Towards the Removal of Identification and Authentication Authority from IM Systems

Document Type

Conference Proceeding

Source of Publication

2024 8th Cyber Security in Networking Conference (CSNet)

Publication Date

12-6-2024

Abstract

In recent years, the rise of Instant Messaging (IM) platforms has underscored the need for secure authentication and encryption mechanisms. While encryption challenges have been addressed by protocols like Signal, public key authentication re-mains problematic due to centralized infrastructure, trust issues, and user misunderstanding of End-to-End Encryption (E2EE). This paper introduces a decentralized framework for public key authentication in IM services, based on the Trust over IP (ToIP) model. Our framework utilizes Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) to manage public keys outside the control of IM providers, eliminating their role as artificial identification and authentication authorities. By shifting control to decentralized, transparent systems, the proposed framework enhances user privacy, security, and autonomy. It also aligns with regulatory standards like the Digital Markets Act (DMA) and the Electronic Identification, Authentication, and Trust Services (eIDAS), fostering compliance and interoperability.

ISBN

979-8-3315-3410-3

Publisher

IEEE

Volume

00

First Page

243

Last Page

247

Disciplines

Computer Sciences

Keywords

Decentralized Identification, Public Key Authentication, Instant Messaging, Trust over IP, User Privacy

Indexed in Scopus

no

Open Access

no

Link to Full Text

Share

COinS