It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by ">User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a ">Donation to help aid in operating costs.
Previous Thread
Next Thread
Print Thread
Rate This Thread
#34427 - 02/15/05 07:01 PM Making your IM secure - and deniable  
Joined: Sep 2002
Posts: 553
Digital Geek Offline
UGN Super Poster
Digital Geek  Offline
UGN Super Poster

Joined: Sep 2002
Posts: 553
Cluj-Napoca, Romania
Two researchers at the University of California at Berkeley have created an add-on to instant messaging that they claim will enable the participants to identify each other and have a secure conversation without leaving any proof that the chat occurred.

The result, dubbed off-the-record (OTR) messaging by security researchers Ian Goldberg and Nikita Borisov, is a plug-in for the Gaim instant-messaging client that enables encrypted messages sans leaving a key--a sequence of characters--that could be used to verify that the conversation happened. That attribute, known in cryptography as perfect forward security, also prevents snoopers from reading any copies of the conversation.

"If tomorrow, my computer is broken into and the encryption key is stolen, the attacker can't read future messages," said Goldberg, a graduate of Berkeley.

In order for a secure and deniable IM conversation to occur, both parties need to have the off-the-record program installed on Gaim or use America Online's Instant Messenger with a server set up to be a proxy with software also developed by Goldberg and Borisov, the researchers said.

When a previously unregistered user wants to have an OTC conversation, a dialog box will appear with a digital key, identifying the sender. If the user accepts the credentials of the person contacting him, the key will be stored on his computer so that in the future, the sender is considered to be trusted. After that, the two participants can chat securely; the conversation is encoded so that others cannot intercept and read it.

Goldberg and Borisov presented their program at the annual CodeCon gathering of developers Saturday. People worried about instant-messaging security can download the software from the duo's site.

Goldberg said current messaging is insecure and criticized other solutions for leaving around logs and encryption keys that could be used as proof that a conversation happened. He said OTR messaging would give the participants the security without leaving any more trace of the conversation than today's instant-messaging clients--a worry for the privacy-centric security community.

"I would like to see this on by default," Goldberg said. "When you chat today, the messages are going through the clear, and there is no proof of who you are talking to."

While both the OTR messaging plug-ins and today's instant-messaging clients enable either participant to record logs of a conversation, those logs mean little after the conversation, Goldberg argued. The logs could be edited to add content.

That's why the two researchers avoided using digital signatures, Goldberg said. That technology for encrypting messages would have also acted as a digital signature and left a signed record of the conversation.


Sponsored Links
#34428 - 02/16/05 06:48 AM Re: Making your IM secure - and deniable  
Joined: Feb 2002
Posts: 7,202
Gremelin Offline
Community Owner
Gremelin  Offline

Community Owner

Joined: Feb 2002
Posts: 7,202
Likes: 11
Portland, OR; USA
Nothign really new here, Trillian comes wiht a "secure IM" technology; AIM went with SSL certificates; Zone Alarm allows encryption over any medium so long as both users have it... this is just another...

Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner

Member Spotlight
Los Angeles,CA
Posts: 70
Joined: May 2002
Show All Member Profiles 
Forum Statistics
Average Daily Posts0
Most Online1,567
Apr 25th, 2010
Latest Postings
by Cyrez on 12/16/17 09:19 AM
Okay WTF?
by HenryMiring on 09/27/17 08:45 AM
The History Thread...
by Gremelin on 08/11/17 07:11 PM
my old account still exists!
by Gremelin on 08/11/17 07:02 PM
My friend NEEDS your HELP!
by Lena01 on 07/21/17 07:06 AM
I'm having fun with this guy.
by gabithompson730 on 07/20/17 08:50 AM
I want to upgrade my phone
by gabithompson730 on 07/20/17 08:49 AM
Top Posters(All Time)
UGN Security 41,392
Gremelin 7,202
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Liked Users (All Time)
§intå× Likes: 3
Black Beard Likes: 1
Cold Sunn Likes: 1
Crime Likes: 1
Cyrez Likes: 1
fleshwound Likes: 1
Ghost Likes: 2
Gremelin Likes: 12
Ice Likes: 1
ninjaneo Likes: 1
Powered by UBB.threads™ PHP Forum Software 7.6.0
(Snapshot build 20170206)