Today mobile phones have become a vital part in human life. Though the core function of a mobile phone is to telecommunicate, people have been dependent upon mobile applications, as they have made human life so simple. They serve as a good platform for online shopping, food delivery, taxi service, entertainment, reading, education, social media and video chats.

With the objective to procure business, entrepreneurs have begun to develop mobile apps like messenger applications to connect directly with their customers, and enable seamless customer service.

Quantum-Secure Messenger

Messenger application enables communication between two or more end users. In the present day scenario, more and more messenger applications are popping up; turning out to be the most popular way to send text-based messages, make calls, audios, videos, documents and voice messages.

Embien has created a messenger application that offers various features like Channels, Groups, Video calls etc. By using industry power security algorithms, users can send and receive messages protected with end-to-end encryption. The recipient alone can decode the messages he / she receives from the sender, and set disappearing message features with configurable timers. Even though the data is stored in the central server, the server will not be able to understand the same as the keys are kept with the applications at the user end.

While the messenger is itself secure, the customer wanted to further fortify it with Quantum safe methods. It is estimated that within a few decades, quantum computers will be able to break the classical crypto algorithms. At Embien, we understood the customer’s need, and designed / developed an android-based secure messenger application along with a BLE Dongle that secures and maintains user data with end-to-end encryption in a Quantum-Safe way. Our profound expertise in the field of Embedded Systems Security and Application Development has positively resulted in bringing about the desired outcome. We enabled dedicated session keys for chats using random numbers generated via quantum chips.

Below are the two major requirements put forth by the customer for designing and developing a secure messenger application:

• Quantum Cryptography Powered BLE Dongle
• Post-Quantum Cryptography (PQC) based Android Application

Quantum Cryptography Powered BLE Dongle

QC powered BLE dongle is located at the heart of the system, it is a battery operable device that generates random numbers for session keys via quantum chip. The generated session key random numbers were sent to the mobile application via BLE channel, secured by Falcon over NTRU (Nth Degree Truncated Polynomial Ring). This Dongle was used to verify the authenticity of the end user, and hence anyone who possesses the QSM (Quantum Security Module) have the capability to carry out communication with the Secure Messenger.

The authenticity of the Dongle was ensured by using PQC KEM (Key Encapsulation Mechanism). At the production process, a unique private-public key pair was created for each Dongle. The private key was stored inside the Dongle and the public key was stored along with the Dongle ID in the server.

Post-Quantum Cryptography (PQC) based Security

The messaging service was enabled via an Android based application that adopted end-to-end encryption methodology. For secret chat, the chat data was stored in the local storage of the mobile device and was set to be auto deleted at configured interval. After APP installation, users have to perform one time password activation for the BLE device.

The connection setup and data communication between the Dongle and the mobile app was also encrypted using QC algorithms.

When a connection request was received from the Secure Messenger App over HTTPS, the Cloud server will first validate the application using certificates along with OTP.

• User-1 and User-2 Pair generation using a defined Algorithm (One to One Communication)
• User-1, User-2 and User-3 another pair generation using a pre-defined algorithm (Multi User Communication)
• Communication Ends Pairing will be removed for both one to one and multi user concepts

Key Features of Embien’s Secure Messenger

• The Secure Messenger application and server communication is protected
• Key generation leverages true random number from Dongle
• For each message, message keys are changed using true random numbers enabling form ward security
• Automatic session invalidation in server forces frequent session setup limiting attach vectors
• The application facilitates creates, maintains and delete user accounts
• The application support create/ delete of Group chats and channels
• All communication with peers is End-to-End Encrypted
• The application facilitates creating text status or status from gallery along with viewing and commenting other user statuses
• The application allows making video and audio calls with encryption and decryption concept
• The user data is stored locally in the context of application and will be deleted after configured duration / after uninstalling application

Embien successfully designed and developed an integrated connectivity cluster along with a well-developed mobile application interface within a short period of time. While it provided rider, with navigation and notification data for two wheelers / sports vehicles, vehicle information like fuel consumption, engine maintenance, etc., were also enabled within the user application. Embien has been working extensively with OEM’s and Tier 1’s enabling latest features for their Instrument clusters, Automotive ECU Development, Designing Battery Management Systems etc.

The authenticity of the Dongle was ensured by using PQC KEM (Key Encapsulation Mechanism). At the production process, a unique private-public key pair was created for each Dongle. The private key was stored inside the Dongle and the public key was stored along with the Dongle ID in the server.