Design and development of secure otrSMS for Android phones

Abstract

Privacy is an important and popular topic all over the world, especially under the circumstance that people use electrical communication more frequently. Text messaging (SMS) is one of the most constantly-used tools in our daily life. However, it is not secure since at least mobile carriers are able to monitor the contents.

The objective of this project is to provide privacy in SMS, by designing and implementing an application for Android phones. OTR is the basic concept. It stands for Off-the-Record, which is a cryptographic protocol that provides not only strong encryption, but also deniability.

At the beginning of the project, lots of research work has been done in areas of Off-the-Record, One-Pass Key Establishment and other security related issues. Because of the non-interactive and delaying nature of SMS, almost all scenarios have to be taken into consideration carefully during the design phrase. Handling routines were proposed to take care of those special cases, such as simultaneous requests and request mismatch. Afterwards, the whole interface, such as icons and layouts, and features were analysed. The user interface was designed to be compact, handy, and visually pleasing for wider acceptance. Photoshop was learned to make icons and backgrounds. Android programming was also intensively studied so as to write correct, efficient and reusable code.

An otrSMS protocol was proposed, by modifying and enhancing otrMail protocol. Following this protocol, an application named OtrSMS was developed and it worked as desired. Although the encrypted text length is on average 1.3 to 1.4 times longer than the original one, it remains in an acceptable range. The author believes that it will help to protect people’s privacy in an effective way.