1234567891011121314151617181920212223242526272829 |
- Usually, asymmetric or a combination of asymmetric and symmetric encryption methods are used for secure message exchange. The advantage of asymmetric encryption methods is that messages can be encrypted with the known public key and then only the owner of the private key can decrypt them. It is not possible to determine the private key from the public key within a reasonable time. However, asymmetric encryption methods are more computationally intensive and therefore more time-consuming than symmetric encryption methods. For this reason, a combination of both methods can be used first to exchange a symmetric key using asymmetric encryption. The asymmetric encryption ensures that only the two parties are aware of the symmetric key, which can then be used for symmetric encryption of the communication.
- Tweets are usually posted publicly on Twitter. Only those who explicitly set their profile to \enquote{private} can decide whom they allow as followers and thus recipients of their tweets. This type of publication and visibility should also apply to private networks. Since it is unclear who is the recipient of a private tweet, it is not possible to encrypt the message with the recipient's public keys.
- The following three requirements apply to encryption:
- \begin{enumerate}
- \item The author is verifiable. It is not possible to distribute tweets on behalf of another user on the P2P network.
- \item A private tweet should have the same visibility to other users as a standard tweet on Twitter.
- \item The service provider (Twitter) must not be able to decrypt private tweets or associate them with a user.
- \end{enumerate}
- Concrete actions can be concluded to meet these requirements:
- \begin{enumerate}
- \item Private tweets must be signed or asymmetrically encrypted so that the author is identifiable.
- \item Distribution of the public key for decryption must take place via the user's profile. The profile is the only place that guarantees that only authorized users can access the key and that the public key belongs to a specific user without any doubt.
- \item The Hybrid OSN application must encrypt the public keys so that Twitter cannot read them and therefore cannot decrypt the private tweets.
- \end{enumerate}
- \subsection{Realization}
- \label{sec:security-relaization}
- In the app settings, an asymmetric key pair can be stored or generated, which is used to encrypt the private tweets. The RSA-OAEP algorithm is used here. Furthermore, by clicking on a particular button, the public key is published. The new key together with the current timestamp is recorded in the public key history of the user and stored in IPFS. Listing \ref{listing:public-key-history} shows an example for the public key history. In JSON format, public key and validity start are stored in an array. The address at which the public key history can be retrieved is posted as a regular tweet in the user's timeline during publication. So that this tweet can be found quickly and easily; the id of this tweet is saved in the profile description of the user.
- \lstinputlisting[label=listing:public-key-history, caption=Public key history in JSON format. The file is symmetrically encrypted before storing on IPFS.]{listings/key-history.json}
- By saving this information on the user's profile, it is ensured that only users who can read the user's regular tweets have access to the user's public keys and hence to his private tweets. The history allows the changing of the key pair and still ensure that older private tweets are still decryptable.
- Since Twitter has access to all the data stored on its servers, it can also find the link to the public key history. Therefore, it is necessary to prevent Twitter from decrypting the private tweets of the user by retrieving the public key history. For this reason, the public key history is additionally encrypted symmetrically with the AES-GCM algorithm. The key is stored in the Hybrid OSN app and therefore unknown to Twitter.
- When writing a new, private tweet, the system checks whether the public key has been published before posting. Only if this is fulfilled, the private tweet will be encrypted with the private key and posted.
|