Topic: secure instant messaging
Currently, Instant Messenger becomes one of the most application
which use to exchange a message between Sender and Receiver over public
network. Instant Messaging enables real-time communication and collaboration,
combining presence awareness with instant messaging capabilities such
as chat, video call, and file transfers to create a rich
collaborative environment. These features enable one-to-one as well as group
collaboration through either short-lived communications or persistent venues
such as conference rooms or news channels. So that it is very important
building an Instant Messenger application with good level of security
aspect and fast communication. In our project, we focus on building a high-level
security Instant Messenger that can provide the secure messaging
service. Based on the internet network, we will use the Client-Server
structure to achieve the communication between users so that the
clients can exchange real-time information to each other.
(a) Master a specific programming language(JAVA).
(b) Master the socket programming using the language
(c) Build the basic model of Client-Server, and
achieve the message transmitting from both sides.
(c) Build the basic model of
Client-Server, and achieve the message transmitting from both sides.
(d) Use the AES and RSA algorithm to encrypt
the message and key.
3.Background and significance (L)
Instant messaging has existed in some form or another for decades. Generally, it is a process by which users on a computer network can quickly communicate with one another using short text-based sentences rather than using email. US analyst Gartner suggests that instant message will rival email in terms of both volume and ubiquity. In 2005 alone, it believes half of all companies will be using enterprise-level instant message clients.
However, the widely use of instant message also brings some problems. For example, most companies do not have their own IM system in place, which means users relying on external IM servers on the Internet for exchange of what could be confidential or sensitive information. The movement of sensitive data in and out of a company below the IT radar is not the foundation for a solid security policy.
Also, IM applications are typically designed for easy functionality, not corporate use. They don't have in-built security, such as encryption, management or monitoring. It shows that in 2005, there are over 200 instant message worms and 700+ Trojans known, with the number of malware threats growing by 50% each month due to the lack of security in instant message system.Thus, building a solid secure instant message is becoming more and more important.
In November 2014, the Electronic Frontier Foundation listed seven traits that contribute to the security of instant messengers:
Having communications encrypted in transit between all the links in the communication path.
Having communications encrypted with keys the provider does not have access to (end-to-end encryption).
Making it possible for users to independently verify their correspondent's identity e.g. by comparing key fingerprints.
Having past communications secure if the encryption keys are stolen (forward secrecy).
Having the source code open to independent review (open source).
Having the software's security designs well-documented.
Having a recent independent security audit.
Some latest secure instant message applications like WhatsApp which is popular used in mobile device have shown up, and this will encourage more and more people to explore in this field.
5. Literature cited
example:  Rongxing Lu, Xiaodong Lin, Haojin Zhu, and
Xuemin(Sherman) Shen, “SPARK: A New VANET-based Smart Parking Scheme for
Large Parking Lots,” in IEEE INFOCOM, April 2009.
 Putra Wanda, Selo, Bimo Sunafri Hantono, "Model of
Secure P2P Mobile Instant Messaging Based On Virtual
Network," International Conference on Information Technology Systems
and Innovation (ICITSI), November 2014
 White Paper: "Intel Advanced Encryption Standard (AES) New Instructions Set", May 2010.
Christof Paar, Jan Pelzl. Understanding Cryptography -- A Textbook for Students and Practitioners. [M]. Germany: Springer, 2010: 55-200.
Encryption: AES + RSA
1: we encrypt message (plaintext) with AES algorithm
2: we encrypt the private key of AES with RSA
Suppose that client A wants to send a message to client B. First, client A generates a private key for AES and send a request of acquiring the public key that is generated by client B to server. Once the sever receive the request, it forward the request to client B according to the destination address. Client B begins to randomly chose two prime numbers , and compute two keys for RSA: the private key and the public key. Then, Client B sends the public key back to server which further forwards it back to client A.
Now client A has two keys: the private key for AES and the public key for RSA. It encrypts message with the private key by applying AES algorithm, and encrypts the private key of AES with the public key by applying RSA. Then Client A successfully encrypts both the message and the private key of AES which are both needed to be shared between the two party. As a result, the security of communication between client A and client B is largely improved. Then client A sends both encrypted message and encrypted key to client B.
Now client B receives two things: encrypted message and encrypted key. It first retrieves the private key of AES by using its own private key of RSA. Then, client B is able to decrypt the cipher-text by using the private key of AES, and finally able to get the original message that client A is intend to send.