You are designing a mobile chat application.
You want to ensure people cannot spoof chat messages, by providing a message were sent by a specific user.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Option A - Tag messages client-side with the originating user identifier and the destination user: Tagging messages with user identifiers does not provide any security. It is easy for a malicious user to change the message's tag and impersonate another user. Therefore, this option is not a recommended method for securing chat messages.
Option B - Encrypt the message client-side using block-based encryption with a shared key: Encrypting messages using block-based encryption with a shared key can help ensure that the message content cannot be read by anyone who does not have the shared key. However, this option does not address the issue of message spoofing. A malicious user can still change the sender's name and send a message using another user's identity. Therefore, this option is not a complete solution for securing chat messages.
Option C - Use public key infrastructure (PKI) to encrypt the message client-side using the originating user's private key: Using PKI to encrypt messages using the originating user's private key provides end-to-end encryption, which means only the intended recipient can decrypt the message. This option also ensures that the message's authenticity is protected. If a malicious user changes the sender's name, the recipient will not be able to decrypt the message since it was not encrypted using the correct private key. This option is a strong method for securing chat messages.
Option D - Use a trusted certificate authority to enable SSL connectivity between the client application and the server: Using a trusted certificate authority to enable SSL connectivity between the client application and the server provides secure communication between the client and the server. However, it does not prevent message spoofing. A malicious user can still change the sender's name and send a message using another user's identity. Therefore, this option is not a complete solution for securing chat messages.
Therefore, the best option for securing chat messages is Option C - Use public key infrastructure (PKI) to encrypt the message client-side using the originating user's private key.