Jump to content

Secure instant messaging: Difference between revisions

Edit links
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
AnomieBOT (talk | contribs)
Bots
6,512,113 edits
m Dating maintenance tags: {{Cn}}
Line 33: Line 33:
* Not log or store any information regarding any session or event.
* Not log or store any information regarding any session or event.
* Operate as a [[decentralized computing]] model—not relying on third party servers for message security and handling.
* Operate as a [[decentralized computing]] model—not relying on third party servers for message security and handling.
* Messages should be sent with message encryption to shield messages and attachments from being read or opened by anyone except the intended recipients.<ref>{{cite web|url=http://nuro.im/what-is-an-encrypted-message-and-why-should-you-use-it/ |title=What Is An Encrypted Message And Why Should You Use It? |publisher=nuro.im |accessdate=2016-03-10}}</ref>


Secure instant messaging is a form of instant messaging wherein at the very least the users are exchanging chat messages the contents of which they have caused to be encrypted with keys they generate and control.
Secure instant messaging is a form of instant messaging wherein at the very least the users are exchanging chat messages the contents of which they have caused to be encrypted with keys they generate and control.

Revision as of 15:58, 10 March 2016

Secure instant messaging is a form of instant messaging. Both terms refer to an informal means for computer users to exchange messages commonly referred to as "chats". Instant messaging can be compared to texting as opposed to making a cell phone call. In the case of messaging, it is like the short form of emailing. Secure instant messaging is a specialized form of instant messaging that along with other differences, encrypts and decrypts the contents of the messages such that only the actual users can understand them.

Instant messaging background

Instant messaging has existed in some form or another for decades. Generally, it is a process by which users on a computer network can quickly communicate with one another using short text-based sentences rather than using email. Each user has a piece of software that communicates with a common server that connects the chat sessions. Over the past few years, two distinct settings for the use of instant messaging have evolved.

The first is the corporate or institutional environment composed of many potential users but who are all under the same organizational umbrella.[1]

The second setting is individual users "after work" or at home who do not have a mission-oriented commonality between them, but are more likely family and friends.[2]

In the corporate setting, security risks are apparent from the outset. What stops a disgruntled employee from messaging some sensitive company data to a colleague outside the enterprise? The reverse of that would be the example disgruntled employee downloading some virus or spyware onto his machine inside the corporate firewall to release as desired. Accordingly, organizational offerings have become very sophisticated in their security and logging measures. Typically, an employee or organization member must be granted a login and suitable permissions to use the messaging system. This creating of a specific account for each user allows the organization to identify, track and record all use of their messenger system on their servers.[3]

The specialized requirements of the organizational messaging system, however, run almost completely contrary to what an individual user may need. Typically non-organizational use instant messengers advertise their availability to the Internet at large so that others may know if that person is online. The trend has been too that manufacturers of instant messaging clients offer interoperability with other manufacturer's clients.[4]

This competitive edge grew out of the heretofore use of proprietary communications protocols used by the client manufacturers. Compatibility between clients is likely to become almost universal, as a unified messenger protocol (the Extensible Messaging and Presence Protocol (XMPP)) is being adopted by more and more manufacturers.[citation needed] The XMPP has been at least in part been formalized by the Internet Engineering Task Force as RFC 6120,[5] RFC 6121[6] and RFC 6122[7] which will further the trend towards instant messaging standardization.[8]

For the typical social individual user this product evolution spells greater ease of use and more features.

Features of social instant messengers that are counter-productive to security

  • Presence and Status Broadcasting - Messengers attempt to maintain a social environment and always stay "connected".
  • Interoperability – Many other manufacturers can interoperate with the example messenger.
  • Contact Lists - Maintains lists of all desired contacts.
  • Client-Server Design – Requires use of third party servers to provide chat functionality to messenger clients.
  • Logs Messages – Messages and other events are recorded.

Traits of a secure instant messenger

Almost by definition alone a secure messenger cannot be a social messenger. Therefore to be considered secure a messenger must behave differently than one used for more social purposes.[9] Traits of a secure instant messenger include the ability to:

  • Provide a "stealth" online presence
  • Send messages in cyphertext—not clear text form.
  • Not log or store any information regarding any message or its contents.
  • Not log or store any information regarding any session or event.
  • Operate as a decentralized computing model—not relying on third party servers for message security and handling.
  • Messages should be sent with message encryption to shield messages and attachments from being read or opened by anyone except the intended recipients.[10]

Secure instant messaging is a form of instant messaging wherein at the very least the users are exchanging chat messages the contents of which they have caused to be encrypted with keys they generate and control.

Recent news events have revealed that the NSA is not only collecting emails and im messages but also tracking relationships between senders and receivers of those chats and emails in a process known as "meta data" collection.[11]

"Meta data" refers to the data concerned about the chat or email as opposed to contents of messages. It may be used to collect valuable information.[12]

See also

References

  1. ^ "WebEx Connect IM - Products & Services". Cisco. Retrieved 2015-10-11.
  2. ^ Tyson, Jeff (2001-03-28). "How Instant Messaging Works - HowStuffWorks". Computer.howstuffworks.com. Retrieved 2015-10-11.
  3. ^ "Cisco WebEx Messenger: Enterprise Instant Messaging through a Commercial-Grade Multilayered Architecture" (PDF). Cisco.com. Retrieved 2015-10-11.
  4. ^ "Trillian". Trillian.im. Retrieved 2015-10-11.
  5. ^ "RFC 6120 - Extensible Messaging and Presence Protocol (XMPP): Core". Tools.ietf.org. 2003-12-13. Retrieved 2015-10-11.
  6. ^ "RFC 6121 - Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence". Tools.ietf.org. Retrieved 2015-10-11.
  7. ^ "RFC 6122 - Extensible Messaging and Presence Protocol (XMPP): Address Format". Tools.ietf.org. Retrieved 2015-10-11.
  8. ^ "XMPP Technologies Overview – The XMPP Standards Foundation". Xmpp.org. Retrieved 2015-10-11.
  9. ^ "SDC - Innovation Lives Here". Secdigcom.com. Retrieved 2015-10-11.
  10. ^ "What Is An Encrypted Message And Why Should You Use It?". nuro.im. Retrieved 2016-03-10.
  11. ^ "N.S.A. Gathers Data on Social Connections of U.S. Citizens". The New York Times. Retrieved 2015-10-11.
  12. ^ "A Primer on Metadata: Separating Fact from Fiction - Privacy By Design". Privacybydesign.ca. 2013-07-17. Retrieved 2015-10-11.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Secure_instant_messaging&oldid=709378108"