Enhancing Security and Privacy in Mobile Instant Messaging Through Decentralized Authentication Techniques

Mobile Instant Messaging (IM) applications are now considered indispensable in the global communication process; however, they are still exposed to security and privacy threats because of the use of centralized authentication methods. In traditional systems, the user credentials and other important necessary details are stored at the centralized servers which makes it easy for hackers to hack, unauthorized people to gain access, and violate data. The problem of the privacy and security threats in the traditional IM authentication system is solved in this research by developing a new Decentralized IM Authentication model based on the blockchain and SSI technologies and utilizing DIDs to manage data sovereignty. This work aims to propose a decentralized authentication solution that will not require external identification or a central server for the users’ data storage while providing storage immutability and secure end-to-end encryption for all communications. Based on the above analysis, the following methodology is proposed: blockchain for identity authentication, SSI for user-controlled identity, and DIDs for identification. The system was tested using an example IM application called Secure Chat, wherein several security threats, including intrusion, eavesdropping, and identity theft, were emulated. That is why the results obtained state that the decentralized model effectively addresses these threats: the time for the authentication process is 1-2 sec, and the system can support up to 100,000 concurrent users, having a moderate decline in performance. In contrast, decentralized authentication showed a 30% improvement in security and a 40% decrease in the risk of civil identity fraud more to the centralized models. Furthermore, the decentralized approach is fully within privacy regulations such as GDPR, which makes its data protection more effective and in control of its users. The paper makes a significant research contribution by offering an extensive assessment of the proposed decentralized IM application authentication model and revealing its strengths and weaknesses compared to the existing centralized solutions in terms of security, privacy, and sovereignty of data, as well as indicating some emerging difficulties connected with scalability and usability of the approach.