Security threats Toolkit

IM gets perfect forward security

Tags:
OTR,
Off-the-record Messaging,
Secure IM

Published: 15 Feb 2005 09:20 GMT

When you hit the Send button on an instant message, do you really know who is on the other end?

Two researchers at the University of California at Berkeley have created an add-on to instant messaging that they claim will enable the participants to identify each other and have a secure conversation without leaving any proof that the chat occurred.

The result, dubbed off-the-record (OTR) messaging by security researchers Ian Goldberg and Nikita Borisov, is a plug-in for the Gaim open source instant-messaging client that enables encrypted messages that do not leave a key that could be used to verify that the conversation happened. That attribute, known in cryptography as perfect forward security, also prevents snoopers from reading any copies of the conversation.

"If tomorrow, my computer is broken into and the encryption key is stolen, the attacker can't read future messages," said Goldberg, a graduate of Berkeley.

In order for a secure and deniable IM conversation to occur, both parties need to have the off-the-record program installed on Gaim or use America Online's Instant Messenger with a server set up to be a proxy with software also developed by Goldberg and Borisov, the researchers said.

When a previously unregistered user wants to have an OTC conversation, a dialog box will appear with a digital key, identifying the sender. If the user accepts the credentials of the person contacting him, the key will be stored on his computer so that in the future, the sender is considered to be trusted. After that, the two participants can chat securely; the conversation is encoded so that others cannot intercept and read it.

Goldberg and Borisov presented their program at the annual CodeCon gathering of developers in San Francisco. People worried about instant-messaging security can download the software from the duo's site.

Goldberg said current messaging is insecure and criticised other solutions for leaving around logs and encryption keys that could be used as proof that a conversation happened. He said OTR messaging would give the participants the security without leaving any more trace of the conversation than today's instant-messaging clients.

"I would like to see this on by default," Goldberg said. "When you chat today, the messages are going through the clear, and there is no proof of who you are talking to."

While both the OTR messaging plug-ins and today's instant-messaging clients enable either participant to record logs of a conversation, those logs mean little after the conversation, Goldberg argued. The logs could be edited to add content.

That's why the two researchers avoided using digital signatures, Goldberg said. That technology for encrypting messages would have also acted as a digital signature and left a signed record of the conversation.