Protecting Instant Messaging Notifications against Physical Attacks: A Novel Instant Messaging Notification Protocol Based on Signal Protocol

Abstract

Over the years, there has been a significant surge in the popularity of instant messaging applications (IMAs). However, the message notification functionality in IMAs exhibits certain limitations. Some IMAs fail to alert users about new messages after their phone restarts unless they unlock the phone. This is a consequence of end-to-end encryption (E2EE) and the app not knowing the message is in the queue until the app decrypts it. This approach using E2EE is used to prevent offline attacks, as the key is unavailable to decrypt the notification messages. In this paper, we introduce a novel design and implementation of a message notification protocol for IMAs based on the Signal protocol. The proposed protocol aims to securely display notifications on a locked device and ensures that cryptographic keys are stored in a location that is isolated from the user’s device to prevent offline attacks. This approach enhances the security of private key storage, safeguarding private keys against various external threats. The innovative design strengthens the off-site key management system, rendering it resilient against offline attacks and mitigating the risk of key compromise. Additionally, the proposed protocol is highly efficient, requiring no specialized hardware for implementation. It offers confidentiality of cryptographic keys and protection against offline attacks, further enhancing the overall security of the system. We evaluate the protocol’s effectiveness by analyzing multiple independent implementations that pass a suite of formal tests via ProVerif.