March 12, 2012
CyLab researchers have developed and released a new smartphone app to provide users with a free and easy to use means for secure messaging and file transfer.
With SafeSlinger, a user can establish secure communications directly with trusted individuals and groups in ten seconds, with nothing more than the smartphone in their hand.
Adrian Perrig, CyLab’s Technical Director, provides some vital context on SafeSlinger and the urgent need it addresses.
“We increasingly lose control over our data. Especially on-line web sites have recently increasingly aggregated our information to provide targeted advertising. As a user, we have very little control over data we exchange, as even email or SMS messages are stored on several intermediate servers potentially forever. With SafeSlinger, users can gain control over their exchanged information through end-to-end encryption, preventing intermediate servers or service providers from reading the plain text information. I am personally using SafeSlinger whenever possible, it feels good to be in control over your own information.”
SafeSlinger’s sophisticated security design includes a complex protocol, which incorporates elements of several cryptographic schemes and factors in the thwarting of numerous types of attacks and challenges.
SafeSlinger is the first complete system that provides a secure group credential exchange, which is also privacy-preserving (i.e., no external party can learn any of the exchanged information); it is also the first group credential exchange system that can be used remotely over the telephone or video-conferencing line. Perhaps the most impressive feature of SafeSlinger is that it provides secure communications and file transfer even if the servers involved are malicious.
Nevertheless, SafeSlinger is simple and easy to use. Although achieving its ambitious security properties requires a complex protocol, all cryptographic operations and checks are performed without the users’ involvement. To establish secure communications, users simply perform an initial five-step process, which tests indicate can be completed in approximately ten seconds.
SafeSlinger runs on a central server and multiple smartphone platforms. The client application is written for Android 2.1, in Java, and for Apple iOS 3.0, in Objective-C. The server application is written for the Google App Engine platform, in Python.
As CyLab researcher programmer Michael Farb explains, SafeSlinger builds on CyLab's earlier work for KeySlinger.
"SafeSlinger is an applied use of the secure data exchange mechanism offered in KeySlinger. SafeSlinger now generates a key, the public portion of which can be exchanged with another user; and these exchanged keys enable users to send secure text messages and files to each other."
Farb also articulates the difference between SafeSlinger and the popular contact exchange app Bump.
"One way SafeSlinger differs from Bump is that multiple retries are avoided by users explicitly matching data, rather than allowing a server to match users; another way is that SafeSlinger avoids use of your accelerometer and location data (use of location data can be an invasion of piracy). Also, unlike Bump, Safeslinger can be used either remotely or in person, and it can be used by multiple users, not just two."
Through free multi-platform applications available on smartphone markets, as well as open documentation and open-source code, Perrig, Farb, et al anticipate wide adoption of SafeSlinger. And assuming wide adoption, they hope to provide usable and secure communication for the masses, and a security platform that will enable numerous security services and applications.
Visit the instructions page for step-by-step directions on how to use SafeSlinger.
See all CyLab News articles