Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Download
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword
Like this
2Activity
×
0 of .
Results for:
No results containing your search query
P. 1
A Secured Chat System With Authentication Technique As RSA Digital Signature

A Secured Chat System With Authentication Technique As RSA Digital Signature

Ratings: (0)|Views: 594|Likes:
Published by ijcsis
Over the years chat system which is an application or tool used for communicating between two or more persons over a network, has been faced with issues of security, data integrity and confidentiality of information/data, the attacks include social engineering or poisoned URL (universal resource locator). An effective attack using a poisoned URL may affect lots of users within a short period of time, since each user is regarded as a trusted user, other are plain text attack which makes communication vulnerable to eavesdropping, instant messaging client software often requires users to expose open user datagram protocol ports increasing the threat posed. The purpose of this research is to develop a secured chat system environment using Digital Signature, the digital signature is used to establish a secure communication channel, providing an improved secured technique for authentication of chat communication.
Over the years chat system which is an application or tool used for communicating between two or more persons over a network, has been faced with issues of security, data integrity and confidentiality of information/data, the attacks include social engineering or poisoned URL (universal resource locator). An effective attack using a poisoned URL may affect lots of users within a short period of time, since each user is regarded as a trusted user, other are plain text attack which makes communication vulnerable to eavesdropping, instant messaging client software often requires users to expose open user datagram protocol ports increasing the threat posed. The purpose of this research is to develop a secured chat system environment using Digital Signature, the digital signature is used to establish a secure communication channel, providing an improved secured technique for authentication of chat communication.

More info:

Published by: ijcsis on Nov 25, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See More
See less

11/20/2012

pdf

text

original

 
 
A SECURED CHAT SYSTEM WITHAUTHENTICATION TECHNIQUE AS RSADIGITAL SIGNATURE
1
Oyinloye O.Elohor
2
Ogemuno Emamuzo /Achievers University
1,2
Computer and Information system Achievers UniversityAchievers University, AUOOwo, Ondo state, Nigeria
1
2
cmcmamus@yahoo.com
3
Akinbohun Folake
4
Ayodeji .I. Fasiku
3
Department of Computer Science, Owo Rufus GiwaPolythenic, Owo, Ondo, Nigeria.
4
Department of Computer Science, Federal University of Technology, Akure, Nigeria
3
folakeakinbohun@yahoo.com,
4
Iretiayous76@yahoo.com
 
Abstract Over the years chat system which is an application ortool used for communicating between two or more personsover a network, has been faced with issues of security, dataintegrity and confidentiality of information/data, theattacks include social engineering or poisoned URL(universal resource locator). An effective attack using apoisoned URL may affect lots of users within a shortperiod of time, since each user is regarded as a trusteduser, other are plain text attack which makescommunication vulnerable to eavesdropping, instantmessaging client software often requires users to exposeopen user datagram protocol ports increasing the threatposed. The purpose of this research is to develop a securedchat system environment using Digital Signature, thedigital signature is used to establish a securecommunication channel, providing an improved securedtechnique for authentication of chat communication
.
Keywords-Secure Chat System, RSA, Public modulus, publicexponent, Private exponent, Private modulus, digital Signing,Verification, Communication Instant Messengers (IM)I.
 
I
NTRODUCTION
 Chat system is a real-time direct text-based instant messagingcommunication system between two or more people usingpersonal computers or other devices, running the sameapplication simultaneously over the internet or other types of networks. Chat is most commonly used for social interaction,for example, people might use chat to discuss topics of sharedinterest or to meet other people with similar interests,businesses and educational institutions are increasingly usingchat as well for example, some companies hold large onlinechat meetings to tell employees about new businessdevelopments, small workgroups within a company may usechat to coordinate their work [1]. In education, teachers usechat to help students practice language skills and to providementoring to students. More advanced instant messagingsoftware clients also allow enhanced modes of communication, such as live voice or video calling. Onlinechat and instant messaging differs from other technologiessuch as e-mail, due to the perceived synchronicity of thecommunications by the users.Instant messengers are faced with several security problemswhich affects the integrity, confidentiality of the datacommunicated, which are Denial of service attack, identityissues, privacy issues, transfer of malware through filetransfer, as a worm propagator vector, poisoned URL, socialengineering attack etc.Several techniques have been employed to the transport layers(communication channel) which include TLSSSL (8). Thevulnerability in the transport layer security protocol allowsman-in-the-middle attackers to surreptitiously introduce text atthe beginning of an SSL session, says Marsh Ray (), recentresearch has shown that those techniques have been diagnosedto have salient flaws, Related to Instant Messenger (IM)security, a modified Diffie-Hellman protocol suitable toinstant messaging has been designed by Kikuchi et al. [2],primarily intended to secure message confidentiality againstIM servers. It does not ensure authentication and also hasproblems similar to the IMSecure3 solutions. Most chatsystems have no form of security of the communicated data.This research provides a tool for securing data in chat system.The secured chat system is designed to provide security,confidentiality, and integrity of communication between
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 10, October 2011123http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
 
parties involved by using the underlining technologies of Rivest-Shamir-Adelman (RSA) algorithm digital signaturetechnique as its method of authentication and verification of 
users’ .The digital signature uniquely identifies the signer of 
the document or message.OPERATION
 
OF
 
INSTANT
 
MESSENGERSTo conduct a conversation using instant messaging, the usersmust first install a compatible instant messaging program onhis/her computer. On successful installation, the users arepresented with a customized window from which both userswill exchange other named information for effectivecommunication. The delivery of information to the user isdependent on the availability of the user on online. Typically,IM software requires a central server which relays messagesbetween clients. The client software allows users to maintain alist of contacts that he wants to communicate with,information transferred is via text-based communications andcommunication with other clients is by double clicking on the
clients’ detail in the contact list
. The message contains the IPaddress of the server, the username, password and IP addressof the client.When the ISP connects with the specific server, itdelivers the information from the clients end of the IMsoftware. The server takes the information and logs the user onto the messenger service, the servers locate others on the
user’s contact list if they are logged on to the messenger 
server. The connection between the PC, ISP and themessenger server stays open until the IM is closed, asillustrated in fig. 1.Fig 1: A windows Chat SystemOVERVIEW
 
OF
 
EXISITNG
 
INSTANT
 
MESSENGERSAll Instant Messengers (IM) are categorized into fivetypes:Single-Protocols IMs: The five most popular IMs, based ontotal users, fall under the category of single-protocol IMs. Inthese clients connect their users often to only one or twonetworks of IM users, limiting contact to only those respectivenetworks of IM users. E.g. ICQ Messenger, Skype, Yahoo IM,Windows Live Messenger, Google-Talk (Gtalk), hence single-protocol IM clients offer limited access[7].Multi-Protocol IMs: While single-protocol IM clients offerlimited access, the possibilities are endless with multi-protocolIMs. Multi-protocol IM clients allow users to connect all yourIM accounts with one single chat client. The end result is amore efficient IM experience with multi-protocol IMs thanusing several IM clients at once. E.g; Adium,Digsby,AOL(American Online) IM, ebuddy, nimbuzz,Miranda IM, Pidgin, Yahoo IM, Windows Live Messenger.[7].Web-Based Protocol IMs : When you cannot download an IMclient web messengers are a great web-based alternative forkeeping in touch with other users, unlike other multi-protocolIM clients, web messengers require nothing more than ascreen name to your favorite IM and a web browser. Examplesare; meebo, AIM Express Web Messenger, IM+ WebMessenger. [7].Enterprise Protocol IMs: Instant messaging is a brilliant wayto keep in touch with other users, IM is finding new-foundapplication as a commerce-
 building tool in today’s workplace
.In addition to opening lines of communication betweendepartments and associates throughout a company, instantmessaging has helped in streamlining customer service. E.g.24im, AIM-Pro, Big Ant, Bitwise Professional, Brosix. [7].Portable Protocol IMs: While users cannot always downloadIMs to computers at work or school because of administrativecontrol, they can utilize portable apps for IM by downloadingand installing them to a USB drive; once installed, the portableapps can be run from the USB drive connecting users to alltheir favorite IM contacts. Examples of this protocol are;Pidgin Portable, Miranda Portable, pixaMSN, TerraIM,MiniAIM. [7].SECURITY
 
THREATS
 
OF
 
INSTANT
 
MESSENGERSDenial of Service (DoS)- DoS attacks can be launched inmany different ways. Some may simply crash the messagingclient repeatedly. Attackers may use the client to process CPUand/or memory intensive work that will lead to anunresponsive or crashed system. Flooding with unwantedmessages is particularly easy when users choose to receivemessages from everyone. In this case, attackers may also sendspam messages such as advertisements.Impersonation- Attackers may impersonate valid users in at
least two different ways. If a user’s password is captured,
attackers can use automated scripts to impersonate the victimto users in his/her contact list [3]. Alternatively, attackers canseize client-to-server connections (e.g. by spoofing sequencenumbers).
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 10, October 2011124http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
 
IM as a Worm Propagation Vector- Here we use a broaddefinition of worms
 
[4]. Worms can easily propagate throughinstant messaging networks using the file transfer feature.Generally, users are unsuspecting when receiving a file from aknown contact. Worms successfully use this behavior byimpersonating the sender. This is becoming a serious problem,as common anti-virus tools do not generally monitor IMtraffic.DNS Spoofing to Setup Rogue IM Server- Trojans likeQHosts-125 can be used to modify the TCP/IP settings in a
victim’s system to point to a different DNS server. Mal
icioushackers can set up an IM server and use DNS spoofing so that
victims’ systems connect to the rogue server instead of a
legitimate one. IM clients presently have no way to verifywhether they are talking to legitimate servers. Servers verify aclient
’s identity by checking the user name and password hash.
This server-side only authentication mechanism can betargeted for IM man-in-the-middle attacks where a rogueserver may pose as a legitimate server [5]. Account-relatedinformation collection, eavesdropping, impersonation andmany other attacks are possible if this attack is successful.Plaintext Registry and Message Archiving.-There are manysecurity related settings in IM clients. Knowledgeable userscan set privacy and security settings for their needs. IM clientssave these settings in the Windows registry. Any technicallyinclined Windows user can read registry values and users withadministrative power can modify those as well. Some securityrelated IM settings saved in the registry are: encryptedpassword, user name, whether to scan incoming files forviruses and the anti-virus software path, whether permission is
required to be added in someone’s contact list, who may
contact the user (only from contacts or everyone), whether toshare files with others, shared directory path, and whether toask for a password when changing security related settings.
MSN Messenger even stores a user’s contact list, block list
and allow list in the registry[6] in a human-readable format.Attackers can use Trojan horses to modify or collect thesesettings with little effort. Modifying the registry may help theintruder bypass some security options like add contactauthorization, file transfer permission etc. By collecting usernames and password hashes, attackers can take control of useraccounts. Also, the plaintext password can be extracted fromthe encrypted password stored in the registry using tools such
as Elcomsoft’s Advanced Instant Messengers Password
Recovery [6]IMPLEMENTATION
 
OF
 
THE
 
SECURED
 
CHAT
 
SYSTEMThe secured chat system is a two-tier architecture, whichoffers an improvement to existing chat system which haveproblems of data security, denial of service attacks byproviding a cheaper but secured authentication technique forchat systems. . An existing chat system model was combinedwith the digital signature; the system uses RSA digitalsignature scheme as its method of authentication. The digitalsignature is formed by appending to a message a set of existing private key system generated and verifiable by onlythat user who has formed a non-repudiated connection withthe sender. The receiver and the sender are presented withseveral components for the establishment of a securedconnection illustrated in fig 3.MATHEMATICAL
 
MODEL
 
FOR
 
THE
 
DIGITAL
 
SIGNATURE
 
AUTHENTICATION
 
OF
 
THE
 
SYSTEM
 
The users on enrolment are made to create an account which isstored in an array-linked list hash table database located at theserver end of the system; the registration is completed when auser provides a username and generates the private keymodulus and exponent generated from equation 1, 2, 3(1)(2)Where p is the set and(3)The modulus and exponent is used to perform the signatureoperation shown in equation 4 at the request for privatecommunication by a client(4)The receiver must also establish a private connection bygenerating his private and public keys respectively. Themessage sent by the user is encrypted using the senders privatekey and is only decrypted using the senders public key, thusfor the original message to reach the receiver, the receiver andthe sender must have established a two way handshakeprotocol of their public keys and the verification of the processis given by the equation 5(5)The keys generated are computer generated in 512 bits binaryform and must be copied for signature/verification purposes.PHASES
 
OF
 
THE
 
PROPOSED
 
SYSTEMThe phases of the system is illustrated in fig 2, it has threephases namely;Enrolment: the system requires that the user must enroll ausername, IP address and create public and private exponentsand modulus which will be used for establishing a two wayhandshake between clientsSignature/Verification: After the enrolment phase of thesystem, the next phase is the signature/verification phasewhich involves the use of the private and the publickeys/exponents. For two users to establish a secureconnection, both must engage in a two way handshakeprocedure, they must exchange public key information when
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 10, October 2011125http://sites.google.com/site/ijcsis/ISSN 1947-5500

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->