Reinforcing the Security of Instant Messaging Systems Using an Enhanced Honey Encryption Scheme: The Case of WhatsApp

In this paper, an enhanced honey encryption (HE) scheme for reinforcing the security of instant messaging systems and confounding the time and resources of malicious persons is presented. HE offers security beyond the brute-force bound by yielding plausible-looking but fake plaintext upon decryption with an incorrect key. Recent developments have seen the application of HE in the security of specific real-world systems, such as passwords and credit cards. However, applying the HE scheme to address other economic problems remains a daunting task as it requires modifying the HE algorithm to fit into the problem-in-view. For instance, applying the scheme for robust transmission of chat-messages upon decryption with an incorrect key will demand to generate contextually correct, valid-looking but fake chat-message which is indistinguishable from a human-generated message. This paper enhances the HE scheme by leveraging natural language processing techniques to build semantically plausible but fake chat-messages which will be served to the adversary during his attacks. Findings from evaluations reveal that the novel system is resilient to eavesdropping as an adversary is unable to distinguish decoy messages from the plaintext upon decryption with an incorrect key.