Cell Phone App
11:38 am
Mon January 13, 2014

CMU Creates Security Application

It might not be Angry Birds - but this new cell phone application is so secure the creators believe not even the National Security Agency can break into it.

Carnegie Mellon University researchers have created a cell phone application called SafeSlinger that enables users to exchange identity data without the risk of theft, deception or fraud.

Mike Farb, research programmer at CMU, helped create the app.  He said there are many ways attackers could try to steal information.

“We’re trying to protect against this attack called the man in the middle attack where someone observing your key exchange for the first time, before you ever send a text message can take the key you send out, replace it with one of their own, and essentially, act as an intermediary between you and another party,” Farb said.

He said people could use PGP, or Pretty Good Privacy, from the 1990s to encrypt data exchanges between people, but they wanted to create an application that is easier to use.

“It will generate a public and private key pair for you, it’ll ask you to create a pass phrase which will protect your private key on your phone so only you, the person who knows the pass phrase can access it and access your messages…and from there you need to find another user,” Farb said.

He said all you need to do after that is press a button called “Sling Keys” and compare one number and one set of three words to exchange the keys without the fear of stolen data.

Users are able to send messages without external parties like phone companies or other devices.

According to Farb, the application doesn’t even use text messaging minutes - just the Internet.

He said the application has been tested extensively during its creation.

“We’ve had our security experts in the classroom and out of the classroom go through several security reviews, examine it, test it, play with it,” Farb said. “It’s one of the reason that we’re two years along, we’ve spent quite a bit of time making sure that we’ve protected the end user who uses this.”

Farb said the application was well received at the annual ACM Conference for Mobile Computing and Networking in Miami.

“I think that people have been waiting for something like this to sort of close the last mile of this problem of ensuring that keys that are exchanged are authentic,” Farb said.

The app is available now for Apple and Android devices.