Efficient Data Security for Mobile Instant Messenger

Instant Messenger (IM) becomes one of the most popular applications in mobile technology and communication. A lot of users around the world installed it for daily activities. Current IM found security lacks both in authentication and encryption matters. Various IM growing today still not apply an efficient method in authentication and encryption process, conventional security methods and client-server architecture system have to risk too many users for attacking server such as compromising, cracking password or PINs by Unauthorized people. Common IM services lack native encryption to protect information being transmitted over the public network and still used high computation in the mobile environment, this problem needs efficient security methods. Then, in public IM also found various messages with fake users, it occurs because public IM carry out the separate system in authentication and encryption process, strong authentication need to solve this issue in messenger environment. The tremendous growth of mobile IM user needs efficient and secure communication way. This paper proposes a new efficient method for securing message both in encryption and authentication within the end-to-end model. In this research, security method proposes new algorithms based on Elliptic Curve (EC) works in Peer to Peer (P2P) architecture than a conventional client-server model. The result shows this method produces efficient time in authentication and encryption process while applying in a mobile environment. Besides, it is compatible with the mobile phone which has a limitation of computation capabilities and resources.

Various IM growing today still not apply the efficient method in authentication and encryption process, conventional security methods and client-server architecture system have a risk to many users for attacking server such as compromising, cracking password or leakage of PINs. Unauthorized people may able to crack the simple passwords and build attack on it, PINs leakage issue not only in mobile devices but in wearable devices [7]. several studies have tried to solve the problems with conventional public-key cryptography (PKC) implemented to give user authentication [18], model of the ranking algorithm using a transitional Bayesian inference model [8] But solving that issue with PKC architecture is not strong enough while implemented in a client-server model with vast users. As we know, public-key computations need large memory and long time enough, for this problem algorithm choice become a solution to alleviate computation overhead. Computational overhead is one of the main concerns for the public key model. So that in this paper we propose a method to solve the problem of computational overhead. Currently, most of IM doesn't implement an efficient method for securing data while transmitting via a public network. Therefore a novel approach needed in data security by digital signature and encryption method which have good security level, low computational, fastly encryption.
Therefore, this paper proposes a novel approach focused on the efficient method in securing message both in encryption and authentication within the end-to-end model. In this research, security method proposes new algorithms based on Elliptic Curve (EC) scheme with the specific curve. This model computed within the specific curve, with prime selected p-256 for achieving efficient computation. This model is Peer to Peer (P2P) architecture than using conventional client-server model. In this method, end-to-end authentication phase will make each of data become validated among users. Then, encryption process uses to achieve data privacy simultaneously. This is a novel approach with Curve computing concept in securing mobile communication environment

Related Work
Several ways to secure instant messaging based on A research in 2011, a paper proposed a secure module for the instant messaging which adds other "secure module" and apply a hash algorithm to secure the path in transceiver and routing modules. On the paper, the hash algorithm is helping secure network conversation and it will result in a private environment data transmitting along sender and receiver in IM message. While sending, the application disguises the text in the network that a process it protected toward the attackers. It will secure the system.
In this approach, a secure architecture divided into four modules; chat module, transceiver module, secure module, and a routing module. In this research, secure module applied the hash algorithm. The main function of the hash algorithm is to convert into a hash value. Purpose of encryption is to make sure unauthorized person cannot view the original data or information through the network. IM application in securing IM has developed and tested [9].
Another authentication for security method called group authentication, which authenticates all users on a line. It is particular design to support applications with group oriented. Propose a special type of authentication, called group authentication which designed for group-oriented applications. The proposed method is no longer a one-to-one type of authentication but in this approach, it is a many-to-many type of authentication. Group authentication can authenticate multiple users [10].
Besides, authentication agent needs to secure data on the internet, it like the system designed for e-Shopping. In its model, an agent creates connectivity anytime, anywhere, anydevice-basis in providing the customer the specific goods. But Internet being heterogeneous and nonsecure medium; privacy, authenticity, integrity, and non-repudiation are the key requirements to addressed by such systems where face to face interaction is impossible. Most of the systems don't provide the required level of security service so that many problems exist in the systems like denying, losing, misusing, stealing double spending etc. This approach address all the security service problems to an e-shopping system using Elliptic Curve Cryptosystem (ECC) [11].

Mobile Security Overview
Nowadays, various methods have proposed for securing mobile internet from threats, such as by Business Diversification, Platform Diverse, Terminal Security etc. [12]. Terminal security is a problem that solved in mobile Internet and is also the most concerned by users. Mobile internet terminal securities mean includes the traditional terminal protection, mobile terminal security management, terminal access control and other [13].
IM is one of the most important applications in Mobile Internet. Based on a review of several papers, the most popular IM products: Skype Messenger, Facebook Instant Messenger, Yahoo Messenger, Google Talk Instant Messenger, eBuddy, Whatsapps instant messaging and SimpPro are still vulnerable to security violations. They allow users to transfer clear text in chat sessions that risk in IM communication, it will give an opportunity eavesdropper for changing a message. Some IM application still sends the message to sender and receiver over the internet in a plaintext. The following table will show format of the text while transmitting. The table shows how to risk the message that sends over the internet [14]. Based on the paper, vulnerable aspect can cause a program to sniff and change the packet that sends via public networks. As we know, the main concept of security defined that s Confidentiality: How an information still in secrecy while transmitting over a network. Authentication will ensure that the people using the application which sending a message are the authorized users of that system. Then, Non-Repudiation systems able to ensures that neither sender nor the receiver can deny communication while they exchange a message [15].

Our Approach
There are possibilities of making the algorithm more efficient and secure in a public-key cryptosystem. Elliptic Curve Cryptography has become one of the latest trends in the field of public-key cryptography. EC Cryptography promises a faster and more secure method of encryption compared to any other standard public-key cryptosystem. Elliptic curve widely used in security, various aspect successfully applied this algorithm for achieving high-level security such as internet protocol, image processing until securing service for Session Initiation Protocol [16].
One of the methods which used to authenticate message while transmitting via the public internet is Digital Signature. It can use to help authenticate the HTML script, message text etc. Digital signatures can help build secure and efficient internet application. Wider adoption of digital signatures would be possible to make the method for securing IM message while running a chat in a session efficiently [17].

Security model
While many methods have proposed in client-server communication architecture, in this paper, we use two schemas for securing IM data in Peer to Peer architecture, authentication, and cryptography process. Authentication ensures that the people using the application which sent a message to authorized people [15]. Cryptography use to create a random text for avoiding unauthorized people compromise data while transmitting over the internet.
This study will use Elliptic Curve concept for designing authentication and cryptography algorithm efficiently. This model, each user generates a key pair with specific algorithms before initiating a communication between them. Generating process produces private key and public key, the key is a key air which used along with a communication session. The key pair will be erased after communicating finished completely.

Authentic process
Each of user will own a key pair consists of a private key and public key. The private key will be saved for signing and decrypting message while public key used for verifying and encrypting the message. In the authentication process, each user sent a public key by peer to peer communication, this model may able to fasten keys transaction between them.
Authentication process will use a key pair. The key pair own private key and public key, the private key will sign the message (M) while sending a message over the internet and the public key will verify the message. In this process, generating key pair session will apply Elliptic Curve concept in that algorithm.

Crypto process
Crypto process is an encryption and decryption process which will use to change plaintext into ciphertext, this process will get the key pair that generated. Key pair includes a private key and public key, receiver's public key will encrypt the message (M) and receiver's private key will decrypt a ciphertext.
At the sender, for instance, Alice, the private key will sign M message and M has to add a hash function as a message digest. Combination of hash value and sign will produce Message signature (S). S as a secure message will be exchanged via the public internet. An example, Bob is M receiver. When the receiver gets M in the application, Alice's Public key will verify M message. It will use a hash function for comparing the M value. If the value is compatible, so S is a valid Message from Alice and vice-versa. This cryptography will result in communication of IM be fastly and fulfill the level of security. The proposed model illustrated in Figure 1. When Alice wants to make a chat with Bob, Alice will send a message (M). While M message sends to Bob, ECC schema will encrypt it become ciphertext and generate its signature. Bob will decrypt the ciphertext with his private key and verify the signature with the public key of Alice. Since the Bob knows Alice's public key, it can verify whether Alice sends the message indeed. In this paper, each data exchange use key pair per session used for a session data transaction in mobile IM system. Key pair will guard user along a session information transaction after a session is finished, the system will automatically delete the key pair so that other session cannot use to sign or encrypt a message when they start another session.

Designed algorithms
In this paper, we make several algorithms to reach efficient security for data transaction in mobile IM. Two types algorithms in our model, encryption-decryption algorithm and signature algorithm. Then, when the receiver wants to read the original message, he will use decryption process. Decryption process will use the following algorithm. While sending a message, a user will sign it with ECC algorithm to give authentication. Signing process will use the following algorithm. After receiving a signature message, the receiver will verify it with public key based on ECC algorithm to check the validation of signature. Verifying process will use the following algorithm. Each of user will always run two processes when exchange messages each other. The process includes Authentic process and crypto process. The authentic process steps to sign or verify the message and crypto process is a step when user will encrypt or decrypt the message in a data exchange. To reach efficient message security in mobile IM, we use several parameters in ECC algorithm. The mobile device hasn't a good resource for running heavy computation for all security. So that, in this paper we make ECC algorithm to give good level security aspect and low-level computation overhead in a mobile device.

Result
This paper will show the efficient level of above algorithm to give security in mobile IM. there are three indicators that will use to test efficient level include computation time, ciphertext length and signature length. To measure the efficient levels, testing uses more specification in the android emulator with different resources. Encryption time is period for converting a plaintext into ciphertext and Decryption time is vice versa. Encryption process uses a various length of key based ECC parameters. The result of encryption and decryption show in Figure 2. Figure 2 shows the difference of time which uses to encryption and decryption with various os key length. In this research, as more little time in running the process, as more efficient the key length. The result of this testing shows that key lengths which 224 and 256-bit size is the most effective than another size of key length. On the other hand, time of signing process uses to give a signature and verification of a message. In the testing report, this study produced different time with various of key length. Using of Elliptic Curve in this process has produced efficient time and resource computation, Elliptic Curve concept with key length 224 and 256 bit own good level of signing and verifying process. Therefore, these key size is preferable for implementing in mobile IM. Another aspect of the testing part is the signature length of the message. It is the random character of a message after hash processing finished. Signature length will affect the use of internal memory in the mobile device. The result of signature length shown in Figure 3.  Figure 3 describes that the length of digital signature affected by key length used in the signing of the message. Testing result show as more key length used to sign the message, as more length of a digital signature of that message. Based on above testing, key length with 256 bit which produces 72 bit of digital signature is the most preferable in mobile IM to reach both efficient security and good strength.

Analysis
In this research, we propose a secure communication model with Elliptic Curve concept with both authentication message and encryption-decryption process while exchange data over the public internet. In the first step, one of the most important aspects of security called authentication where an entity should be identified before or during the communication. This avoids any type of attack or malicious activity by which a malicious user and identifies himself as the real user while communication occurs. This study use designed algorithm based on Elliptic Curve basic within formula Algorithm build based on various parameter in NIST recommendation prime curves includes p-256, and value of while is the size of the underlying field, therefore new equation for designing algorithm with new curve ( ): This model computed within the above curve, with prime selected p-256 based on NIST recommendation curve [24]. This curve is used to achieve fast and secure implementations of Digital Signature for the curve P-256, providing 128-bits of security, on low-cost and low-power when testing in available hardware. The curve used to compute key generation and encryption process, generation is an important phase that generates a key pair in a communication session. The sender will be encrypting the message with receiver's public key and the receiver will decrypt the message with the private key in the same curve. This is a novel approach to securing mobile communication environment. This application runs in peer-to-peer architecture chat so that the message will be more private than client-server architecture. Then, this method will update key pair (public key and private key) of each user when they want to build a session chat in the IM environment.

Peer to peer secure chat
Security in mobile IM message will be held between sender and receiver using the designed algorithm. Peer to Peer architecture more precise and fast in IM environment, then it may able to elevate the level of data privacy for users.
In this architecture, each of session generate a key pair consist of public key and private key that used by sender and receiver, environment will delete the key pair when a communication session finished completely, the key pair will only valid for one session, when sender or receiver isn't active, the key pair will be deleted so that unauthorized people can't use the key pair. The schema avoids unauthorized people to compromise the data.

Efficient security with curve computing
In this research, using of Elliptic Curve concept for designing new algorithm in mobile IM has more advantage such as shorter key size, less computational overhead, less memory space. Based on the study, mobile devices consumed less power in running security process both in authentication and encryption process. In another hand, Elliptic Curve is known as for high-security level. it is easy to implement both in hardware and software. Since EC has enormous feature for providing security and high-efficiency application. Designing specific algorithms for mobile IM have achieved efficient computation and good security level.
This study uses a curve computing in building the security algorithm and this is a novel approach in mobile IM security. Based on our result, implementation of Elliptic Curve in mobile IM produced efficient time with using little resources in running the security process like to run encryption-decryption and to generate a digital signature. In another hand, this research uses designed algorithms that show the effective result in generating and confirm the sign so that it can cut the power in computation and it is very compatible when applying in a current mobile device that owns limit hardware resources. Many researchers put his effort to develop cryptographic algorithm and protocol based on Elliptic Curve. This feature makes ECC very popular among the many cryptographic systems.

Comparison Result
Various research conducted in IM security and algorithms before, those papers proposed securing data or communication architecture in IM environment. Yusof et al. proposed a secure architecture divided into four modules; chat module, transceiver module, secure module, and a routing module. In this research, secure module applied the hash algorithm. The main function of the hash algorithm is to convert into a hash value. Purpose of encryption is to make sure unauthorized person cannot view the original data or information through the network. IM application for securing IM has developed and tested for security analysis [19].
Marc et al proposed a simple security mechanism to protect Peer to Peer applications against various of vulnerabilities when transmitting over the public network. The protocol overhead tested to assess its impact on device performance, an important requisite on limited devices. This method implemented the modifications of the JXME protocols to solve the most glaring vulnerabilities, providing basic protection against simple spoofing and replay attacks in the network [20][21].
A model of work proposed a security framework based on JXTA architecture The main features of the in this work include a modular approach which may cater to set of scenarios, an effective secure key distribution and a hybrid authenticity scheme which balances the need for important information at end-user level and simplicity at the lower middleware layers. This model designed in Peer to Peer application, design focused on scalability or overall performance issues [22]. Each of study produced different overhead in computing process, overhead consist of cryptography time and overall time used in computation process. Overhead in this research formulated by: Various research in securing Peer to Peer communication especially in IM environment has been conducted. Based on above formula, more different overhead in computing process shown in Table 2: Our study with designed algorithms based on Elliptic Curve concept produced more efficient result both in authentication and cryptography process. Curve Computing are possibilities of making the algorithm more efficient and secure in public-key cryptosystem and promises a faster and more secure method of encryption.
In another hand, an experiment conducted in Windows and Linux environment for analyzing Elliptic Curve Cryptosystem (ECC) as an asymmetric block cipher algorithm and a set of symmetric block cipher algorithms namely Triple  In this study, Elliptic Curve Cryptosystem (ECC) as an asymmetric block cipher algorithm and three symmetric block ciphers: Triple-DES, AES, and Blowfish were presented. This experiment runs in Java environment with Cryptography Architecture (JCA) and Java Cryptography Extension (JCE). Based on CPU execution time, ECC outperform the other three algorithms in all tests and under the computing environment [23].

Conclusion and Future Work
Common mobile IM services lack native encryption to protect information being transmitted over the public network and still used high computation, this problem should be addressed with efficient security methods. In this study, we propose an efficient method with Elliptic Curve concept. It has designed new algorithm with designed Curve for building security model in mobile IM environment. Security model based on Elliptic Curve (EC) works in Peer to Peer (P2P) architecture rather than a conventional client-server model. In this method, end-toend authentication phase will make each of data become validated among users. Then, encryption process uses to achieve data privacy between them.
The result shows this method produces efficient time in authentication and encryption process while applying in a mobile environment. This paper recommends Elliptic Curve for using . It has produced efficient in time to each of security process include generating key, signing, verifying, encryption and decryption. Therefore, this security method suitable to mobile IM environment. Besides, EC algorithm outperform others cryptography algorithms both symmetric and asymmetric block cipher algorithms. Besides, it is compatible with a mobile phone which has the limitation of computation capabilities and resources. This research still testing in text format, so that it next time probably will use other data format. Then, to increase authentication level, it needs to add SHA-3 (Keccak) algorithm in Elliptic Curve Cryptography.