A Simple and Robust End-to-End Encryption Architecture for Anonymous and Secure Whistleblowing

摘要

Much has been mentioned about the importance of whistleblowing. While all organizations are recommended to have a whistleblowing mechanism, there are very few completely software-based platforms that assist in performing this task securely. The primary concerns are to ensure that the whistleblower remains anonymous and the disclosures are securely delivered to the competent authority, usually media organizations. In this paper, we have analyzed the security of the state of the art software-based whistleblowing platforms and related research, identified security issues and proposed a new architecture that satisfactorily ensures the requirements for anonymous and secure whistleblowing. We have verified the strength of our solution against the existing platforms and related research with the AVISPA (Automated Validation of Internet Security Protocols and Applications) tool. Our approach is practical, backed by cryptographic security and, because of its modularity, can be easily included in the current infrastructure of many whistleblowing platforms. The results show that our architecture is simple, robust and implements a complete end-to-end encryption strategy thus enabling secure and anonymous whistleblowing.