Carnegie-Mellon introduces SafeSlinger, public key IM encryption for smartphones

SafeSlinger makes sending secure messages easy. Just keep your passphrase a secret, and only you and the other party can read messages. Messages cannot be read by your cellular carrier, Internet-provider, employer, or anyone else.

SafeSlinger is the result of research at Carnegie Mellon’s CyLab that resolves a specific security problem. The problem: How can we start a trusted relationship between people, on the fly, without people having sophisticated knowledge of security protocols?

Users regularly experience a crisis of confidence on the Internet. Is that email truly originating from the claimed individual? Is that Facebook invitation indeed from that person or is it a fake page set up by an impersonator? These doubts are usually resolved through a leap of faith, expressing the desperation of users.

To establish a secure basis for Internet communication, we have implemented SafeSlinger, a system leveraging the proliferation of smartphones to enable people to securely and privately exchange their public keys. Through the exchanged authentic public key, SafeSlinger establishes a secure channel offering secrecy and authenticity, which we use to support secure messaging and file exchange. Essentially, we support an abstraction to safely “sling” information from one device to another. SafeSlinger also provides an API for importing applications’ public keys into a user’s contact information. By slinging entire contact entries to others, we support secure introductions, as the contact entry includes the SafeSlinger public keys as well as other public keys that were imported. As a result, SafeSlinger provides an easy-to-use and understand approach for trust establishment among people.




Video + remainder of article: http://www.cylab.cmu.edu/safeslinger/