Secure Messaging using HIGHT for Android Smartphones

Abstract

In today's digital world, secure mobile communication is a necessity. This paper explores the integration of the HIGHT (High Security and Lightweight) algorithm and end-to-end encryption (E2EE) on Android smartphones. The goal is to create a secure messaging app using the HIGHT algorithm, addressing the demand for efficient, secure communication. Traditional methods like AES are too resource-intensive for Android devices. The proposed chat application integrates the HIGHT algorithm with HMAC-SHA256 for confidentiality and authenticity. Key features include user authentication through phone number and OTP verification via Firebase, and secure key management using ECDH for key exchange. This application aims to provide end-to-end encrypted messaging, secure file sharing, and user-friendly features, ensuring privacy and data security while maintaining efficient performance. Security evaluation using MobSF and AppSweep, both certified by OWASP MASTG, indicates a medium risk mainly due to manifest configuration issues and the use of an older Android version, which can be mitigated with future updates. The application achieved a security score of 45/100 and successfully passed the encryption test.