Інтернет-конференції НУБіП України, ГЛОБАЛЬНІ ТА РЕГІОНАЛЬНІ ПРОБЛЕМИ ІНФОРМАТИЗАЦІЇ В СУСПІЛЬСТВІ І ПРИРОДОКОРИСТУВАННІ ’2024

Розмір шрифту: 
Double-Ratchet Based Security for Providing Internet Services to Disconnected Areas
Benjamin Reed, Anirudh Kariyatil Chandakara, Abhishek Gaikwad

Остання редакція: 20-11-2024

Тези доповіді


This paper introduces an architecture that leverages existing mobile devices and applications to facilitate end-to-end encrypted internet access in areas without direct connectivity. The system is a special case of a Delay-Tolerant Network (DTN) structured into three core components: a client application, a transport application, and a cloud server. The client application aggregates data from various applications on the device into a single data bundle and encrypts it using the Double Ratchet algorithm (part of the Signal protocol). This encrypted bundle is then transmitted over Wi-Fi Direct to the transport application, which acts as an untrusted courier. Upon reaching an internet-connected area, the transport application uploads the encrypted bundles to the cloud server. The server, in turn, decrypts these bundles and routes the data to their intended application servers. Responses from these servers are sent back to the client through the same routes. This architecture offers a seamless and secure solution for internet connectivity in disconnected zones, eliminating the need for additional hardware. It[1] [2] can handle various types of application data while ensuring the integrity and confidentiality of the data in transit without relying on a trusted centralized certificate authority or trusted data transports. We have implemented this architecture in the open-source Disconnected Data Distribution (DDD) project.