SecureLink: A Serverless Peer-to-Peer Messaging System for Confidential Conversations

Abstract

This paper presents a secure peer-to-peer chat application enabling text and voice communication without relying on centralized servers. Unlike conventional systems that route data through third-party infrastructure, the proposed model establishes a direct, encrypted channel between two users to enhance privacy and security. A unique password-protected room ensures that only authorized participants can join, making the system simple, private, and suitable for confidential communication.

Introduction

In 2025, over 4 billion users rely on messaging apps like WhatsApp, Telegram, Signal, and WeChat for daily communication. While these apps offer end-to-end encryption, they still depend on centralized servers for user registration, message delivery, and authentication. This creates significant privacy, security, and censorship vulnerabilities, including:

• Hacking risks (e.g., Yahoo’s 2013 breach, Facebook’s 2021 leak)

• Metadata collection (e.g., IP addresses, contact lists, activity logs)

• Government surveillance laws (e.g., India’s 2021 IT Act, U.S. CLOUD Act)

• Censorship (e.g., Telegram blocked in Russia, WhatsApp restricted in Iran)

Although encryption protocols like TLS 1.3 and the Signal Protocol are strong, the centralized architecture remains the weak link.

???? Proposed Solution: Serverless, Peer-to-Peer (P2P) Secure Communication

To address these issues, a new communication model is introduced that eliminates centralized servers altogether, enabling direct, encrypted communication between two users. Key features include:

? Key Concepts:

• No servers used for storing user data or relaying messages

• Password-protected chat rooms created by Peer A

• Only users with the correct password can join (Peer B)

• WebRTC used for real-time P2P connection

• DTLS + SRTP encryption ensures secure text and voice communication

???? System Architecture:

1. Peer A (Room Creator):

   • Creates a secure chat room

   • Sets a 4-digit password

   • Encrypts all outgoing messages using DTLS/SRTP

2. Peer B (Joining User):

   • Enters password to join the room

   • Establishes a secure, direct connection to Peer A

3. Encrypted P2P Channel:

   • No third-party data relay

   • Immune to packet sniffing and interception

4. Signaling (Temporary Setup):

   • Minimal, metadata-free connection setup using STUN servers (optional)

5. Two Connection Models:

   • Model A (Offline): Uses QR code, Bluetooth, or NFC for sharing passwords

   • Model B (Online): Uses public STUN server (no data storage)

???? Methodology:

• No stored credentials: Passwords checked locally, never saved on servers

• No metadata leakage: No logs or history retained after session ends

• Session-based encryption: Temporary keys for each session

• Full encryption lifecycle: DTLS for handshake + SRTP for real-time packets

• Instant deletion: All traces removed after chat ends

???? Results & Evaluation:

???? Security:

• Resistant to brute-force, MITM, and replay attacks

• Encrypted traffic unreadable even if intercepted (e.g., via Wireshark)

• No centralized database—no large-scale user data exposure

???? Performance:

• Text delivery latency: <50ms (LAN), <200ms (WAN)

• Voice delay: Sub-second, enabling real-time conversations

• Packet delivery: >97% on Wi-Fi, ~93–95% on mobile networks

• Voice quality: MOS > 4.0 (strong networks), >3.5 (weak networks)

???? Usability:

• Easy-to-use interface

• Simple 4-digit password-based access

• Smooth operation even on lower-end networks

Conclusion

The peer-to-peer (P2P) secure chat model achieves its main goal of enabling private, reliable, and serverless communication between two people. Unlike traditional chat apps that depend on central servers and may expose user data, this system allows direct communication between users, leaving no digital footprint. By using DTLS and SRTP for end-to-end encryption and a password-based access system, it ensures that conversations remain both secure and private. The evaluation shows strong results across three key areas. In security, the model protects effectively against brute force, MITM, and replay attacks. In performance, it provides fast message delivery, low delay in voice calls, efficient bandwidth use, and reliable communication even on weaker networks. In usability, the simple design and easy password-sharing methods make it user-friendly while still ensuring high privacy. Overall, this model is a strong and practical alternative to popular chat apps. Although it depends on stable internet and does not keep chat history, these limitations are acceptable in situations where privacy is more important than convenience. With improvements such as group chat support, this system could be highly valuable in sensitive areas like government, defense, corporate meetings, and confidential personal conversations.

References

[1] Marlinspike, M. (2016). The Signal Protocol. Open Whisper Systems. [2] Singh, G., & Kaur, J. (2020). A Review on Secure Peer-to-Peer Communication. IJCA. [3] Rescorla, E. (2018). RFC 8446: TLS 1.3. IETF. [4] Johnston, A., Sparks, R., & Matthews, P. (2013). RFC 5766: TURN. IETF. [5] Loreto, S., Romano, S., & Miniero, L. (2018). WebRTC: APIs and Real-Time Communication. IEEE. [6] Zhao, W., Lin, X., & Deng, R. H. (2019). Serverless Communication for Privacy Preservation. Elsevier. [7] W3C WebRTC Working Group. (2021). WebRTC 1.0 Specification. W3C. [8] Tschofenig, H., & Rescorla, E. (2018). RFC 8445: Interactive Connectivity Establishment (ICE). IETF. [9] Rosenberg, J. (2008). RFC 5389: STUN. IETF. [10] Dierks, T., & Rescorla, E. (2008). RFC 5246: TLS 1.2. IETF. [11] Statista (2024). Global Messaging App Usage Report. [12] Cloud Security Alliance (2020). Cloud Security Risks in Messaging. [13] Egele, M., et al. (2015). A Survey on Mobile Messaging Security. ACM Computing Surveys. [14] Rescorla, E., & Modadugu, N. (2006). RFC 4347: Datagram TLS (DTLS). IETF. [15] Perkins, C., et al. (2004). RFC 3711: Secure RTP (SRTP). IETF. [16] Dworkin, M. (2001). NIST AES Standard (FIPS 197). [17] Rivest, R. L., et al. (1978). A Method for Obtaining Digital Signatures and Public-Key Cryptosystems (RSA). Communications of the ACM. [18] Kshetri, N. (2021). 1. Cybersecurity Challenges in Communication Systems. Springer. [19] Li, J., et al. (2020). Performance Evaluation of WebRTC. IEEE Access. [20] Alomari, M., & Hu, J. (2022). Peer-to-Peer Secure Messaging Review. ACM Transactions on Privacy and Security.

Copyright

Copyright © 2025 Sanjana Chandrakant Durge, Sarthak Santosh Tiwari. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.