OFF-THE-RECORD SECURE CHAT ROOM

Jiang Bian, Remzi Seker, Umit Topaloglu, Coskun Bayrak

Abstract

Group Off-the-Record (GOTR) (Bian et al., 2007) was proposed to address the privacy protection concerns in online chat room systems. It extended the original two-party OTR protocol to support more users while preserving the same security properties. A literature survey of different Diffie-Hellman (D-H) conference key implementations will be given to justify that in an application like a chat room, the virtual server approach is truly the most efficient way to establish a private communication environment among a group of people. However, GOTR’s virtual server approach raises a trustworthiness concern of the chosen chair member. Since the chair member has full control over all encryption keys, there is no constraint to prevent him / her from altering the messages while relaying them. In this paper, we present a study of the GOTR protocol and a solution to the virtual server’s trustworthiness problem via employing an additional MD5 integrity check mechanism. Having such an algorithm, makes the GOTR protocol more secure, in that, it gives the other chat members an opportunity to be aware of any potential changes made by the chair member.

References

  1. Bellare, M. and Rogaway, P. (1995). Provably secure session key distribution: the three party case. In STOC 7895: Proceedings of the twenty-seventh annual ACM symposium on Theory of computing, pages 57-66, New York, NY, USA. ACM.
  2. Bian, J., Seker, R., and Topaloglu, U. (2007). Off-the-record instant messaging for group conversation. In 2007 IEEE International Conf. on Information Reuse and Integration, Las Vegas, NV, USA.
  3. Bishop, M. (2002). Computer Security: Art and Science. Addison Wesley Professional.
  4. Borisov, N., Goldberg, I., and Brewer, E. (2004). Offthe-record communication, or, why not to use pgp. In WPES 7804: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pages 77- 84, New York, NY, USA. ACM Press.
  5. Bresson, E., Chevassut, O., and Pointcheval, D. (2007). Provably secure authenticated group diffie-hellman key exchange. ACM Trans. Inf. Syst. Secur., 10(3):10.
  6. Bresson, E., Chevassut, O., Pointcheval, D., and Quisquater, J.-J. (2001). Provably authenticated group diffiehellman key exchange. In CCS 7801: Proceedings of the 8th ACM conference on Computer and Communications Security, pages 255-264, New York, NY, USA. ACM.
  7. Burmester, M. and Desmedt, Y. (1994). A secure and efficient conference key distribution system (extended abstract). In EUROCRYPT, pages 275-286.
  8. Canetti, R., Dwork, C., Naor, M., and Ostrovsky, R. (1996). Deniable encryption. Cryptology ePrint Archive, Report 1996/002. http://eprint.iacr.org/.
  9. Diffie, W. and Hellman, M. E. (1976). New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644-654.
  10. Gaim-e (2002). Gaim-e, encryption plug-in for gaim. http://gaim-e.sourceforge.net/.
  11. Ingemarsson, I., Tang, D. T., and Wong, C. (1982). A conference key distribution system. IEEE Transactions on Information Theory, 28(5).
  12. Krawczyk, H. (1996). Skeme: a versatile secure key exchange mechanism for internet. sndss, 00:114.
  13. Pidgin-Encryption (2007). Pidgin-encryption. http://pidginencryption.sourceforge.net/.
  14. Rivest, R. (1992). The md5 message-digest algorithm. Technical Report RFC 1321, MIT Laboratory for Computer Science and RSA Data Security, Inc.
  15. c Secway (2006). Simppro: Instant messengers, instant security. http://www.secway.fr/us/products/simppro/.
  16. Steiner, M., Tsudik, G., and Waidner, M. (1996). Diffiehellman key distribution extended to group communication. In CCS 7896: Proceedings of the 3rd ACM conference on Computer and communications security, pages 31-37, New York, NY, USA. ACM Press.
  17. Stinson, D. R. (2002). Cryptography Theory and Practice, Second Edition. CRC Press, Inc.
  18. W.W.Peterson and D.T.Brown (1961). Cyclic codes for error detection. In Proceedings of the IRE.
Download


Paper Citation


in Harvard Style

Bian J., Topaloglu U., Seker R. and Bayrak C. (2008). OFF-THE-RECORD SECURE CHAT ROOM . In Proceedings of the Fourth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-8111-26-5, pages 54-61. DOI: 10.5220/0001530500540061


in Bibtex Style

@conference{webist08,
author={Jiang Bian and Umit Topaloglu and Remzi Seker and Coskun Bayrak},
title={OFF-THE-RECORD SECURE CHAT ROOM},
booktitle={Proceedings of the Fourth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2008},
pages={54-61},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001530500540061},
isbn={978-989-8111-26-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Fourth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - OFF-THE-RECORD SECURE CHAT ROOM
SN - 978-989-8111-26-5
AU - Bian J.
AU - Topaloglu U.
AU - Seker R.
AU - Bayrak C.
PY - 2008
SP - 54
EP - 61
DO - 10.5220/0001530500540061