SlideShare une entreprise Scribd logo

Secure instant messanger service

Aditya Gupta
Aditya Gupta

Presented a seminar on ‘Secure Instant Messaging’ – security aspects and IMKE protocol

Formation
1  sur  38
SECURE INSTANT MESSANGER SERVICE By:- Sagar Chordia 09005013 Aditya Gupta 09005017
Contents  Introduction  Instant Messaging ◦ Types of IM ◦ Security Solutions for IM  Instant Messaging Key Exchange protocol ◦ Introduction ◦ Goals ◦ Protocol ◦ Advantages / disadvantages  Conclusion  References
Introduction  The number of interested parties eager to listen in on your online conversations, including what you type through instant messaging, has never been higher.  Broadband providers and their business partners are enthusiastically peeking into their customers' conversations.  In today’s competing world privacy and secrecy are very necessary.
Instant Messaging  From wikipedia : “Instant messaging (IM) is a form of communication over the Internet, that offers an instantaneous transmission of text- based .messages from sender to receiver”.  It is text-based, bi-directionally exchanged, and happens in real-time.  It differ from other technologies such as email due to the perceived quasi-synchronicity of the communications by the users.
Types of IM (1)  P2P (peer to peer) model ◦ No central load ◦ Anonymity of users can pose security threat Server Client A Client B Peer to peer model
Types of IM (2)  Server-client model ◦ All messages pass through central server. ◦ There is heavy load on the server. ◦ Security policies can be implemented easily Server Client A Client B Server-Client Model
Security in P2P  Security is either credential based or reputation based.  Can be implemented either by ◦ Central server  Relies heavily on point source ◦ Mutual peer information exchange  Implemented via gossip algorithm
Security in Server-client  Security in server-based methods is credential based.  The server verifies the client via a known secret (password). Once authenticated the client can communicate with other clients.
Security Solutions for IM  SSL/TLS-based enterprise products ◦ e.g.Yahoo! Business Messenger  Anti-virus, firewall and IM gateway solutions ◦ e.g. Norton, zonealarm  Public key based client-only solutions ◦ e.g. GPG, IMSecure  Independent secure IM protocols. ◦ E.g. SILC, SKE, IMKE
INSTANT MESSAGING KEY EXCHANGE PROTOCOL -A secure IM protocol
Introduction  A protocol for strong authentication and secure communications.  It enables mutual strong authentication between users and an IM server.  It uses a memorable password and a known server public key.
Introduction (contd.)  IMKE provides security i.e. ◦ authentication, ◦ confidentiality and ◦ Integrity for client-server and client-client IM connections with repudiation.  Message contents are not revealed to server
IMKE Motivation  Existing solutions have drawbacks ◦ SSL: relayed user messages are visible to IM server ◦ client plug-ins: client-server messages are plaintext ◦ secure protocols: not designed for integration  Strong password protocols do not fit ◦ Efficiency ◦ simplicity
IMKE - Goals  Mutual assurance of identity  Secure communications  Forward secrecy  Repudiation  Replay detection ◦ authentication phase ◦ text message / file transfers  M. Mannan, P.C. van Oorschot, “A Protocol for Secure Public Instant Messaging,” in Financial Cryptogra-phy and Data Security 2006 (FC'06) , Feb. 27-Mar. 2 2006.
Terminology used in IMKE Term Description “Strong” pass- A passive or active attacker should be unable to gather word protocol enough information to launch an offline dictionary attack even if a relatively weak password is used. Secure Communications where authentication, integrity and communications confidentiality are achieved. End-to-end Securing messages cryptographically across all points Security between an originating user and the intended recipient. Repudiation A way to ensure that the sender of a message can (later) deny having sent it. Some believe this is important for casual IM conversations. Forward The property that the compromise of long-term keys secrecy does not compromise previously established session keys.
Notation used in IMKE Terms Usage A, B, S Two IM users and the IM server IDA User ID of A (unique within the IM service domain) PA Password shared by A and S RA Random number generated by A. fi One-way cryptographic hash functions. {data}K Symmetric (secret-key) encryption of data using key K. {data}EA Asymmetric (public-key) encryption of data using A’s public key KUA. KsAS Symmetric (s) session (encryption/decryption) key shared by A and S. m K AS Symmetric MAC key shared by A and S (m is short for MAC). m [X]AS MAC output of data X under key K AS.
IMKE – The protocol  IMKE can be divided into three phases: ◦ Password Authentication Key Exchange (PAKE), ◦ Client-Server Communications and ◦ Client-Client Communications (Direct and Relayed)
Password Authentication Key Exchange (1)  Step 1:- ◦ A generates KUA, KRA and KAS and sends it to server in following manner. ◦ Encrypts session key with server’s public key. ◦ A  S : IDA, {KAS}ES , {KUA, f1(PA)}KAS  Step 2 :- ◦ Server calls f1(PA) independently from it database and compares. If unmatched then drops session ◦ Server generates RS (nonce) . Encrypts it with public key of A ◦ A  S : {RS }EA, {f2(PA)}KAS
Password Authentication Key Exchange (2)  Step 3:- ◦ A decrypts RS using its private key, independently calculates f2(PA), if not same drops session. Sends ◦ A  S : f3(RS) ◦ S independently cal f3(Rs) if not same then drops session.  Once this 3-way handshake is done A and S calculates their ◦ Session key KsAS = f4(KAS,RS) and ◦ MAC key KmAS = f5(RS,KAS).
Password Authentication Key Exchange (3)
Client-Server Communication  Successful registration in PAKE sets up server-client session key.  Use this key for further communication to server ◦ A  S : {ClientDataA} KsAS, [ClientDataA]AS ◦ A  S : {ServerData}KsAS, [ServerData]AS
Client- Client Communication (1)  Step 1 :- ◦ Get public key of others from server via client-server communication as in B) ◦ A  S : {KUB, IDB} KsAS, [KUB, IDB]AS ◦ B  S : {KUA, IDA} KsBS, [KUA, IDA]BS  Step 2 :- ◦ A generates a symmetric key, KAB and verifies it using a challenge-response method: ◦ Encrypt with public key of B, also send encrypted nonce ◦ A  B : {KAB}EB, {RA}KAB
Client- Client Communication (2)  Step 3 :- ◦ B decrypts the message get KAB, it sends response of the nonce and another challenge ◦ A  B : {RB}EA, { f6(RA) } KAB  Step 4 :- ◦ A verifies RA by self calculating f6(RA) and if matches it decrypts RB replies with : ◦ A  B : f7(RA,RB)
Client- Client Communication (3)  Then A and B derive the ◦ session key KsAB = f8(KAB,RB) and ◦ MAC key KmAB = f9(RB,KAB)  This KsAB, KmAB are private to 2 clients, ◦ Server can’t know these 2 values.  A sends ClientDataA to B, ◦ A  B : {ClientDataA}KsAB, [ClientDataA]AB
Client- Client Communication (4)
IMKE- message summery (1) Phase Message Authentication A generates a dynamic public/private key pair. and A, S authenticate each other using shared Key Exchange password. A, S establish a session key. A’s public key is sent to and stored by S. Public Key A communicates to S a desire to talk to B. Distribution S forwards B’s public key to A (and A’s to B). Session A, B authenticate each other using the Key Transport received public keys. A, B establish a session key.
IMKE – Advantages (1)  IMKE enables private and secure communications between two users who share no authentication tokens, mediated by a server on the Internet.  The session key used for message encryption in IMKE is derived from short-lived fresh secrets. This provides the confidence of forward secrecy to IMKE users.
IMKE – Advantages (2)  IMKE allows authentication of exchanged messages between two parties, and the sender is able to repudiate a message.  Also , IMKE users require no hardware tokens or long-term user public keys to log in to the IM server.  Other Security Attributes of IMKE ◦ Chaining of Messages. ◦ Insider-Assisted Attacks ◦ Exposure of Secrets
IMKE – Security Analysis  Formal proofs : not done  BAN-like analysis (outline) : checked  AVISPA protocol analysis tool : checked ◦ http://www.scs.carleton.ca/~mmannan/avispa- imke/
IMKE - Attacks not addressed  Keyloggers can collect passwords  A false public key of S on client allows offline dictionary attacks  Malicious IM server may forward false client public keys (MIM)  IM worms
IMKE – Future Work  Group-chat and chat-room are heavily used features in IM. A future version of IMKE would ideally accommodate these features.  An online server public key verification method can also be added.  Introducing methods to ensure human-in- the-loop during login can stop automated impersonation using compromised user name and password.
IMKE - Conclusion  Secure IM: becoming increasingly important  IMKE: simple, integratable  Main lesson from IMKE implementation: practical today
CONCLUSION
Application of Secure IM  Secure Messaging is used in many business areas with company-wide and sensitive data exchanges.  Financial institutions, insurance companies, public services, health organizations and service providers rely on the protection by Secure Messaging.
Other Tools for security in IM  Other tools for security other then Encryption are ◦ Steganography : The means by which data can be hidden within other more innocuous data ◦ Identity based networks : True identity based networks replace the ability to remain anonymous and are inherently more trustworthy ◦ Anonymized networks : In principle, a large number of users running the same system, can have communications routed between them in such a way that it is very hard to detect what any complete message is, which user sent it, and where it is ultimately going from or to.
Other Related Topics  Secure Group Communication  Secure voice over Internet program  Security of Short Message Service  Security of Internet Relay Chat  Security of group chat  Security of chat rooms
References  A Protocol for Secure Public Instant Messaging ◦ Mohammad Mannan and Paul C. van Oorschot ◦ users.encs.concordia.ca/~mmannan/publications/imke.pdf  HIGH LEVEL DESIGN - SECURE INSTANT MESSENGER ◦ www.ccs.neu.edu/home/noubir/Courses/CSG254/S09/designs/hu sky.pdf  Instant Messaging in Java Made Easy: The Smack API ◦ http://today.java.net/pub/a/today/2006/10/05/instant-messaging- for-jabber-with-smack.html#jabbering-online-the-basics-of-jabber  The Design and Implementation of a Secure Instant Messaging Key Exchange Protocol ◦ by Chung-Huang Yang * Tzong-Yih Kuo ◦ http://www.kc.org.tw/fleget/FileDownLoad.aspx?CDE=149  Wikipedia ◦ www.wikipedia.org
THANK YOU ! Questions ?

Recommandé

Instant messaging tech scet
Instant messaging tech scetInstant messaging tech scet
Instant messaging tech scetpankaj gamit
 
IRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTPIRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTPIRJET Journal
 
Android Based Total Security for System Authentication
Android Based Total Security for System AuthenticationAndroid Based Total Security for System Authentication
Android Based Total Security for System AuthenticationIJERA Editor
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Sms based otp
Sms based otpSms based otp
Sms based otpHai Nguyen
 
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDAN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDIJNSA Journal
 
Keystroke with Data Leakage Detection for Secure Email Authentication
Keystroke with Data Leakage Detection for Secure Email AuthenticationKeystroke with Data Leakage Detection for Secure Email Authentication
Keystroke with Data Leakage Detection for Secure Email AuthenticationYogeshIJTSRD
 
IRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET Journal
 

Recommandé

Instant messaging tech scet
Instant messaging tech scetInstant messaging tech scet
Instant messaging tech scetpankaj gamit
 
IRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTPIRJET- Multi sharing Data using OTP
IRJET- Multi sharing Data using OTPIRJET Journal
 
Android Based Total Security for System Authentication
Android Based Total Security for System AuthenticationAndroid Based Total Security for System Authentication
Android Based Total Security for System AuthenticationIJERA Editor
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Sms based otp
Sms based otpSms based otp
Sms based otpHai Nguyen
 
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDAN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDIJNSA Journal
 
Keystroke with Data Leakage Detection for Secure Email Authentication
Keystroke with Data Leakage Detection for Secure Email AuthenticationKeystroke with Data Leakage Detection for Secure Email Authentication
Keystroke with Data Leakage Detection for Secure Email AuthenticationYogeshIJTSRD
 
IRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET Journal
 
IRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET Journal
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
IRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET Journal
 
Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...
Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...
Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...IRJET Journal
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Syed Ubaid Ali Jafri
 
Image authentication for secure login
Image authentication for secure loginImage authentication for secure login
Image authentication for secure loginIRJET Journal
 
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORD
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORDSECURED BANKING TRANSACTION USING VIRTUAL PASSWORD
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORDInternational Journal of Technical Research & Application
 
SFAMSS:A S ECURE F RAMEWORK F OR ATM M ACHINES V IA S ECRET S HARING
SFAMSS:A S ECURE F RAMEWORK F OR ATM M ACHINES V IA S ECRET S HARINGSFAMSS:A S ECURE F RAMEWORK F OR ATM M ACHINES V IA S ECRET S HARING
SFAMSS:A S ECURE F RAMEWORK F OR ATM M ACHINES V IA S ECRET S HARINGijcsit
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
IRJET- Three Step Password Verification by using Random Key Order
IRJET- Three Step Password Verification by using Random Key OrderIRJET- Three Step Password Verification by using Random Key Order
IRJET- Three Step Password Verification by using Random Key OrderIRJET Journal
 
1738 1742
1738 17421738 1742
1738 1742Editor IJARCET
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Alex Q. Chen
 
Smartphone Remote Detection and Wipe System using SMS
Smartphone Remote Detection and Wipe System using SMSSmartphone Remote Detection and Wipe System using SMS
Smartphone Remote Detection and Wipe System using SMSEditor IJCATR
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Securityphanleson
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 
A secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationsA secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationseSAT Publishing House
 
IRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different TypesIRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different TypesIRJET Journal
 
WLAN Penetration Examination of The University of Pembangunan Panca Budi
WLAN Penetration Examination of The University of Pembangunan Panca BudiWLAN Penetration Examination of The University of Pembangunan Panca Budi
WLAN Penetration Examination of The University of Pembangunan Panca BudiUniversitas Pembangunan Panca Budi
 
Instant messaging-final
Instant messaging-finalInstant messaging-final
Instant messaging-finalroutbisu
 
"Web Content Delivery Systems" - Gilbane Boston 2010
"Web Content Delivery Systems" - Gilbane Boston 2010"Web Content Delivery Systems" - Gilbane Boston 2010
"Web Content Delivery Systems" - Gilbane Boston 2010Blend Interactive
 
Instantmessagingprotocols
InstantmessagingprotocolsInstantmessagingprotocols
Instantmessagingprotocolssanjoysanyal
 

Contenu connexe

Tendances

IRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET Journal
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
IRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET Journal
 
Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...
Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...
Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...IRJET Journal
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Syed Ubaid Ali Jafri
 
Image authentication for secure login
Image authentication for secure loginImage authentication for secure login
Image authentication for secure loginIRJET Journal
 
SFAMSS:A S ECURE F RAMEWORK F OR ATM M ACHINES V IA S ECRET S HARING
SFAMSS:A S ECURE F RAMEWORK F OR ATM M ACHINES V IA S ECRET S HARINGSFAMSS:A S ECURE F RAMEWORK F OR ATM M ACHINES V IA S ECRET S HARING
SFAMSS:A S ECURE F RAMEWORK F OR ATM M ACHINES V IA S ECRET S HARINGijcsit
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber lawDivyank Jindal
 
IRJET- Three Step Password Verification by using Random Key Order
IRJET- Three Step Password Verification by using Random Key OrderIRJET- Three Step Password Verification by using Random Key Order
IRJET- Three Step Password Verification by using Random Key OrderIRJET Journal
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Alex Q. Chen
 
Smartphone Remote Detection and Wipe System using SMS
Smartphone Remote Detection and Wipe System using SMSSmartphone Remote Detection and Wipe System using SMS
Smartphone Remote Detection and Wipe System using SMSEditor IJCATR
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Securityphanleson
 
A secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationsA secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationseSAT Publishing House
 
IRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different TypesIRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different TypesIRJET Journal
 
WLAN Penetration Examination of The University of Pembangunan Panca Budi
WLAN Penetration Examination of The University of Pembangunan Panca BudiWLAN Penetration Examination of The University of Pembangunan Panca Budi
WLAN Penetration Examination of The University of Pembangunan Panca BudiUniversitas Pembangunan Panca Budi
 

Tendances (19)

IRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor AuthenticationIRJET- Technical Review of different Methods for Multi Factor Authentication
IRJET- Technical Review of different Methods for Multi Factor Authentication
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
IRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking Security
 
Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...
Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...
Integration Of Triangular Location Detection, IoT, Open CV - User Authenti...
 
Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015Final Year Projects Computer Science (Information security) -2015
Final Year Projects Computer Science (Information security) -2015
 
Image authentication for secure login
Image authentication for secure loginImage authentication for secure login
Image authentication for secure login
 
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORD
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORDSECURED BANKING TRANSACTION USING VIRTUAL PASSWORD
SECURED BANKING TRANSACTION USING VIRTUAL PASSWORD
 
SFAMSS:A S ECURE F RAMEWORK F OR ATM M ACHINES V IA S ECRET S HARING
SFAMSS:A S ECURE F RAMEWORK F OR ATM M ACHINES V IA S ECRET S HARINGSFAMSS:A S ECURE F RAMEWORK F OR ATM M ACHINES V IA S ECRET S HARING
SFAMSS:A S ECURE F RAMEWORK F OR ATM M ACHINES V IA S ECRET S HARING
 
Cyber security and cyber law
Cyber security and cyber lawCyber security and cyber law
Cyber security and cyber law
 
IRJET- Three Step Password Verification by using Random Key Order
IRJET- Three Step Password Verification by using Random Key OrderIRJET- Three Step Password Verification by using Random Key Order
IRJET- Three Step Password Verification by using Random Key Order
 
1738 1742
1738 17421738 1742
1738 1742
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015
 
Smartphone Remote Detection and Wipe System using SMS
Smartphone Remote Detection and Wipe System using SMSSmartphone Remote Detection and Wipe System using SMS
Smartphone Remote Detection and Wipe System using SMS
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Security
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
A secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authenticationsA secure communication in smart phones using two factor authentications
A secure communication in smart phones using two factor authentications
 
IRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different TypesIRJET- Cyber Attacks and its different Types
IRJET- Cyber Attacks and its different Types
 
WLAN Penetration Examination of The University of Pembangunan Panca Budi
WLAN Penetration Examination of The University of Pembangunan Panca BudiWLAN Penetration Examination of The University of Pembangunan Panca Budi
WLAN Penetration Examination of The University of Pembangunan Panca Budi
 

En vedette

Instant messaging-final
Instant messaging-finalInstant messaging-final
Instant messaging-finalroutbisu
 
"Web Content Delivery Systems" - Gilbane Boston 2010
"Web Content Delivery Systems" - Gilbane Boston 2010"Web Content Delivery Systems" - Gilbane Boston 2010
"Web Content Delivery Systems" - Gilbane Boston 2010Blend Interactive
 
Instantmessagingprotocols
InstantmessagingprotocolsInstantmessagingprotocols
Instantmessagingprotocolssanjoysanyal
 
Internet and Personal Privacy
Internet and Personal PrivacyInternet and Personal Privacy
Internet and Personal PrivacyUtku Sen
 
Enterprise Microblogging - Die Revolution der Kommunikation im Unternehmen
Enterprise Microblogging - Die Revolution der Kommunikation im UnternehmenEnterprise Microblogging - Die Revolution der Kommunikation im Unternehmen
Enterprise Microblogging - Die Revolution der Kommunikation im UnternehmenCommunote GmbH
 
Screen Digest Letang Ec Study
Screen Digest Letang Ec StudyScreen Digest Letang Ec Study
Screen Digest Letang Ec Studyccivicosz
 
Sirous Kavehercy GSM 3G CeeCom Convergence
Sirous Kavehercy GSM 3G CeeCom ConvergenceSirous Kavehercy GSM 3G CeeCom Convergence
Sirous Kavehercy GSM 3G CeeCom ConvergenceSirous Kavehercy
 
Mwlug 2016 BP108 The state of Instant Messaging Connectivity
Mwlug 2016 BP108 The state of Instant Messaging ConnectivityMwlug 2016 BP108 The state of Instant Messaging Connectivity
Mwlug 2016 BP108 The state of Instant Messaging ConnectivityAndy Higgins
 
LOLER Regulations 1998
LOLER Regulations 1998LOLER Regulations 1998
LOLER Regulations 1998mrmichaelcarr
 
Instant SMS: Bringing SMS to the next phase and increasing service revenues
Instant SMS: Bringing SMS to the next phase and increasing service revenuesInstant SMS: Bringing SMS to the next phase and increasing service revenues
Instant SMS: Bringing SMS to the next phase and increasing service revenuesRaúl Castañón Martínez
 
Machine Learning Travel Industry
Machine Learning Travel IndustryMachine Learning Travel Industry
Machine Learning Travel IndustryVijay PG
 
Mobile Instant Messaging
Mobile Instant MessagingMobile Instant Messaging
Mobile Instant Messagingroute79
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security controlCheng Olayvar
 
XMPP In Real Time
XMPP In Real TimeXMPP In Real Time
XMPP In Real Timeguest488a24
 

En vedette (20)

Instant messaging-final
Instant messaging-finalInstant messaging-final
Instant messaging-final
 
"Web Content Delivery Systems" - Gilbane Boston 2010
"Web Content Delivery Systems" - Gilbane Boston 2010"Web Content Delivery Systems" - Gilbane Boston 2010
"Web Content Delivery Systems" - Gilbane Boston 2010
 
Instantmessagingprotocols
InstantmessagingprotocolsInstantmessagingprotocols
Instantmessagingprotocols
 
Instant Messaging Trends & Practice
Instant Messaging Trends & PracticeInstant Messaging Trends & Practice
Instant Messaging Trends & Practice
 
Instant Messaging
Instant MessagingInstant Messaging
Instant Messaging
 
Instant messaging
Instant messaging Instant messaging
Instant messaging
 
Internet and Personal Privacy
Internet and Personal PrivacyInternet and Personal Privacy
Internet and Personal Privacy
 
Enterprise Microblogging - Die Revolution der Kommunikation im Unternehmen
Enterprise Microblogging - Die Revolution der Kommunikation im UnternehmenEnterprise Microblogging - Die Revolution der Kommunikation im Unternehmen
Enterprise Microblogging - Die Revolution der Kommunikation im Unternehmen
 
Screen Digest Letang Ec Study
Screen Digest Letang Ec StudyScreen Digest Letang Ec Study
Screen Digest Letang Ec Study
 
Sirous Kavehercy GSM 3G CeeCom Convergence
Sirous Kavehercy GSM 3G CeeCom ConvergenceSirous Kavehercy GSM 3G CeeCom Convergence
Sirous Kavehercy GSM 3G CeeCom Convergence
 
Mwlug 2016 BP108 The state of Instant Messaging Connectivity
Mwlug 2016 BP108 The state of Instant Messaging ConnectivityMwlug 2016 BP108 The state of Instant Messaging Connectivity
Mwlug 2016 BP108 The state of Instant Messaging Connectivity
 
LOLER Regulations 1998
LOLER Regulations 1998LOLER Regulations 1998
LOLER Regulations 1998
 
Instant Messaging Apps
Instant Messaging AppsInstant Messaging Apps
Instant Messaging Apps
 
Instant SMS: Bringing SMS to the next phase and increasing service revenues
Instant SMS: Bringing SMS to the next phase and increasing service revenuesInstant SMS: Bringing SMS to the next phase and increasing service revenues
Instant SMS: Bringing SMS to the next phase and increasing service revenues
 
Next-Gen Event Apps with AI Powered B2B Matchmaking
Next-Gen Event Apps with AI Powered B2B MatchmakingNext-Gen Event Apps with AI Powered B2B Matchmaking
Next-Gen Event Apps with AI Powered B2B Matchmaking
 
Machine Learning Travel Industry
Machine Learning Travel IndustryMachine Learning Travel Industry
Machine Learning Travel Industry
 
Mobile Instant Messaging
Mobile Instant MessagingMobile Instant Messaging
Mobile Instant Messaging
 
Information system and security control
Information system and security controlInformation system and security control
Information system and security control
 
XMPP In Real Time
XMPP In Real TimeXMPP In Real Time
XMPP In Real Time
 
XMPP 101
XMPP 101XMPP 101
XMPP 101
 

Similaire à Secure instant messanger service

Skyriver Communications – Fixed Wireless Security
Skyriver Communications – Fixed Wireless SecuritySkyriver Communications – Fixed Wireless Security
Skyriver Communications – Fixed Wireless SecuritySkyriver04
 
15 ma cs and signatures
15 ma cs and signatures15 ma cs and signatures
15 ma cs and signaturesdrewz lin
 
Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...CAS
 
Efficient Multi Server Authentication and Hybrid Authentication Method
Efficient Multi Server Authentication and Hybrid Authentication MethodEfficient Multi Server Authentication and Hybrid Authentication Method
Efficient Multi Server Authentication and Hybrid Authentication MethodIJCERT
 
unit - III.pptx
unit - III.pptxunit - III.pptx
unit - III.pptxsandyBS
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLcscpconf
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocolcsandit
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
IRJET- Internal Security in Metropolitan Area Network using Kerberos
IRJET- Internal Security in Metropolitan Area Network using KerberosIRJET- Internal Security in Metropolitan Area Network using Kerberos
IRJET- Internal Security in Metropolitan Area Network using KerberosIRJET Journal
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )Monodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
ch22.ppt
ch22.pptch22.ppt
ch22.pptImXaib
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptSonukumarRawat
 

Similaire à Secure instant messanger service (20)

SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 
Skyriver Communications – Fixed Wireless Security
Skyriver Communications – Fixed Wireless SecuritySkyriver Communications – Fixed Wireless Security
Skyriver Communications – Fixed Wireless Security
 
15 ma cs and signatures
15 ma cs and signatures15 ma cs and signatures
15 ma cs and signatures
 
Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...
 
kerberos
kerberoskerberos
kerberos
 
unit6.ppt
unit6.pptunit6.ppt
unit6.ppt
 
Efficient Multi Server Authentication and Hybrid Authentication Method
Efficient Multi Server Authentication and Hybrid Authentication MethodEfficient Multi Server Authentication and Hybrid Authentication Method
Efficient Multi Server Authentication and Hybrid Authentication Method
 
Dica short
Dica shortDica short
Dica short
 
unit - III.pptx
unit - III.pptxunit - III.pptx
unit - III.pptx
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOL
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocol
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
IRJET- Internal Security in Metropolitan Area Network using Kerberos
IRJET- Internal Security in Metropolitan Area Network using KerberosIRJET- Internal Security in Metropolitan Area Network using Kerberos
IRJET- Internal Security in Metropolitan Area Network using Kerberos
 
Web Security
Web SecurityWeb Security
Web Security
 
ssl
sslssl
ssl
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
ch22.ppt
ch22.pptch22.ppt
ch22.ppt
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.pptWEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
WEB SECURITY CRYPTOGRAPHY PPTeriu8t erhiut.ppt
 

Plus de Aditya Gupta

An Information System For Tum Tums presentation-3
An Information System For Tum Tums presentation-3An Information System For Tum Tums presentation-3
An Information System For Tum Tums presentation-3Aditya Gupta
 
An information system for tum tums presentation-1
An information system for tum tums presentation-1An information system for tum tums presentation-1
An information system for tum tums presentation-1Aditya Gupta
 
An information system for tum tums presentation-2
An information system for tum tums presentation-2An information system for tum tums presentation-2
An information system for tum tums presentation-2Aditya Gupta
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyAditya Gupta
 
Managing Dynamic Shared state
Managing Dynamic Shared stateManaging Dynamic Shared state
Managing Dynamic Shared stateAditya Gupta
 

Plus de Aditya Gupta (6)

An Information System For Tum Tums presentation-3
An Information System For Tum Tums presentation-3An Information System For Tum Tums presentation-3
An Information System For Tum Tums presentation-3
 
An information system for tum tums presentation-1
An information system for tum tums presentation-1An information system for tum tums presentation-1
An information system for tum tums presentation-1
 
An information system for tum tums presentation-2
An information system for tum tums presentation-2An information system for tum tums presentation-2
An information system for tum tums presentation-2
 
The OWASP Zed Attack Proxy
The OWASP Zed Attack ProxyThe OWASP Zed Attack Proxy
The OWASP Zed Attack Proxy
 
Managing Dynamic Shared state
Managing Dynamic Shared stateManaging Dynamic Shared state
Managing Dynamic Shared state
 
Ai and law
Ai and lawAi and law
Ai and law
 

Dernier

Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseCeline George
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmStan Meyer
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1GloryAnnCastre1
 
Multi Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleMulti Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleCeline George
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationdeepaannamalai16
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17Celine George
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQuiz Club NITW
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWQuiz Club NITW
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Association for Project Management
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataBabyAnnMotar
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDhatriParmar
 

Dernier (20)

Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 Database
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
 
prashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Professionprashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Profession
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1
 
Multi Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleMulti Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP Module
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentation
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITW
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
 
Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped data
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
 

Secure instant messanger service

  • 1. SECURE INSTANT MESSANGER SERVICE By:- Sagar Chordia 09005013 Aditya Gupta 09005017
  • 2. Contents  Introduction  Instant Messaging ◦ Types of IM ◦ Security Solutions for IM  Instant Messaging Key Exchange protocol ◦ Introduction ◦ Goals ◦ Protocol ◦ Advantages / disadvantages  Conclusion  References
  • 3. Introduction  The number of interested parties eager to listen in on your online conversations, including what you type through instant messaging, has never been higher.  Broadband providers and their business partners are enthusiastically peeking into their customers' conversations.  In today’s competing world privacy and secrecy are very necessary.
  • 4. Instant Messaging  From wikipedia : “Instant messaging (IM) is a form of communication over the Internet, that offers an instantaneous transmission of text- based .messages from sender to receiver”.  It is text-based, bi-directionally exchanged, and happens in real-time.  It differ from other technologies such as email due to the perceived quasi-synchronicity of the communications by the users.
  • 5. Types of IM (1)  P2P (peer to peer) model ◦ No central load ◦ Anonymity of users can pose security threat Server Client A Client B Peer to peer model
  • 6. Types of IM (2)  Server-client model ◦ All messages pass through central server. ◦ There is heavy load on the server. ◦ Security policies can be implemented easily Server Client A Client B Server-Client Model
  • 7. Security in P2P  Security is either credential based or reputation based.  Can be implemented either by ◦ Central server  Relies heavily on point source ◦ Mutual peer information exchange  Implemented via gossip algorithm
  • 8. Security in Server-client  Security in server-based methods is credential based.  The server verifies the client via a known secret (password). Once authenticated the client can communicate with other clients.
  • 9. Security Solutions for IM  SSL/TLS-based enterprise products ◦ e.g.Yahoo! Business Messenger  Anti-virus, firewall and IM gateway solutions ◦ e.g. Norton, zonealarm  Public key based client-only solutions ◦ e.g. GPG, IMSecure  Independent secure IM protocols. ◦ E.g. SILC, SKE, IMKE
  • 10. INSTANT MESSAGING KEY EXCHANGE PROTOCOL -A secure IM protocol
  • 11. Introduction  A protocol for strong authentication and secure communications.  It enables mutual strong authentication between users and an IM server.  It uses a memorable password and a known server public key.
  • 12. Introduction (contd.)  IMKE provides security i.e. ◦ authentication, ◦ confidentiality and ◦ Integrity for client-server and client-client IM connections with repudiation.  Message contents are not revealed to server
  • 13. IMKE Motivation  Existing solutions have drawbacks ◦ SSL: relayed user messages are visible to IM server ◦ client plug-ins: client-server messages are plaintext ◦ secure protocols: not designed for integration  Strong password protocols do not fit ◦ Efficiency ◦ simplicity
  • 14. IMKE - Goals  Mutual assurance of identity  Secure communications  Forward secrecy  Repudiation  Replay detection ◦ authentication phase ◦ text message / file transfers  M. Mannan, P.C. van Oorschot, “A Protocol for Secure Public Instant Messaging,” in Financial Cryptogra-phy and Data Security 2006 (FC'06) , Feb. 27-Mar. 2 2006.
  • 15. Terminology used in IMKE Term Description “Strong” pass- A passive or active attacker should be unable to gather word protocol enough information to launch an offline dictionary attack even if a relatively weak password is used. Secure Communications where authentication, integrity and communications confidentiality are achieved. End-to-end Securing messages cryptographically across all points Security between an originating user and the intended recipient. Repudiation A way to ensure that the sender of a message can (later) deny having sent it. Some believe this is important for casual IM conversations. Forward The property that the compromise of long-term keys secrecy does not compromise previously established session keys.
  • 16. Notation used in IMKE Terms Usage A, B, S Two IM users and the IM server IDA User ID of A (unique within the IM service domain) PA Password shared by A and S RA Random number generated by A. fi One-way cryptographic hash functions. {data}K Symmetric (secret-key) encryption of data using key K. {data}EA Asymmetric (public-key) encryption of data using A’s public key KUA. KsAS Symmetric (s) session (encryption/decryption) key shared by A and S. m K AS Symmetric MAC key shared by A and S (m is short for MAC). m [X]AS MAC output of data X under key K AS.
  • 17. IMKE – The protocol  IMKE can be divided into three phases: ◦ Password Authentication Key Exchange (PAKE), ◦ Client-Server Communications and ◦ Client-Client Communications (Direct and Relayed)
  • 18. Password Authentication Key Exchange (1)  Step 1:- ◦ A generates KUA, KRA and KAS and sends it to server in following manner. ◦ Encrypts session key with server’s public key. ◦ A  S : IDA, {KAS}ES , {KUA, f1(PA)}KAS  Step 2 :- ◦ Server calls f1(PA) independently from it database and compares. If unmatched then drops session ◦ Server generates RS (nonce) . Encrypts it with public key of A ◦ A  S : {RS }EA, {f2(PA)}KAS
  • 19. Password Authentication Key Exchange (2)  Step 3:- ◦ A decrypts RS using its private key, independently calculates f2(PA), if not same drops session. Sends ◦ A  S : f3(RS) ◦ S independently cal f3(Rs) if not same then drops session.  Once this 3-way handshake is done A and S calculates their ◦ Session key KsAS = f4(KAS,RS) and ◦ MAC key KmAS = f5(RS,KAS).
  • 21. Client-Server Communication  Successful registration in PAKE sets up server-client session key.  Use this key for further communication to server ◦ A  S : {ClientDataA} KsAS, [ClientDataA]AS ◦ A  S : {ServerData}KsAS, [ServerData]AS
  • 22. Client- Client Communication (1)  Step 1 :- ◦ Get public key of others from server via client-server communication as in B) ◦ A  S : {KUB, IDB} KsAS, [KUB, IDB]AS ◦ B  S : {KUA, IDA} KsBS, [KUA, IDA]BS  Step 2 :- ◦ A generates a symmetric key, KAB and verifies it using a challenge-response method: ◦ Encrypt with public key of B, also send encrypted nonce ◦ A  B : {KAB}EB, {RA}KAB
  • 23. Client- Client Communication (2)  Step 3 :- ◦ B decrypts the message get KAB, it sends response of the nonce and another challenge ◦ A  B : {RB}EA, { f6(RA) } KAB  Step 4 :- ◦ A verifies RA by self calculating f6(RA) and if matches it decrypts RB replies with : ◦ A  B : f7(RA,RB)
  • 24. Client- Client Communication (3)  Then A and B derive the ◦ session key KsAB = f8(KAB,RB) and ◦ MAC key KmAB = f9(RB,KAB)  This KsAB, KmAB are private to 2 clients, ◦ Server can’t know these 2 values.  A sends ClientDataA to B, ◦ A  B : {ClientDataA}KsAB, [ClientDataA]AB
  • 26. IMKE- message summery (1) Phase Message Authentication A generates a dynamic public/private key pair. and A, S authenticate each other using shared Key Exchange password. A, S establish a session key. A’s public key is sent to and stored by S. Public Key A communicates to S a desire to talk to B. Distribution S forwards B’s public key to A (and A’s to B). Session A, B authenticate each other using the Key Transport received public keys. A, B establish a session key.
  • 27. IMKE – Advantages (1)  IMKE enables private and secure communications between two users who share no authentication tokens, mediated by a server on the Internet.  The session key used for message encryption in IMKE is derived from short-lived fresh secrets. This provides the confidence of forward secrecy to IMKE users.
  • 28. IMKE – Advantages (2)  IMKE allows authentication of exchanged messages between two parties, and the sender is able to repudiate a message.  Also , IMKE users require no hardware tokens or long-term user public keys to log in to the IM server.  Other Security Attributes of IMKE ◦ Chaining of Messages. ◦ Insider-Assisted Attacks ◦ Exposure of Secrets
  • 29. IMKE – Security Analysis  Formal proofs : not done  BAN-like analysis (outline) : checked  AVISPA protocol analysis tool : checked ◦ http://www.scs.carleton.ca/~mmannan/avispa- imke/
  • 30. IMKE - Attacks not addressed  Keyloggers can collect passwords  A false public key of S on client allows offline dictionary attacks  Malicious IM server may forward false client public keys (MIM)  IM worms
  • 31. IMKE – Future Work  Group-chat and chat-room are heavily used features in IM. A future version of IMKE would ideally accommodate these features.  An online server public key verification method can also be added.  Introducing methods to ensure human-in- the-loop during login can stop automated impersonation using compromised user name and password.
  • 32. IMKE - Conclusion  Secure IM: becoming increasingly important  IMKE: simple, integratable  Main lesson from IMKE implementation: practical today
  • 34. Application of Secure IM  Secure Messaging is used in many business areas with company-wide and sensitive data exchanges.  Financial institutions, insurance companies, public services, health organizations and service providers rely on the protection by Secure Messaging.
  • 35. Other Tools for security in IM  Other tools for security other then Encryption are ◦ Steganography : The means by which data can be hidden within other more innocuous data ◦ Identity based networks : True identity based networks replace the ability to remain anonymous and are inherently more trustworthy ◦ Anonymized networks : In principle, a large number of users running the same system, can have communications routed between them in such a way that it is very hard to detect what any complete message is, which user sent it, and where it is ultimately going from or to.
  • 36. Other Related Topics  Secure Group Communication  Secure voice over Internet program  Security of Short Message Service  Security of Internet Relay Chat  Security of group chat  Security of chat rooms
  • 37. References  A Protocol for Secure Public Instant Messaging ◦ Mohammad Mannan and Paul C. van Oorschot ◦ users.encs.concordia.ca/~mmannan/publications/imke.pdf  HIGH LEVEL DESIGN - SECURE INSTANT MESSENGER ◦ www.ccs.neu.edu/home/noubir/Courses/CSG254/S09/designs/hu sky.pdf  Instant Messaging in Java Made Easy: The Smack API ◦ http://today.java.net/pub/a/today/2006/10/05/instant-messaging- for-jabber-with-smack.html#jabbering-online-the-basics-of-jabber  The Design and Implementation of a Secure Instant Messaging Key Exchange Protocol ◦ by Chung-Huang Yang * Tzong-Yih Kuo ◦ http://www.kc.org.tw/fleget/FileDownLoad.aspx?CDE=149  Wikipedia ◦ www.wikipedia.org