Editing Encrypted Messages Without Decrypting Nor Understanding Them

Abstract

Many scientific disquisitions have proposed methods of maintaining IT (Information Technology) security for the processing of sensitive data in outsourced, untrusted, or semi-trusted domains by the means of blind computing. Blind computing in essence dictates that an application processes ciphertext data without a need to decipher the input, output, and/or intermediate results. This approach serves to prevent unscrupulous data mining by those with malicious intent. Despite a wealth of scholarly publications on the matter of blind computing, the problem has not been comprehensively solved in the scenario where a messaging platform in an untrusted environment blindly processes messages in transit. Consider, for example, an IM (Instant Messaging) application tailored for use by adolescents who require technical safeguards against cyberbullying and pedophile stalking. A workable solution not only requires the incorporation of a blind computing scheme for filtering, but should also possess the ability to block just offensive message parts rather than the entire message. Currently, concepts how chat and IM filters can incorporate topic detection, and the vast array of material on blind computing have co-existed as two separate streams. A secure IM filter combining both streams has not been engineered or realized to date, nor has a necessary cryptosystem with the ability to securely edit (i.e. detect and delete malicious content within) instant messages. This dissertation fills this gap by elaborating a framework for the blind revision of instant and/or other electronic messages taking IT security into consideration with a sharp focus on authenticity, integrity, privacy, and resilience. In the beginning, it creates a threat model that reproduces the vulnerabilities and resultant attack vectors in the area of IM. Apposite citations of contemporary literature corroborate the contrived threat model as a relevant real-world problem that still needs to be resolved. The construction and evaluation of a practicable solution must rely upon the application of rigorous methods. For this purpose, the exerted design process amalgamates two well-proven IT security concepts to a framework for the blind revision of instant messages. The framework acts as an effectively applicable method against all modeled threats and utilizes available cryptographic means. The clear and verifiable novelty of this framework relates to the fact that it supports both paradigms blacklisting and whitelisting. While blacklisting blindly purges instant messages with blacklisted payload, whitelisting blindly allows instant messages with solely whitelisted payload. Security and performance analyses rigorously evaluate the utility, quality, and efficacy of the framework. Complementarily, applicable examples effectively demonstrate the framework to both technology- as well as management-oriented audiences.