This document analyzes end-to-end security in instant messaging applications, discussing network architectures, technical challenges, and legal/social implications. It examines popular applications such as Skype, WhatsApp, Telegram, and TextSecure, highlighting their security features and vulnerabilities. Furthermore, the document addresses challenges related to user privacy, usability, and varying international regulations that impact effective communication across borders.

1. End-to-End Security in Instant Messaging Applications*
Alemnew Asrese, Evgeniya Broshevan, Ana-Maria Ghiran, Chaminda Alocious, Andrea Melis,
Robert Annessi, Ignacio Cofone, Mika Helsingius, Francisco Grajales, Juan Brenes
Index Terms— End-to-End Security, Communication, Pri-
vacy, Instant Messaging
I. INTRODUCTION
In this abstract, we analyze the state of the art of end-to-
end security Instant Messaging applications. This includes
the applications’ network architectures, current and future
challenges, and potential legal and social impact. In the next
section the problem statement is stated, followed by the state
of the art in section III; in section IV the technical challenges
are described. This abstract is concluded by social and legal
challenges in section V.
II. PROBLEM STATEMENT
In general, Instant Messaging refers to systems for ex-
changing typed electronic messages instantly via the Internet
or cellular networks, using software applications on personal
computers or mobile devices. Since the dawn of the Internet
the possibility to send messages in real-time free of charge
has been one of its most popular features. This demand has
increased steadily from the first emails over IRC channels to
the rise of the smartphones age.
In this abstract we focus on end-to-end security of Instant
Messaging applications. End-to-end security is a digital
communication’s paradigm that refers to the uninterrupted
protection of the communication between two parties. Un-
interrupted protection means that no one but the two com-
municating parties must be able to read the plain text data,
especially no third party intercepting the communication.
The end-to-end security paradigm guarantees confidentiality
of the conversation; the only task left to the client is to
securely exchange and store their encryption keys.
In recent years, users have become more and more con-
cerned about the security and privacy of their communi-
cations. Several online services, including social networks,
have recently taken steps towards becoming more privacy-
safe. Studies such as [1] show that an increasing number
of users are becoming familiar with opt-in features, which
have the goal of respecting the principles of confidentiality
and integrity in end-to-end communications.
The newly introduced privacy features are not just re-
sult of technical evolution, but a clear response to users’
demands. Users now have higher security requirements,
not only because of recent events revealing vulnerabilities
like Heartbleed or Shellshock have increased the awareness
of user privacy. Even more, events such as as the NSA
* This work is the result of the Cyber Security Summer School’s Group 3
(Tallinn, July 2015).
scandal have put privacy and security in the focus for Instant
Messaging as well.
III. STATE OF THE ART
Focusing on network architecture, cryptographic methods,
and code audits[1], we have analyzed four very popular [2],
state-of-the-art Instant Messaging applications:
• Skype: Originally, Skype featured a hybrid of dis-
tributed peer-to-peer and client-server architecture; in
the very beginning, this was also reflected by its name:
”Sky peer-to-peer”. Skype’s user directory is decen-
tralized and distributed among the supernodes in the
network. Each client maintains a host cache with the
IP addresses and port numbers of reachable supern-
odes. Skype uses RSA for key negotiation and AES
for encrypting communications. As one of the main
privacy issues, the company has long provided com-
munications data to government authorities in response
to court orders. Such data includes registration details,
IP addresses, and call history (including normal tele-
phone numbers) and duration. According to documents
leaked by Edward Snowden, NSA agents have been
successfully listening to Skype. Skype has always been
proprietary, closed-source software. As such, it is only
through indirect means that the information security
community discovered some of its vulnerabilities. Even
today it remains a closed network, which keeps out
plugins that could use its network to communicate in
an end-to-end encrypted fashion.
• WhatsApp: WhatsApp does not store any messages on
servers; the entire chat history is stored on the client’s
device. Although client application uses SSL to encrypt
connections to the server, a recent blog post discussed
the deployment of SSL version 2, which might open up
WhatsApp to certain attacks. Currently, there is no end-
to-end encryption providing security of chat messages
between sender and receiver and, therefore, intermediate
servers can read any exchanged messages. Main prob-
lems with WhatsApp security: communications are not
encrypted with a key the provider doesn’t have access
to, users can’t verify contacts’ identities, past messages
are not secure if the encryption keys are stolen, the
code is not open to independent review, and the security
design is not properly documented.
• Telegram (Secret Chat): Telegram accounts are tied
to the phone number of the user possessing the phone
with that number; this is verified with a code sent by
SMS or phone call to that phone. In Telegram, so-called

2. secret chats are neither logged nor stored on servers
and use end-to-end encryption. In this way, only the
communicating parties of a secret chat know the content
of messages via secret chats. For this reasons, secret
chats are not available in the cloud and can only be
accessed from the device they were sent to or from.
The major feature of secret chats in Telegram is self-
destructible messages which are sent client-to-client and
are deleted automatically after some time, leaving no
trace of the conversation.
• TextSecure: TextSecure enables the secure transmission
of instant messages, group messages, attachments and
media messages to other TextSecure users. Users can
independently verify the identity of their correspondents
by comparing key fingerprints out-of-band or by scan-
ning QR codes in person. Messages sent via TextSecure
are end-to-end encrypted. No contact information is
stored on the servers. The keys that are used to encrypt
messages are stored on device alone, and they are
protected by an additional layer of encryption if the
passphrase has been enabled.
IV. TECHNICAL CHALLENGES
The general architecture of a secure Instant Messaging
application is composed of four modules: the client (chat)
module, the transceiver module, the security module, and
the routing module. The client module is the module that
interacts with the user and basically allows to read or write
messages. The transceiver module consists of a sending
and receiving part. The routing module is responsible to
receive the message from the sender and to assign the right
destination IP address. The security module is the compo-
nent that handles encryption and decryption of messages.
The encryption phase prevents unauthorized access to the
message from the network. While at the decryption phase
the the encrypted message is converted back again to plain
text.
In this architecture, several requirements must be satisfied
in order to achieve end-to-end security:
• Confidentiality: The property that information is not
made available or disclosed to an unauthorized third
party. [4]
• Integrity: Ensures the a message is not (intentionally
or unintentionally) altered during transmission.
• Authentication: The capability of identifying the origin
of a message.
• (Non-)repudiation: Non-repudiation means to ensure
that a transferred message has been sent and received
by the parties who claim to have sent and received the
message. It is a way to guarantee that the sender of a
message cannot later deny having sent the message and
that the recipient cannot deny having received it.
• Forgeability: The possibility that not every message
could be sent, that means the ability to classify messages
based on the content
The fundamental phases of a good end-to-end security
communication are authentication and key exchange. [3]
A. Authentication
Neither password-based authentication nor certificate-
based authentication address security issues related to phys-
ical access to individual devices or passwords. Public-key
cryptography can only verify that a private key used for a
signature corresponds to the public key in a certificate. It
is the user’s responsibility to protect a machine’s physical
security and to keep the private-key or password secret.
B. Key Exchange
The key exchange process should be secure, seamless, and
support offline chat; When using a symmetric encryption
scheme, all communicating parties must agree on a shared
secret and use this to encrypt messages.
V. LEGAL AND SOCIAL CHALLENGES
Regarding legal aspects, the aims of the Data Protection
Directive (Directive 95/46/EC), which is the basis of Euro-
pean data protection law, are in line with these technical de-
velopments. Particularly, article 16 of the directive highlights
the importance of confidentiality in communications, and
its article 17 aims to ensure their security. Despite the fact
that some governmental agencies do interfere with private
communications, there are no obstacles in data protection
law to enhance its security.
A possible legal challenge for these developments is the
harmonization of the regulation of Internet. Instant Messag-
ing is necessarily transnational, and the differences in how
countries treat it might create problems for its functioning
across borders. For example, the European Union only
allows data from European users to be sent to countries
that are ”pre-approved” as having sufficient data protection.
Although this provision is largely ignored, if it was enforced
it would prevent European users to communicate via Instant
Messaging applications with users in those countries that are
not approved. An alignment of regulations among countries
would be desirable in order to adhere to a common agreement
regarding how traffic data (as well as log messages) will be
collected and archived, and ideally also how data can be used
as digital evidence and in which ways users can utilize the
applications.
From a social perspective, the main challenges faced are
usability and user-friendliness. Several features that increase
confidentiality and security, for example the use of multi-
ple passwords, or the repeated requests to enter the same
password, reduce user-friendliness and therefore discourage
the use of the application. One of the main reasons to
stop using applications is lack of user friendliness. This
issue is coupled with the lack of awareness of most of the
user base of what makes an application secure; the lack of
visibility of security features for users could lead to their
undervaluation. USer education is a possible way to approach
this. In any case, a successful application will need to balance
the visible issue of user-friendliness with the less visible
issue of confidentiality and security in order to succeed in
the market.

3. REFERENCES
[1] Secure Messaging Scorecard. [Online]. Available:
https://www.eff.org/secure-messaging-scorecard
[2] Leading social networks worldwide as of March 2015, ranked
by number of active users (in millions). [Online]. Available:
http://www.statista.com/statistics/272014/global-social-networks-
ranked-by-number-of-users
[3] Raja Neem Akram and Ryan K. Ko, ”End-to-End Secure and Privacy
Preserving Mobile Chat Application” in Proceedings of the 8th IFIP
WG 11.2 International Workshop on Information Security Theory and
Practice. Securing the Internet of Things, pp. 124-139, 2014
[4] ISO/IEC 27000, 2014