International Journal of Open Information Technologies

Methodological and technological solutions for the creation of secure decentralized messengers for departmental and corporate communication systems are presented.  A model for ensuring information security in messengers developed based on the Matrix open protocol is proposed, providing end-to-end encryption of communications, voice and video communications, as well as federated interaction. The model is implemented as a modular architecture based on the principles of microservices and containerization, using a technology stack including Synapse, PostgreSQL, LiveKit, lk-jwt-service, Nginx and Docker Compose. A special feature of the model is its focus on deployment on peripheral network devices running OpenWRT, which provides full control over the infrastructure and eliminates dependence on external platforms. Verification of compliance with information security requirements was carried out in accordance with GOST R 56939-2024. The practical significance of the work is confirmed by the successful deployment of a functioning prototype demonstrating stable operation in various operating conditions.  The main positive effect is to significantly reduce the complexity of deploying and maintaining the messenger while ensuring the requirements for confidentiality and sovereignty of functioning.

Dorf R. Modern Control Systems. Moscow: Laboratory of Basic Knowledge, 2012. 832 p. (in Russian)

Jabbour K., Poisson J. Cyber Risk Assessment in Distributed Information Systems. The Cyber Defense Review, 2016, vol. 1, no. 1, pp. 91—112.

Trevino M. Cyber Physical Systems: The Coming Singularity. PRISM, 2019, vol. 8, no. 3, pp. 2—13.

Downes C. Strategic Blind-Spots on Cyber Threats, Vectors and Campaigns. The Cyber Defense Review, 2018, vol. 3, no. 1, pp. 79—104.

Richards M., Ford N. Fundamentals of Software Architecture. O'Reilly Media, 2020. 400 p.

Burns B., et al. Designing Distributed Systems: Patterns and Paradigms for Scalable, Reliable Services. O'Reilly Media, 2018. 165 p.

Matrix.org Foundation. The Matrix Specification. Available at: https://spec.matrix.org/v1.9/ (accessed: 21.09.2024).

Olm: A Cryptographic Ratchet. Available at: https://gitlab.matrix.org/matrix-org/olm/-/blob/master/docs/olm.md (accessed: 21.09.2024).

MSC4143: VoIP FOCI (Framework for Ongoing Conferencing with Identity). Available at: https://github.com/matrix-org/matrix-spec-proposals/pull/4143 (accessed: 21.09.2024).

GOST R 50922-2006. Information Protection. Basic Terms and Definitions. Moscow: Standartinform, 2006. 8 p. (in Russian)

GOST R IEC 61508-1-2012. Functional Safety of Electrical, Electronic, Programmable Electronic Safety-Related Systems. Moscow: Standartinform, 2012. 51 p. (in Russian)

GOST R 56939-2024. Information Protection. Secure Software Development. General Requirements. Moscow: Standartinform, 2024. 45 p. (in Russian)

PostgreSQL Documentation. Available at: https://www.postgresql.org/docs/ (accessed: 21.09.2024).

GOST R 59162-2020. Information Technology. Security Techniques. Network Security. Moscow: Standartinform, 2020. 32 p. (in Russian)

GOST R 53110-2008. Public Communication Network Information Security System. Moscow: Standartinform, 2008. 28 p. (in Russian)