Towards the Removal of Identification and Authentication Authority from IM Systems
Document Type
Conference Proceeding
Source of Publication
2024 8th Cyber Security in Networking Conference (CSNet)
Publication Date
12-6-2024
Abstract
In recent years, the rise of Instant Messaging (IM) platforms has underscored the need for secure authentication and encryption mechanisms. While encryption challenges have been addressed by protocols like Signal, public key authentication re-mains problematic due to centralized infrastructure, trust issues, and user misunderstanding of End-to-End Encryption (E2EE). This paper introduces a decentralized framework for public key authentication in IM services, based on the Trust over IP (ToIP) model. Our framework utilizes Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) to manage public keys outside the control of IM providers, eliminating their role as artificial identification and authentication authorities. By shifting control to decentralized, transparent systems, the proposed framework enhances user privacy, security, and autonomy. It also aligns with regulatory standards like the Digital Markets Act (DMA) and the Electronic Identification, Authentication, and Trust Services (eIDAS), fostering compliance and interoperability.
DOI Link
ISBN
979-8-3315-3410-3
Publisher
IEEE
Volume
00
First Page
243
Last Page
247
Disciplines
Computer Sciences
Keywords
Decentralized Identification, Public Key Authentication, Instant Messaging, Trust over IP, User Privacy
Recommended Citation
Morales, David A. Cordova; Wazan, Ahmad Samer; Laborde, Romain; Taj, Muhammad Imran; Habbal, Adib; and Gallegos-García, Gina, "Towards the Removal of Identification and Authentication Authority from IM Systems" (2024). All Works. 7231.
https://zuscholars.zu.ac.ae/works/7231
Indexed in Scopus
no
Open Access
no