Secure instant messaging

Last updated

Secure instant messaging is a form of instant messaging. Both terms refer to an informal means for computer users to exchange messages commonly referred to as "chats". Instant messaging can be compared to texting as opposed to making a mobile phone call. In the case of messaging, it is like the short form of emailing. Secure instant messaging is a specialized form of instant messaging that along with other differences, encrypts and decrypts the contents of the messages such that only the actual users can understand them.

Contents

Instant messaging background

Instant messaging has existed in some form or another for decades. Generally, it is a process by which users on a computer network can quickly communicate with one another using short text-based sentences rather than using email. Each user has a piece of software that communicates with a common server that connects the chat sessions. Over the past few years, two distinct settings for the use of instant messaging have evolved.

The first is the corporate or institutional environment composed of many potential users but who are all under the same organizational umbrella. [1]

The second setting is individual users "after work" or at home who do not have a mission-oriented commonality between them, but are more likely family and friends. [2]

In the corporate setting, security risks are apparent from the outset. What stops a disgruntled employee from messaging some sensitive company data to a colleague outside the enterprise? The reverse of that would be the example disgruntled employee downloading some virus or spyware onto his machine inside the corporate firewall to release as desired. Accordingly, organizational offerings have become very sophisticated in their security and logging measures. Typically, an employee or organization member must be granted a login and suitable permissions to use the messaging system. This creating of a specific account for each user allows the organization to identify, track and record all use of their messenger system on their servers. [3]

The specialized requirements of the organizational messaging system, however, run almost completely contrary to what an individual user may need. Typically non-organizational use instant messengers advertise their availability to the Internet at large so that others may know if that person is online. The trend has been too that manufacturers of instant messaging clients offer interoperability with other manufacturer's clients. [4]

This competitive edge grew out of the heretofore use of proprietary communications protocols used by the client manufacturers. Compatibility between clients is likely to become almost universal, as a unified messenger protocol (the Extensible Messaging and Presence Protocol (XMPP)) is being adopted by more and more manufacturers.[ citation needed ] The XMPP has been, at least in part, formalized by the Internet Engineering Task Force as RFC 6120, [5] RFC 6121 [6] and RFC 6122 [7] which will further the trend towards instant messaging standardization. [8]

For the typical social individual user this product evolution spells greater ease of use and more features.

Traits of a secure instant messenger

In November 2014, the Electronic Frontier Foundation listed seven traits that contribute to the security of instant messengers: [9]

In addition, the security of instant messengers may further be improved if they:

Recent news events have revealed that the NSA is not only collecting emails and IM messages but also tracking relationships between senders and receivers of those chats and emails in a process known as metadata collection. [10] Metadata refers to the data concerned about the chat or email as opposed to contents of messages. It may be used to collect valuable information. [11]

See also

Related Research Articles

<span class="mw-page-title-main">AIM (software)</span> Instant messaging service

AIM was an instant messaging and presence computer program created by AOL, which used the proprietary OSCAR instant messaging protocol and the TOC protocol to allow registered users to communicate in real time.

<span class="mw-page-title-main">Internet Relay Chat</span> Protocol for real-time Internet chat and messaging

Internet Relay Chat (IRC) is a text-based chat system for instant messaging. IRC is designed for group communication in discussion forums, called channels, but also allows one-on-one communication via private messages as well as chat and data transfer, including file sharing.

ICQ New is a cross-platform instant messaging (IM) and VoIP client. The name ICQ derives from the English phrase "I Seek You". Originally developed by the Israeli company Mirabilis in 1996, the client was bought by AOL in 1998, and then by Mail.Ru Group in 2010.

<span class="mw-page-title-main">Instant messaging</span> Form of communication over the internet

Instant messaging (IM) technology is a type of online chat allowing real-time text transmission over the Internet or another computer network. Messages are typically transmitted between two or more parties, when each user inputs text and triggers a transmission to the recipient(s), who are all connected on a common network. It differs from email in that conversations over instant messaging happen in real-time. Most modern IM applications use push technology and also add other features such as emojis, file transfer, chatbots, voice over IP, or video chat capabilities.

Trillian is a proprietary multiprotocol instant messaging application created by Cerulean Studios. It is currently available for Microsoft Windows, Mac OS X, Linux, Android, iOS, BlackBerry OS, and the Web. It can connect to multiple IM services, such as AIM, Bonjour, Facebook Messenger, Google Talk (Hangouts), IRC, XMPP (Jabber), VZ, and Yahoo! Messenger networks; as well as social networking sites, such as Facebook, Foursquare, LinkedIn, and Twitter; and email services, such as POP3 and IMAP.

<span class="mw-page-title-main">XMPP</span> Communications protocol for message-oriented middleware

Extensible Messaging and Presence Protocol is an open communication protocol designed for instant messaging (IM), presence information, and contact list maintenance. Based on XML, it enables the near-real-time exchange of structured data between two or more network entities. Designed to be extensible, the protocol offers a multitude of applications beyond traditional IM in the broader realm of message-oriented middleware, including signalling for VoIP, video, file transfer, gaming and other uses.

OSCAR is AOL's proprietary instant messaging and presence information protocol. It was used by AOL's AIM instant messaging system and ICQ.

Message-oriented middleware (MOM) is software or hardware infrastructure supporting sending and receiving messages between distributed systems. MOM allows application modules to be distributed over heterogeneous platforms and reduces the complexity of developing applications that span multiple operating systems and network protocols. The middleware creates a distributed communications layer that insulates the application developer from the details of the various operating systems and network interfaces. APIs that extend across diverse platforms and networks are typically provided by MOM.

In computer and telecommunications networks, presence information is a status indicator that conveys ability and willingness of a potential communication partner—for example a user—to communicate. A user's client provides presence information via a network connection to a presence service, which is stored in what constitutes his personal availability record and can be made available for distribution to other users to convey their availability for communication. Presence information has wide application in many communication services and is one of the innovations driving the popularity of instant messaging or recent implementations of voice over IP clients.

Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a facility allowing one user to assume the identity of another. They can also provide a data security layer offering data integrity and data confidentiality services. DIGEST-MD5 provides an example of mechanisms which can provide a data-security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL.

<span class="mw-page-title-main">Google Talk</span> Instant messaging service

Google Talk was an instant messaging service that provided both text and voice communication. The instant messaging service was variously referred to colloquially as Gchat, Gtalk, or Gmessage among its users.

Extensible Authentication Protocol (EAP) is an authentication framework frequently used in network and internet connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and is updated by RFC 5247. EAP is an authentication framework for providing the transport and usage of material and parameters generated by EAP methods. There are many methods defined by RFCs, and a number of vendor-specific methods and new proposals exist. EAP is not a wire protocol; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages.

The following is a comparison of instant messaging protocols. It contains basic general information about the protocols.

<span class="mw-page-title-main">Skype for Business Server</span> Real-time communications server software

Skype for Business Server is real-time communications server software that provides the infrastructure for enterprise instant messaging, presence, VoIP, ad hoc and structured conferences and PSTN connectivity through a third-party gateway or SIP trunk. These features are available within an organization, between organizations and with external users on the public internet or standard phones.

Opportunistic TLS refers to extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted connection instead of using a separate port for encrypted communication. Several protocols use a command named "STARTTLS" for this purpose. It is a form of opportunistic encryption and is primarily intended as a countermeasure to passive monitoring.

<span class="mw-page-title-main">Matrix (protocol)</span> Networking protocol for real-time communication and data synchronization

Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, in the way that standard Simple Mail Transfer Protocol email currently does for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. It therefore serves a similar purpose to protocols like XMPP, but is not based on any existing communication protocol.

<span class="mw-page-title-main">OMEMO</span> Extension to XMPP for multi-client end-to-end encryption

OMEMO is an extension to the Extensible Messaging and Presence Protocol (XMPP) for multi-client end-to-end encryption developed by Andreas Straub. According to Straub, OMEMO uses the Double Ratchet Algorithm "to provide multi-end to multi-end encryption, allowing messages to be synchronized securely across multiple clients, even if some of them are offline". The name "OMEMO" is a recursive acronym for "OMEMO Multi-End Message and Object Encryption". It is an open standard based on the Double Ratchet Algorithm and the Personal Eventing Protocol . OMEMO offers future and forward secrecy and deniability with message synchronization and offline delivery.

The Signal Protocol is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations. The protocol was developed by Open Whisper Systems in 2013 and was first introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide" or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Messages app for one-to-one conversations. Facebook Messenger also say they offer the protocol for optional Secret Conversations, as does Skype for its Private Conversations.

Comparison of user features of messaging platforms refers to a comparison of all the various user features of various electronic instant messaging platforms. This includes a wide variety of resources; it includes standalone apps, platforms within websites, computer software, and various internal functions available on specific devices, such as iMessage for iPhones.

<span class="mw-page-title-main">Conversations (software)</span> Free software instant messaging client for the XMPP protocol

Conversations is a free software, instant messaging client application software for Android. It is largely based on recognized open standards such as the Extensible Messaging and Presence Protocol (XMPP) and Transport Layer Security (TLS).

References

  1. "WebEx Connect IM - Products & Services". Cisco. Retrieved 2015-10-11.
  2. Tyson, Jeff (2001-03-28). "How Instant Messaging Works - HowStuffWorks". Computer.howstuffworks.com. Retrieved 2015-10-11.
  3. "Cisco WebEx Messenger: Enterprise Instant Messaging through a Commercial-Grade Multilayered Architecture" (PDF). Cisco.com. Retrieved 2015-10-11.
  4. "Trillian". Trillian.im. Retrieved 2015-10-11.
  5. Saint-Andre, Peter (2003-12-13). "RFC 6120 - Extensible Messaging and Presence Protocol (XMPP): Core". Tools.ietf.org. Retrieved 2015-10-11.
  6. Saint-Andre, Peter (March 2011). "RFC 6121 - Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence". Tools.ietf.org. Retrieved 2015-10-11.
  7. Saint-Andre, Peter (March 2011). "RFC 6122 - Extensible Messaging and Presence Protocol (XMPP): Address Format". Tools.ietf.org. Retrieved 2015-10-11.
  8. "XMPP Technologies Overview – The XMPP Standards Foundation". Xmpp.org. Retrieved 2015-10-11.
  9. "Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?". Electronic Frontier Foundation. 4 November 2014. Retrieved 13 July 2016.
  10. Risen, James; Poitras, Laura (28 September 2013). "N.S.A. Gathers Data on Social Connections of U.S. Citizens". The New York Times . Retrieved 2015-10-11.
  11. "A Primer on Metadata: Separating Fact from Fiction - Privacy By Design". Privacybydesign.ca. 2013-07-17. Retrieved 2015-10-11.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.