform to the general appearance of standard conversation apps.
  • Encrypted SMS shall have a contacts view which allows the user to select a conversation to view.
  • Encrypted SMS shall have a conversation view which allows the user to view and decrypt previous messages.
  • Encrypted SMS shall have a conversation view which allows the user to send new messages.
  • Encrypted SMS shall allow the secure encryption of data to be sent.
  • Encrypted SMS shall have a parameters view which allows the user to alter the method and key used for encryption of messages.
  • Encrypted SMS shall store user preferences on the device.
  • Encrypted SMS shall allow the secure encryption of data to be stored.

System Overview

The System Architecture has three layers: OS Interaction, Cryptography, and Views. The OS Interaction Layer is intended to abstract most of the implementation details of interacting with the phone’s APIs. Due to the requirements of the ESMS app, the subsystems include SMS protocol interaction, contacts list reading, and data storage for saved parameters. The Cryptography Layer is intended to isolate cryptography from other systems for security. The outward-facing subsystem of the layer is the Cryptography Engine Generator which provides an encrypt/decrypt service for any of the predefined or custom cryptography engines. Lastly, the Views Layer outlines and specifies what other subsystems the three views interact with. The three views are the Contacts View, Conversation View, and Parameter (settings) View. These views generate user input and use the services of the other layers in order to get the assets required to provide an interactive visual display to the user.

Information Flow Diagram

Results

Encrypted SMS is available for download through the Google Play Store (though you may need to sign up as a beta tester in this Google Group before the page will appear). It is also available as an APK in a GitHub release.

Demo Video

Future Work

Some of us may add additional features for fun, but all core features are complete.

Possible additions include informative bubbles for important settings and visual improvements for accessibility and intuitiveness.

Project Files

Project Charter

System Requirements Specification

Architectural Design Specification

Detailed Design Specification

Poster

Source Code

References

Avoidthehack! Here are 5 reasons to stop using whatsapp. https://avoidthehack.com/stop-using-whatsapp, Aug 2022.

Developer policy center. https://play.google.com/about/developer-content-policy/

Devin Partida. Are discord messages encrypted? how safe is discord? https://rehack.com/trending/culture/are-discord-messages-encrypted/, Jul 2023.

Kendall Aronson. Groupme vs. whatsapp: Best messaging app? https://screenrant.com/groupme-vs-whatsapp-best-messaging-app/, Jan 2023.

Richard Stallman. Reasons not to use skype. https://stallman.org/skype.html.

Skskit Team. Find out the advantages and disadvantages of teams. https://www.syskit.com/blog/10-pros-and-cons-of-microsoft-teams/, May 2023.

jnh0477

More Posts