TRIBHUVAN UNIVERSITY

INSTITUTE OF SCIENCE AND TECHNOLOGY

LUMBINI ICT CAMPUS

End to End Encryption in Instant Messaging

A report submitted for the partial fulfillment of requirements for the degree of Bachelor of
Science in Computer Science and Information System.

Project By:

Aadarsha Paudel (16711/074)

Bibek Shrestha (16718/074)

Prabin Tamang (16733/074)

Sandesh Ghimire (16744/074)

Submitted To:

Lumbini ICT Campus

Gaindakot-2, Nawalpur, Gandaki Province, Nepal

 ACKNOWLEDGEMENT

The report on project entitled "End to End Encryption in Instant Messaging" is made as a
partial fulfillment of degree of Bachelor of Science in Computer Science and Information
System. We are hoping that this project will be beneficial to the concerning bodies.

Last but not the least, we must acknowledge our deep sense of obligations to all those who are
directly or indirectly involved as the guidelines for the preparation and completion of this
report.

Aadarsha Paudel (16711/074)

Bibek Shrestha (16718/074)

Prabin Tamang (16733/074)

Sandesh Ghimire (16744/074)

 ABSTRACT

Encryption plays vital role in modern computer systems to encrypt the messages and data we
use and transfer. End to End encryption is the branch of encryption that focus on providing
direct one on one encryption and decryption procedure for sender and receiver so that no
middle-man can view or alter the messages. This method is fairly new to instant messaging
applications. This project aims at giving an overview of the usage of end-to-end encryption on
instant messaging and its importance in day-to-day life with the help of a project centered
around building an instant messaging services that utilizes end to end encryption. The project
will feature an instant messaging application that will have basic chat functionality with end-
to-end encrypted text message exchange. The application and the server will be built with web
technologies, JavaScript on the frontend using Vue.js and Laravel on the backend.
 TABLE OF CONTENTS
Acknowledgement ..................................................................................................................... 2
Abstract ...................................................................................................................................... 3
List of figures ............................................................................................................................. 5
1. Introduction ............................................................................................................................ 6
2. Background ............................................................................................................................ 7
3. Goals, objectives and scope of the system ............................................................................. 8
3.1 Goals ................................................................................................................................ 8
3.2 Objectives ........................................................................................................................ 8
3.3 Scope ................................................................................................................................ 8
4. Methodology .......................................................................................................................... 9
5. Technology we use .............................................................................................................. 10
6. System design ...................................................................................................................... 11
Primary Phase ...................................................................................................................... 11
Secondary Phase .................................................................................................................. 11
6.1 Feasibility Study ............................................................................................................ 13
6.1.1 Technical feasibility ................................................................................................ 13
6.1.2 Economic Feasibility .............................................................................................. 13
6.1.3 Behavioral Feasibility ............................................................................................. 14
6.1.4 Schedule Feasibility ................................................................................................ 14
3.2 Requirement Analysis .................................................................................................... 14
3.3 System Design ............................................................................................................... 15
7. Task Completed ................................................................................................................... 17
8. Task remaining..................................................................................................................... 19
9. Time Plan ............................................................................................................................. 20
References ................................................................................................................................ 21
 LIST OF FIGURES

Figure 1: Waterfall Model ....................................................................................................... 12

Figure 2: Context Diagram ..................................................................................................... 15

Figure 3: Zero Level DFD ....................................................................................................... 16

Figure 4: Database E-R Diagram ........................................................................................... 16

Figure 5: Authentication (Login) ............................................................................................. 17

Figure 6: Authentication (Register) ......................................................................................... 17

Figure 7: Profile (Update Screen) ........................................................................................... 18

Figure 8: 2FA Support ............................................................................................................. 18

1. INTRODUCTION

End to End encryption can simply be summarized as encryption message at sender and
decryption at receiver side so that no middle man (including the messaging service provider or
ISP) can see the message sent. This technology is widely used in modern messaging
applications such as Telegram, WhatsApp, Signal, Viber, Wire and such.

Traditionally, messages are encrypted on client side with the help of SSL (HTTPS Requests)
and sent to server of messaging service provider such as WhatsApp server, which the server
decrypts into plain text, store in server and forward to receiver after encrypting again with the
help of SSL.

This method enables service providers to see what message you sent easily, thus is not very
privacy friendly. End to End encryption aims to prevent the middle man snooping of messages
by taking encryption and decryption directly to sender to receiver, where the server of service
provider only can view the message in encrypted form and cannot decrypt it.
2. BACKGROUND

End to End Encryption is a long-researched topic that intends to make a way to send message
or any data securely by a sender to receiver and no other party except those two can view it.
Encryption has been around for 4000 years ago in the form of non-standard hieroglyphs carved
into the wall of a tomb from the Old Kingdom of Egypt circa 1900 BC. In the span of those
4000 years, we have evolved encryption and currently now have fairly strong and practical
standards and methodology of encryption using computer system. In early days, encryption
was mainly used to encode messages transmitted during wars so no enemy can read it, now-a-
days encryption sees its usage on data security and message encryption in chat, voice and video
calls.

In the modern days, encryption is mainly used in protecting computer data as well as protecting
messages from user to server. However, end to end encryption is fairly new methodology many
popular messaging applications are starting to adopt which will enable more security and
privacy to user. End to End encryption makes sure that the only sender and receiver has access
to the message and no third party or middleman can intercept so they can read or alter the
message.
3. GOALS, OBJECTIVES AND SCOPE OF THE SYSTEM

3.1 Goals

The main objective of this end-to-end encryption system in instant messaging is to provide
security and privacy to the chat messages sent through the system. This system will enable
users to freely share their mind without worrying about anyone else looking their chat
messages.

3.2 Objectives

In this project, we will take a look at how the end-to-end encryption works as build a usable
application that utilizes this concept for secure and privacy friendly messaging service. The
main objectives of this project can be listed as follows:

1. Explore the options in encryption methods and standards

2. Create a basic functional chat application.
3. Implement end to end encryption to the chat application.
4. Explore the usage, benefits and limitations of end-to-end encryption.

3.3 Scope

Chat: The main module of the project which will have basic chat functionality of just sending
messages. It will be built with extensibility on mind as it can be further expanded to include
stickers, emoji as well as images and files.

Accounts: This module will register new users as well as validate existing user’s login.

API Endpoints: This will enable us as well as anyone interested to create a client for desktop,
mobile as well as web with ease.

Encryption and Decryption: A separate module is required to encrypt the message and
decrypt it. It has to be fast as not to hinder the conversation flow and secure enough so that
other party cannot easily crack the encryption.
4. METHODOLOGY

While creating an application that will feature end to end encryption of messages sent and
received is the output of our project, the main goal is to research the possibility of various
encryption standards, their usage, limitations and explore how other chat applications provide
their end-to-end encryption services. Here in order to fulfill the goal we will research on the
topics related to encryption, encryption standards and how others have implemented end to end
encryption to their system. However, we also aim to provide a sample output of our project, to
create a basic chat application that will have end to end encryption used.

To create the application, we decided to use modern web technologies (JavaScript ES6) which
will enable us to create an application that will run fast on all platform we intend to target
(desktop and mobile). To generate ideas on how our application will look and behave we will
perform review on following questions:

1. What will the basic user interface look like?

2. What user we intend to focus for the application?
3. Which features should be added and which can be discarded if our target audience will
not make use of it?
4. What requirements are most for the system?

These reviews will help us deliver the output quickly as we intend to focus more on research
on the topic of encryption.
5. TECHNOLOGY WE USE

HTML and CSS: They are the building block for any web-based application as there are no
alternatives to them. HTML or Hyper Text Markup Language provides skeleton structure for
our web application interface where CSS or Cascading Style Sheet will provide look and feel
(design) to the HTML structure.

JavaScript: JavaScript is a web-based programming language that was originally intended to

run on browser on client side. However, over the years, technology improvements made
possible that we can use JavaScript on both frontend (client-side) as well as backend (server-
side). While its possible, we intend to use Laravel for backend as it is more mature and versatile.

Node.js: Node.js is JavaScript engine that will allow us to run JavaScript on server side. It is
built on top of Chrome’s V8 engine which parses JavaScript on Google Chrome and other
chromium-based browsers. We intend it to use for compiling our Vue.js code into mobile
application and desktop frontend.

MySQL: To authenticate users and temporarily store the data received, we intend to use
MySQL for database. MySQL is easy to use open source

Vue.js: For developing web app that handles dynamic content, we intend to use Vue.js for
frontend framework as it is easy to learn and use while having same features as other
alternatives such as React or Angular.

Laravel: Laravel is a PHP framework that is versatile, easy to use and secure by default. It
provides with great boilerplate as well as many other advanced features that we can use with
ease. If needed, we may also use Laravel Sockets package which helps to deliver chat messages
real time.

Quasar: Quasar is a frontend framework that uses Vue.js for its scripting and other features.
Quasar provide huge set of UI kits to use with modern Material Design guidelines. Quasar can
also compile our same application for Web, Mobile and Desktop.
6. SYSTEM DESIGN

After thorough research and requirement gathering, we have come up with following structure
for our project.

• End to End Encryption (enabled by default on one-to-one)

• One to One Chat
• Group Chat (Unlimited Members)
• Message Reply (Choose what message you want to reply)
• Message Attachments: Multiple format and files support.
• Message reaction: React to individual message

We will be designing and developing this project on following phases:

Primary Phase

In this phase, we will be outlining the basic parts such as environment setup, tools installation
as well as setting up everything together. We will also be developing models for database and
design preliminary features such as authentication as well as profile editing.

Secondary Phase

In this phase, we will start on the main part of the program. We will be looking into various
encryption algorithm to test efficiency as well as develop the chat application features on
parallel. After completing both tasks, we can move to developing basic mobile application with
almost feature parity to web application.

The general tasks involved are as follows:

• Design various blocks for overall design process.

• Design smaller modules from those blocks to simplify design and development process.
• Design various database models.
• Specify details of programs to achieve desired functionality.
• Design the form of input and output system and also test out core feature (encryption)
• Prepare documentation
• System review and handover.
A software life cycle is the series of identifiable stages that a software product undergoes during
its lifetime. A software lifecycle model is a descriptive and diagrammatic representation of the
software life cycle. A life cycle model represents all the activities required to make a software
product transit through its lifecycle phases. It also captures the order in which these activities
are to be taken. There are various life cycle models to improve the software processes.

• Waterfall Model
• Prototype Model
• Iterative Enhancement Model
• Evolutionary Model
• Spiral Model

In this project, we will be making use of Waterfall Model.

Figure 1: Waterfall Model

This model contains 6 phases:

a. Feasibility study: The feasibility study activity involves the analysis of the problem
and collection of the relevant information relating to the software. The main aim of the
feasibility study is to determine whether it would be financially and technically feasible
to develop the software.
 b. Requirement analysis and specification: The goal of this phase is to understand the
exact requirements of the customer and to document them properly.
c. Design: The goal of this phase is to transform the requirement specification into a
structure that is suitable for implementation in some programming language.
d. Implementation and unit testing: During this phase the design is implemented.
Initially small modules are tested in isolation from rest of the software product.
e. Integration and system testing: In this all the modules are integrated and then tested
altogether.
f. Operation and maintenance: Release of software inaugurates the operation and life
cycle phase of the operation. The phases always occur in this order and do not overlap.
And these phases are discussed below according to our project.

6.1 Feasibility Study

Feasibility study is carried out to decide whether the proposed system is feasible for the
organization. We studied the feasibility of the software in context of our college. As knowing
the college environment, we made the web portal feasible according to it. The feasibility study
is to serve as a decision document and it must answer three key questions:

A) Is there a new and better way to do the job that will benefit the user?
B) What are the cost and the savings of the alternative(s)?
C) What is recommended?

For this project, we performed following feasibility study:

6.1.1 Technical feasibility

Since, technical feasibility centers on the existing computer system i.e., hardware, software etc.
The technical requirement for the system is economic and it does not use any other additional
hardware and software. We require MySQL Database and PHP/Apache Environment for this
project which is easy to setup for development and production environment.

6.1.2 Economic Feasibility

This feasibility study estimates the total capital requirements for proposed system, whether
enough finances (investments) are available for proposed system or not. This is often called a
cost-benefit analysis. Here, we determined the benefits and savings that are expected from the
system and compare them with costs. When the benefits outweigh costs, then the decision is
made to design and implement the system.

6.1.3 Behavioral Feasibility

The system working is quite easy to use and learn due to its simple but attractive interface.
User requires no special training for operating the system.

6.1.4 Schedule Feasibility

Here, we analyzed the time require to complete the project, identified that the project will fail
if it took too long to complete and determine some targeted milestones and timeframes for
completion as a guideline only.

3.2 Requirement Analysis

In this phase, we studied the system requirement. We investigate the need for possible dynamic
representation of the application and the requirement of the user. Here, we use the mixed
approach that use both qualitative and quantitative method. We performed the review on the
existing software that utilize end-to-end encryption as well as other commonly used instant
messaging application. We listed out various thing we want to include in the application and
various parts we do not want to include.

Finally, the team members focused on requirement specification and finalize the requirement
that can be implemented. By the end of requirement, we furnish a document that holds the
different specific recommendations for the system. It also includes personnel assignments,
costs, project schedules, target dates etc. the requirement gathering process is intensified and
focused specially on software. The essential purpose of this phase is to find the need and to
define the problem that needs to be solved.

During this phase following facts were gathered.

• Determined the user need

• Identified the facts
• Establish the goals and objective for the proposed system
• Feasibility for the new system
3.3 System Design

In this phase the software’s overall structures are defined. In terms of client server technology,
the number of tiers needed for the package architecture, database design, data structure design
etc. are defined in this phase. Analysis and Design are very crucial in entire development cycle.
Any glitch in this phase could be expensive to solve in the later stage of software development.
Hence, following is the essential approach taken during our application development:

• Data Flow Diagram (DFD)

• Database Design

Figure 2: Context Diagram

 Figure 3: Zero Level DFD

Figure 4: Database E-R Diagram

7. TASK COMPLETED

Currently, we have a basic landing homepage to advertise our features to make new users
comfortable with the application. We also have functioning authentication system as well as
profile editing system. For additional security, we have also added two-factor authentication
support (for Google Authenticator).

Figure 5: Authentication (Login)

Figure 6: Authentication (Register)

Figure 7: Profile (Update Screen)

Figure 8: 2FA Support

Figure 9: Contacts Page

8. TASK REMAINING

While we have implemented the basic design for the system, we are yet to implement the actual
user interface for sending and receiving message. Following features are remaining to be
implemented:

• Chat Screen
• Encryption Algorithm
• Encryption

We hope to start working on this feature shortly after. We have laid the groundwork for the
actual features for sending and receiving messages.
9. TIME PLAN

Month \ Work 1st Month 2nd Month 2nd to 3rd Month

Proposal
Presentation

Project Development

Testing and
Debugging

Documentation and
Final Report
REFERENCES

▪ "A Brief History of Cryptography" ( http://www.cypher.com.au/crypto_history.htm

). Cypher Research Laboratories. 24 January 2006. Retrieved 5 March 2021.
▪ Lee, Micah (22 June 2016). "Battle of the Secure Messaging Apps: How Signal
Beats WhatsApp" ( https://theintercept.com/2016/06/22/battle-of-the-secure-
messagingapps-how-signal-beats-whatsapp/ ). The Intercept. Retrieved 5 March 2021.
▪ “SubtleCrypto.encrypt()”. ( https://developer.mozilla.org/en-
US/docs/Web/API/SubtleCrypto/encrypt ) Mozilla Developer Network (MDN).
Retrieved 5 March 2021