Abstract

Instant Messaging (IM) provides near-real-time communication between users, which has shown to be a valuable tool for internal communication in companies and for general-purpose interaction among people. IM systems and supporting protocols, however, must consider security aspects to guarantee the messages' authenticity, confidentiality, and integrity. In this paper, we present a solution for integrating hardware-based public key cryptography into Converse.js, an open-source IM client for browsers enabled with the Extensible Messaging and Presence Protocol (XMPP). The proposal is developed as a plugin for Converse.js, thus overriding the original functions of the client; and a browser extension that is triggered by the plugin and is responsible for calling the encryption and decryption services for each sent and received message. This integrated artifact allowed the experimental validation of the proposal providing authenticity of IM users with digital certificates and protection of IM messages with hardware-based cryptography. Results also shows the proposed systems is resistent to adversarial attacks against confidentiality and integrity and it is secure when considering cryptrographic tests like the Hamming distance and the NIST SP800-22.

Highlights

  • Instant Messaging (IM) services may provide advantageous features, such as near-real-time communication, group chats and the support for attaching files to messages

  • We demonstrate how an eavesdropper may compromise the confidentiality of the communicating parties, and, the better level of privacy achieved with data encryption

  • The end of the section provides a brief evaluation of the performance of the proposed architecture, estimating the additional latency caused by the encryption and decryption of sent and received messages

Read more

Summary

INTRODUCTION

Instant Messaging (IM) services may provide advantageous features, such as near-real-time communication, group chats and the support for attaching files to messages Due to these characteristics, and along with the fact that there are many free IM applications, the number of users of this Internet. To increase the security levels of a communication system, one possible solution refers to public key cryptography and digital signature, as they promote a way to check the message’s authenticity and integrity and enhance its confidentiality The main contributions of this work are: i) an architecture for integrating IM desktop applications and a hardware device; ii) a review of possible threats and vulnerabilities present in IM systems; and iii) a solution for providing confidentiality, authenticity and integrity to messages exchanged between users.

PROBLEM STATEMENT
TECHNOLOGIES REVIEW
PROPOSED ARCHITECTURE
EXPERIMENTAL RESULTS
CONCLUSIONS AND FUTURE WORKS
FUTURE WORKS

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.