Inception to reception – The lifetime of a secure message

When discussing secure messaging, it’s essential to understand the complex journey a message takes from its inception to its reception. This process involves several stages, each with its own security implications and multiple layers of security required to protect the integrity and confidentiality of the communication.

Understanding and fortifying each step in this journey is crucial for ensuring the overall security and reliability of secure messaging systems.

  1. Thought to Intention: It all starts in the user’s mind, where a thought transforms into an intention to communicate.
  2. Inputting the Message: The user inputs the message using a device, typically through a keyboard or a speech-to-text interface. This involves interaction with the device’s operating system and various input processing algorithms and OS API’s.
  3. App Processing: The inputted text is then captured by the messaging application’s code. Here, initial processing, such as formatting or command interpretation, occurs.
  4. App level encryption: Before leaving the device, the message is encrypted. This is a critical security step, ensuring that the contents remain confidential during transmission.
  5. Transmission Through Network Layers: The encrypted message travels through several network layers. It may pass through local networks, internet service providers, and various routing points, each representing a potential vulnerability.
  6. Secure Protocols: During transmission, protocols like HTTP or UDP, secured with TLS/SSL, are used. These protocols scramble the message contents, making them unreadable to unauthorized interceptors.
  7. Server Processing: Upon reaching the server the message is processed, which might involve further security checks, storage, or routing decisions.
  8. Data Storage: The message is stored in a storage system, which could be a database or file system, on the server’s drive. This storage phase is crucial as it involves data at rest security.
  9. Backend to Drive Communication: When writing data to the drive, the backend code calls lower-level operating system functions. These functions communicate with the drive through interfaces defined by device drivers and OS/File system architecture
  10. Drive / File system Architecture: The drive writes the data according to its architecture and firmware, which includes specific methods for storing data securely.
  11. Retrieval by Recipient: When the recipient accesses the message, the process essentially reverses. The server retrieves the message, sends it through the network to the recipient’s device, where it is decrypted and displayed.
  12. Final Interpretation: The recipient reads and interprets the message, converting it from text (displayed as graphics) back into thought.

. From the initial input to the final interpretation, each of these stages involves potential vulnerabilities and the security of a message depends not only on the encryption protocols but also on the integrity of devices, networks, and servers it passes through.
Understanding these stages is crucial for developing more robust security measures in messaging systems therefore we suggest to include testing / evaluating secure communication software against such vulnerabilities in the future.
Most secure apps advertise their encryption system and communication but would fail, for example, in the case of a rooted telephone running keylogger malware.