Secure Instant Messenger

This was a project for a Network Security class. In two weeks, myself and a partner had to design, implement and then be subjected to a variety of attacks while keeping our instant messenger up and running. This included a central server being written to handle all authentication, log on, log off, message send requests, etc.. The code was written in Java and the UI was written in SWT and run and tested on a variety of windows, linux, and mac flavors.

Log on was handled using the server's RSA key in which a simple hand-shake was used to establish a session key with the server using Diffie-Helman. To begin a communication with another user, the server was contacted and a method similar to Kerberos was used to generate a perfect forward secret session key with the user. From this point on all communication during a user session was encrypted and decrypted.

This is actually a very important topic. If you've ever done network sniffing then you know just how much information can be picked up over the network of one's instant messenging. In case you don't know, its about as easy to read as FTP traffic, meaning you can read everything.

 

home about cv vault