Carnegie Mellon University CyLab researchers have developed a free smartphone app for iOS and Android users to safely exchange identity data without risk of theft, deception and fraud.
“SafeSlinger provides you with the confidence that the person you are communicating with is actually the person they have represented themselves to be,” said Michael W. Farb, a research programmer at Carnegie Mellon CyLab. “The most important feature is that SafeSlinger provides secure messaging and file transfer without trusting the phone company or any device other than my own smartphone.”
As more and more consumers access the Internet from an ever-expanding pool of mobile devices, including cellphones and tablets, threats such as eavesdropping and impersonation continue to become more frequent and increasingly sophisticated. Spammers use impersonation to seduce a victim into trusting a message, and widespread eavesdropping and information disclosure is a risk especially when hackers can capture stored information.
“With SafeSlinger users can gain control over their exchanged information through end-to-end encryption, preventing intermediate servers or service providers from reading their messages or other personal information that is exchanged,” said Adrian Perrig, a professor at ETH in Switzerland.
Yue-Hsun Lin, a CMU CyLab researcher and part of the SafeSlinger team, said many mobile messenger apps still use unencrypted and even unauthorized messages for their communication. Adversaries can easily wiretap or hijack any communication between those insecure apps. “SafeSlinger protects message secrecy and authenticity against network threats through modern cryptography, but still keeps a simple user experience like today’s messenger apps,” Lin said.
CMU CyLab researchers report that SafeSlinger’s user-centric security design includes an advanced protocol, which incorporates elements of several cryptographic schemes and factors in the prevention of numerous types of attacks.
“The details of the cryptographic schemes are complicated, however our user-centric design does not require user awareness, and with minimal user interaction the benefits of SafeSlinger are amplified when several users wish to set up a secure communication channel,” said Tiffany Hyun-Jin Kim, a CyLab systems scientist who is a member of the SafeSlinger team. “Moreover, SafeSlinger’s easy-to-use interface brings cryptography and secure communication to non-expert users, but also achieving military-grade security against hackers,” Kim said.