A Secure End-to-End Mobile Chat Scheme [625396]

A Secure End-to-End Mobile Chat Scheme
Hsing-Chung Chen (Jack Chen)*
Dept. of Computer Science and Information Engineering
Asia University, Taichung 41354, Taiwan, R.O.C.
Dept. of Medical Research, China Medical University
Hospital, China Medical University Taichung, 40402,
Taiwan, R.O.C. (Research Consultant) Jyh-Horng Wen
Department of Electrical
Engineering
Tunghai University
Taichung 40704, Taiwan,
R.O.C. Cheng-Ying Yang
Department of Computer
Science
University of Taipei
Taipei 10048, Taiwan,
R.O.C.

Abstract —Currently, mobile communications are provided
convenient methods to explore and communicate with each other
people. A multitude of services have converged on the
smartphone platform, and potentially the most notable is social
networking. Thus, the electronic Mobile Chat (MC) plays a very
important role in the social networking. With the increasingly growing reliance on Mobile Chat System (MCS) in one hand, and
the growing number of vulnerabilities and attacks on the other
hand, there is an increasingly demand for the security solutions.
Despite of the critical role of MCS in the typical Internet mobile user’s life, electronic MC services are not so secure. Therefore,
the secure End-to-End Mobile Chat (SE2E-MC) scheme is
proposed to be one of the suitable solutions. The basic framework
for SE2E-MC scheme and its associated requirements are also designed in this paper. The proposal is implemented to provide
mutual authentication and prevent the password guessing attack
and the undetectable on-line password guessing attack. Finally,
the scheme is a password-based authentication and key agreement (AKA) having easy remembered property.
Keywords—secure mobile chat; mobile chat; authentication
and key agreement; End-to-End; mutual authentication
I. INTRODUCTION
In 2014, the number of mobile subscribers has exceeded
1.2 billion people who use smart mobile phone in the world
[1]. Smart mobile phones especially in the third and fourth
generations of cellular systems can fast connect to Internet,
and the subscribers are easily capable of sending and receiving
MC messages via the Mobile Application (Mobile APP) tools,
e.g. ChatOn, Line, QQ etc. Therefore, the electronic Mobile
Chat (MC) plays a very important role in the human-to-human
(H2H) communications. Despite of the critical role of MCS in the typical Internet user’s life, electronic MC is not so secure. The processing capabilities of smart mobile phones are increasingly enhanced but it cannot compete with the
processing capabilities of personal computers. With the
increasingly growing reliance on Mobile Chat System (MCS)
in one hand, and the growing number of vulnerabilities and
attacks on the other hand, there is an increasingly demand for the security solutions [3-5]. There are also some additional security problems in the wireless media that are not the case in
a wired system. Therefore, special secure protocols are
required for variety MCS platforms.
In the recent years, Data Co nfidentiality, Authentication,
Integrity, Non-repudiation, A ccess control, and Availability
are the most important security services in the security criteria that should be taken into account in secure applications and
systems [2-9]. However, there is no provision for such security services in the MC and MCS. Bo th MC client and MC server
are vulnerable to both passive and active attacks. Passive threats include Release of message contents, and Traffic
analysis while active threats include Modification of message
contents, Masquerade, Replay, and Denial of Service (DoS) [10-12]. Actually, all the mentioned threats are applicable to the MC communications [13, 14].
Owing to the requirement of which secure MC enables
smartphone devices to secure communicate in the relationship
of H2H or group. Despite of many solutions [2-6] are
available now that provide the End-to-End (E2E) secure communications, which most of them are using the classical ciphers, traditional symmetric cryptosystems and public key cryptography which are dealing with processing the secure communications among variety personal computers and
servers platforms, the solutions designed for MC could not be
suitable for H2H and secure MC group communication. However, several implementations [2-5] provide these services, but none of them offers real easily utility security and preserve the privacy of the end-users. Because of the human’s
memory limited, people always use the easily remembered
word or memorable things as the secret password. However, it will let the traditional security solutions becoming more vulnerable, because it is easily suffered from password guessing attacks [8, 9]. In the other words, the new technology proposed in this paper will realize new applications that are
more suitable for secure E2E and group mobile
communications.
The rest of the paper is structured as follows. Next section
addresses previous work on the topic. Section 3 describes the
system’s overall architecture and presents. Section 4 evaluates the proposed scheme in terms of security and provides
theoretical analyses. The last session concludes the paper and
gives pointers to future work.
II. R
ELATED WORKS
In 2014 May, H.-C. Chen et al. [4] first presented a new
concept about MTC (Mobile Text Chat) using a rotation
session key-based transposition cryptosystem scheme. Their
proposed scheme only deals with the secure text-mode
transposition for MC. It adapted the technologies of classical
*Correspondence Author: Hsing-Chung Chen (Jack Chen), E-Mails: cdma2000@asia.edu.tw also
shin8409@ms6.hinet.net .
2014 Ninth International Conference on Broadband and Wireless Computing, Communication and Applications
978-1-4799-4173-5/14 $31.00 © 2014 IEEE
DOI 10.1109/BWCCA.2014.147472

block cipher, substitution and transposition. In addition, the
new session key can be generated by the matrix rotation technology. It could be easily applied to MTC transmitted via mobile devices using the quick encryption and decryption algorithm. However, the scheme cannot solve the problem of secret key distribution to each other MC user.
In 2014 July, R.N. Akram et al. [6] evaluated the security
and privacy preserving features from existing mobile chat services. They also put forwards a basic framework for an E2E security and privacy-preserving mobile chat service and associated requirements. Their proposal was implemented to provide proof-of-concept and evaluate the technical difficulty of satisfying the stipulated security and privacy requirements. However, the secret key used in their scheme compared to password-based is not easy to remember.
Finally, the two solutions mentioned above did not address
the secure group MC services.
III. PROPOSED
SCHEME
If a mobile user iuwants to use the MC services, she/he needs
to download and install [5] the client application (APP for
short) of MC from an APP store. The user will then initiate the
registration phase which is used to create a new account
consists of a distinct Identification iu and an initial password
iuPWshared and kept secure by MCS and her/himself. Second,
if the mobile user iu wants to secure communicate a group
which consist of some invited members for specific purpose,
e.g. secure broadcasting and multicasting messages, she/he
needs to launch a group request for MC construct phase to MCS for organizing a special secure group. The generic
architecture of constructing a secure group MC is shown in
Fig.1.
The system’s overall architecture including MC client
registration phase, secure E2E MC scheme and secure short
group mobile chat scheme is presented as below.
A. MC Client Registration phase
This subsection will illustrate the scheme of registration phase.
The MCS provides an public key encryption algorithm
()pE⋅,
decryption algorithm ()pD⋅and public keysPK together with
the client APP software, a simple symmetric key
algorithm ()sE⋅and ()sD⋅, a trapdoor one-way hash
function ()sF•and a one-way hash function ()kf•packed into
a download package, where the private keysPR, only kept
secure by MC server, is relative to public key, such that
() ()ssPR PUD EMM = .
After choosing an Identity
iuIDand password
iuPW , the
useriu sends the registration request messages
() { }ii sp
uu PUID || E PW including the chosen and Identity and
encrypted password to CA server of MCS. Upon receiving the request messages, the CA server of MCS calculates and
verifies the password ()ii sp
uu PRD PW PW = the
Identity
iuIDwhether they are available or not. If it is available,
then the ID and corresponding password will be secure kept
by MCS and send the acknowledgment to the requestoriu.
For example, the clients iu and ju initial the registration
processes in Fig. 2. Finally, CA server of MCS will keep the
Identities and passwords { }iiuuID ,PW and{ }j j uuID ,PW for
clientiuand clientju, individually.
B. Secure End to End MC Scheme
This subsection will illustrate the secure En d to End MC
(SE2E-MC) scheme. There are two phases in this scheme. In
the Key Exchange Phase , two clients generate the exchange
key via MSC server. The secure MC End to End session will
be held by the processes shown in the Secure Messages
Delivery Phase .
1) Secure Key Generation Phase
Step A1: Secure End to End MC request (SE2E MC Request):
If a client iuwants to launch a secure mobile chat
with client ju. The clientiu generates two random
numbersiR andir , and performs
()iR
iNg m o d p= and ()ir
is iK Nm o d p= .
Moreover, he
performs ()iPW i iE NP W⊕ ,()siFrand ()isKif N .
Finally, he sends these messages
includingiN ,isK ,
iuID ,
juID ,SID ,
()iPW i iE NP W⊕ ,()siFr, and ()isKif Nto CA server
of MCS. Because of all the messages are delivered
from all clients, which they will be stored into the Group Messages Storages of the MSC server.
Step A2:
Mobile Chat Invitation Request (MCI Request): After
receiving the messages sent by the client iu, the
server MSC forwards the request to the client ju.
Step A3: Secure End to End MC Response (SE2E MC
Response): Similarly, when the client jureceives the
request from iu, he also generates two random
numbersjR andjr , and performs
()jR
jNg m o d p= and ()jr
js jK Nm o d p= .
Moreover, he
performs ()jPW j jE NP W⊕ ,()s j Frand ()jsKjf N .
Finally, he sends these messages
includingjN ,jsK ,
iuID ,
juID ,SID
()jPW j jE NP W⊕ ,()s j Frand ()jsKjf Nto CA server
of MCS.
473

Step A4: Verification by Cryptographic Accelerator of MSC
(Verification by CA of MSC): After collecting the
messages sent by the clients iuand ju, the MSC
initial Cryptographic Accelerator of the MSC (CA
server of MCS for short) will then
decrypt ()jP W jj jjD NP W NP W⊕= ⊕ by using the
corresponding passwordjPW and
decrypt ()iPW i i i iD NP W NP W⊕= ⊕ by using the
corresponding passwordiPW, individually. Moreover,
the CA server of MCS retrievesiNandjN by the
equations
()jj j jNP W P WN⊕⊕ = and()ii i iNP W P WN⊕⊕ = usi
ng the corresponding passwordsiPWandjPW,
respectively. Next, CA server of MCS derivesirand
jr from the trapdoor one-way hash
functions ()SiFrand ()SjFr. Then, CA server of
MCS performs ()ir
is iK Nm o d p= and
()jr
js jK Nm o d p= from the valuesir,jr,iNandjN.
Next, CA server of MCS then verifies that the
received hash values ()isKif Nand ()jsKjf N. If these
verifications for authentication between both client
iu and client ju are successful, then the CA server
of MCS will generate a random numberSR. But, if
these verifications for authentication are unsuccessful,
the CA server of MCS will reject this request.
Step A5: Secure MC Key Generation (SMC Key Generation):
The CA server of MCS performs the secure MC key
() ( ) () () ()i js js iis j j Si SR RR RR RRRR R RR R
isj i j jsiK Ng g g N K m o d p/g167/g183 /g167/g183== = = == /g168/g184 /g168/g184/g169/g185 /g169/g185
for both client iu and clientju, and other four
messages as ()SR
iNm o d p and ()SR
jNm o d p ,
()S
is i jR
Ku u i s jfI D , I D , K , N and
()S
js i jR
Ku u j s ifI D , I D , K , N .
Step A6: Secure MC Key Distribution (SMC Key Distribution):
Finally, CA server of MCS will send back only these
messagesSR
jN , ()S
is i jR
Ku u i s jfI D , I D , K , N to client
iu , and the messagesSR
iN and
()S
js i jR
Ku u j s ifI D , I D , K , N to client ju, individually.
Step A7: Secure MC Key Recovery (SMC Key Recovery):
When the client iu got the messagesSR
jN and ()S
is i jR
Ku u i s jfI D , I D , K , N , he can verify
()S
is i jR
Ku u i s jfI D , I D , K , N by using SR
jN and the pre-
calculated messages
iuID,
juID, andisK. If the
messages are verified successful, then the client iu
performs the secure MC key as
() ()iSRR
ji s jNK m o d p = . When the client ju got the
messagesSR
iN and ()S
js i jR
Ku u j s ifI D , I D , K , N , he can
verify ()S
js i jR
Ku u j s ifI D , I D , K , N by usingSR
iN and the
pre-calculated messages
iuID,
juID, andjsK. If the
messages are verified successful, then the client ju
performs the secure MC key as
() ()jSRR
ij s iNK m o d p = .

2) Secure Messages Delivery Phase
In the phase, we assume that if the message set
{ } { } 12 123xu *
i m m ,m ,…,m ,… ,x Z , , ,… =∈ = will be secure
sent one by one to the client ju by the client iu. The client
iu performs the ciphertext ()ix
Kisjuu s *
iicE m , i Z=∈ by a
simple symmetric key algorithm ()sE⋅using the secure MC
keyjsiK. Upon receiving the secure messages, the Message
Server of MCS will store them to Message Storage Server of
MCS, shown in Fig. 1, and forward them to the client ju.
Because of all the messages are delivered from all clients,
which they will be stored into the Messages Storage of the
MSC server. After receiving the ciphertext messages, the
client ju will decrypt them by same simple symmetric key
algorithm ()sE⋅, that as () ()xx x
KKjsi isjuu u s s*
ii i E cE cc , i Z== ∈ .
On the contrary, if the message set
{ } {} 12 123yu *
j m m ,m ,…,m ,… , j Z , , ,… =∈ = will be secure
sent one by one to the client iu by the clientju. The client ju
compute the ciphertext ()yy
Kisjuu s *
jjcE m , i Z=∈ by a simple
symmetric key algorithm ()sE⋅. Upon receiving the secure
messages, the CA server of MCS will store them to message
storage of CA server of MCS, and forward them to the client
iu. After receiving the ciphertext messages, the client iu will
decrypt them by same simple symmetric key algorithm ()sE⋅,
that as () ()yy y
KKisj jsiuu u s s*
jj j E cE cm , j Z== ∈ .
474

IV. SECURE ANALYSES AND DISCUSSIONS
In this section, the proposed SE2E-MC scheme is discussed
and analyzed in the terms of preventing the password guessing attack and the undetectable on-line password guessing attack. The details of the
discussions and analyses are described as
show.
A. Mutual authentication
The work of mutual authentication among client iu, client
ju and CA server are analyzed as below, where CA is a
trusted server in MCS. First, in our scheme client iu and
client ju use the trapdoor hash function ()•SF to
communicate the random number ir and jr, respectively.
Only CA server knows this trapdoor, therefore the two
generated random number iRandir only CA server can be
securely retrieved from ()SiFrand ()SjFr. Then, client iu
and client ju utilize the password-based symmetric
encryption to encrypt
()iPW i iE NP W⊕ and ()jPW j jE NP W⊕ by using the
corresponding passwords. Next, CA server then extracts ir
and jr from the one-way trapdoor hash
functions ()SiFrand ()SjFr, and computes the one-time
strong keys isKand jsKfrom the valuesir, jr, iN and jN.
Next, CA server then verifies that the received hash
values ()isKif Nand ()jsKjf N. If these mutual authentication
procedures between client iuand client ju are successful, CA
server can trust that both client iuand client ju are the
legitimate users.
On the contrary, after authenticating procedures of client
iu and client ju, CA server of MCS can use the previously
computed one-time strong keysisKand jsKto compute the
hash values
()S
is i jR
Ku u i s jfI D , I D , K , N and ()S
js i jR
Ku u j s ifI D , I D , K , N . Next,
CA server then sends these messagesSR
jN ,
()S
is i jR
Ku u i s jfI D , I D , K , N to client iu , and the
messagesSR
iN and ()S
js i jR
Ku u j s ifI D , I D , K , N to client ju,
individually. When the client iuor ju receives these messages
sent from CA server, clientiuorju then checks
) , , , ( S
BSR
A BS B A K N K ID ID f or ()S
js i jR
Ku u j s ifI D , I D , K , N
to verify CA server’s accuracy. If the authentication procedure
for MCS sever is successful, then the client iuor ju performs
the secure MC key as () ()iSRR
ji s jNK m o d p = =() ()jSRR
ij s iNK m o d p = .
Finally, through the above process, CA server of MCS can
verify the correctness of client iu and client ju, client iu and
client ju can also verify the correctness of CA server of MCS.
B. Prevent to the password guessing attack
In the subsection, the proposed SE2E-MC scheme is
respectively analyze to prevent the password guessing attack.
Generally, an attacker may use the detectable/undetectable on-line guessing attacks to get the password of MC user. Because
of the sensitivity information such
as
()iPW i iE NP W⊕ , ()jPW j jE NP W⊕ ,()siFr,()s j Fr,
()isKif N and ()jsKjf N are protected by using
theiPW,jPW,iN,jN, ir, jrand the trapdoor hash function.
Therefore, the attacker doesn’t know the MC’s password via
variety guessing attacks. However, each client has her/him own password only shared by the CA server of MCS. If the
authentication procedure is fail, the request will be reject.
Thus, the proposed scheme could effectually protect the off-line password guessing attack.
C. Prevent to the undetectable on-line password guessing
attack
For preventing the on-line undetectable password guessing
attacks, we add the operations of both iiNP W⊕ and
jjNP W⊕ into the symmetric algorithms
as ()iPW i iE NP W⊕ , ()jPW j jE NP W⊕ . However, the
passwords are shared between the CA server of MCS and the
corresponding users. When attackers want to guess the
corresponding users password, they need to pass the authentication procedure. Owing to the corresponding
password is only kept by the CA server of MCS and
corresponding user, such as the password
iPW corresponds to
client iu and the password jPWcorresponds to clientju.
Therefore, the proposed scheme could resist the undetectable
on-line password guessing attack.
V. CONCLUSIONS
Owing to the increasingly growing reliance on Mobile Chat
(MC) services play a very important role in the social networking, which are accompanied by the growing number of
vulnerabilities and attacks on their APP clients and APP server.
Thus, there are an increasingly hug demand for the security solutions. Therefore, the secure SE2E-MC scheme is proposed,
which it has be proved to one of the suitable solutions in this paper. This cryptosystem and its associated requirement are also designed in Section 3. The security analyses and discussions were addressed in Section 4, which the mutual
authentication mechanism and prevent the password guessing
attack and the undetectable on-line password guessing attack
are analyzed. Moreover, the proposed scheme is a password-
based authentication and key agreement (AKA) having easy
475

remembered property. Finally, the secure group cryptosystems
communications are also required for secure group MC applications in the future work.

Acknowledgment
This work was supported in part by the Ministry of
Science and Technology, Taiwan, Republic of China, under Grant MOST 103-2221-E-468-027, also by Asia University, Taiwan, under Grant 101-asia-28.

References
[1] MobiThinking, “Global Mobile Statistics 2014 Home: All The Latest
Stats on Mobile Web, Apps, Marketing, Advertising, Subscribers, and
Trends: Smartphone Shipments/Forecasts by Operating System Market Share,” August 31, 2014. [On-line] http://mobithinking.com/mobile-
marketing-tools/latest-mobile-stats.
[2] H.C. Chen, C.Y. Yang, H.K. Su, C.C. Wei and C.C. Lee, “A Secure E-
Mail Protocol Using ID-based FNS Multicast Mechanism,” Computer Science and Information Systems, Special Issue on Mobile Collaboration Technologies and Internet Services, Volume 11, Issue 3,
pp. 1091-1112, pp. August, 2014.
[3] H.C. Chen, “Secure Multicast Key Protocol for Electronic Mail Systems
with Providing Perfect Forward Secrecy,” Security and Communication
Networks, Vol. 6, No. 1, pp. 100–107, January, 2013.
[4] H.C. Chen, A.L.V. Epa, "A Rotation Session Key-Based Transposition
Cryptosystem Scheme Applied to Mobile Text Chatting," Proceedings of The 28th IEEE International Conference on Advanced Information Networking and Applications (AINA2014), DOI: 10.1109/AINA.2014.163, pp. 497 – 503, Victoria, Canada, May 13-16,
2014. [5] A. Loukas, D. Damopoulos,S.A. Menesidou,M.E. Skarkala, G.
Kambourakis,S. Gritzalis, "MILC: A Secure and Privacy-Preserving Mobile Instant Locator with Chatting," Information Systems Frontiers,
Vol. 14, Issue 3, pp. 481-497, July, 2012.
[6] R.N. Akram, R.K.L. Ko, “End-to-End Secure and Privacy Preserving
Mobile Chat Application,” Eighth Workshop in Information Security Theory and Practice: Securing the Internet of Things (WISTP 2014), pp.
124 -139, 2014.
[7] H.C. Chen, A. Christiana, “A Role-based RSA Key Management
Approach in a Hierarchy Scheme,” Proceedings of 2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS2014), IEEE DOI 10.1109/IMIS.2014.32,
pp. 258-264, Birmingham, United Kingdom, July 2-4, 2014.
[8] H.C. Chen, H.Y. Chuang, “An Enhanced Three-party Encrypted Key
Exchange Protocol Using Digital Time-Stamp,” NCM2010: 6th
International Conference on Networked Computing and Advanced Information Management, Seoul, Korea, pp. 665 – 670, August 16–18,
2010.
[9] H.C. Chen, H.Y. Chuang, “A Three-party Encrypted Key Exchange
Protocol with Protected Password Authentication,” The IET International Conference on Frontier Computing–Theory, Technologies and Applications (IET FC 2010), pp. 275 – 280, Taichung, Taiwan,
August 4-6, 2010.
[10] H.C. Chen, S.S. Tseng, C.H. Mao, C.C. Lee, R. Churniawan, “An
Approach for Detecting Flooding Attack Based on Integrated Entropy
Measurement in E-Mail Server,” The 8th International Conference on
Embedded and Multimedia Computing (EMC-2013), Taipei, Taiwan,
August, 2013.
[11] M. Toorani, “SMEmail – A New Protocol for the Secure E-mail in
Mobile Environments,” Telecommunication Networks and Applications
Conference (ATNAC 2008), Australasian, pp. 39-44, 2008.
[12] W. Stallings, "Network Security Essentials: Applications and
Standards," Prentice Hall, 2000.
[13] E. Cole, R. Krutz, and J.W. Conley, "Network Security Bible," Wiley
Publishing Inc., 2005.
[14] R.J. Sutton, "Secure Communications, Applications and Management,"
John Wiley&Sons, 2002.

Mobile Chat System (MCS)

MC Client

MC Client

MC Client

Fig.1. The Architecture of Mobile Chat System : MC user registration phase
: Secure Key Generation Phase
: MC Secure Messages Delivery Phase
476

……

Fig.2. Registration phase

Fig.3. End to End Secure MC Key Generation Phase Clientiu Clientju CA server of MCS
Step A1. SE2E MC Request
Step A2. MCI Request
Step A3. SE2E MC Response
Step A4. Verification by CA of MSC
Step A5. SMC Key Generation
Step A6. SMC Key Distribution
Step A7. Verification
and SMC Key
Recover y for Client iu Step A7. Verification
and SMC Key Recovery
for Client ju Client iu Client ju CA server of MCS
Acknowledge or reject,
()siPU i uE PW || ID ()s i PUiuE PW || ID
()s j PK j uE PW || ID
()sPRj jD PW PW =
Verify the Identity and
dAcknowledge or
reject, ()j PU j uE PW ||ID ()sPR i iD PW PW =
Verify the Identity and password
477