preface
This paper analyzes all kinds of security problems in IM system, and discusses the application of combined encryption algorithm in IM by using the advantages of symmetric encryption algorithm (DES algorithm), public key algorithm (RSA algorithm) and Hash algorithm (MD5 algorithm).
Security issues faced by instant messaging applications
Instant communication systems mostly use C/S, B/S, P2P and other technologies to realize the functions of instant communication. There is no unified standard for software compilation, which makes the IM system itself have a variety of security vulnerabilities, coupled with the lack of security awareness of users, resulting in various security problems when using instant communication system.
Information theft
Now IM system in the exchange of information or transfer files only used the weak encryption and even the way of encryption, the attacker using this defect, steal important data monitoring, the leak possibility to cause the enterprise or individual immeasurable loss, especially for some special industries, such as financial and securities industry, will constitute a great commercial security threat, This type of attack is an attack on information confidentiality.
Information tampering problem
Information tampering, also known as man-in-the-middle attack, is an attempt by an attacker to monitor and steal normal information flows during IM system information exchange, modify information, and then send the information to the receiver. This attack can occur as long as information exists. It can also attack information in transit. This type of attack is an attack on information integrity.
Information falsification problem
In the existing IM system, the recipient only confirms the ID of the sender or sends a simple message, which provides an opportunity for the attacker. Attackers use misleading nicknames or misleading language to gain the trust of the other party, so as to gain information, fraud or achieve other undesirable purposes. This type of attack is an attack on the authenticity of information.
Other problems
Because the IM system adopts P2P mode of file transfer, it can send files as attachments through point-to-point mode, bypassing the security defense devices around the network. The point-to-point tunnel is directly transmitted to the desktop computer, so infected files can bypass the scanning of the antivirus gateway through the IM system. Various viruses, such as worms and Trojan horses, can easily enter the network through the IM system. Many infected files may spread through the IM system.
Attackers can also use buffer overflow and denial of service attacks to attack the entire network system or spread viruses through security vulnerabilities in IM systems.
Mainstream encryption algorithms are introduced
Symmetric encryption: DES algorithm
DES is the data encryption standard, this encryption algorithm is proposed by IBM research, is a block cipher, it is used for 64 bits of data encryption and decryption. The DES algorithm also uses a 64-bit key, but because it contains eight parity bits, the actual key length is 56 bits. DES algorithm combines substitution algorithm and transposition algorithm for many times, using the interaction of dispersion and confusion, the plaintext is compiled into ciphertext with high cipher strength. DES algorithm encryption and decryption process is exactly the same, the difference is only encryption and decryption using the subkey sequence is opposite n1. The DES algorithm is a symmetric encryption algorithm, that is, encryption and decryption share the same key, and is mainly used to solve the problem of data confidentiality.
Public key algorithm: RSA algorithm
As the only widely accepted and implemented universal public key encryption method, RSA algorithm is the most representative of many algorithms that describe asymmetric cryptography, and almost become a synonym of public key cryptography. It is an algorithm developed in 1977 and first published in 1978 by Rivest, Shamir, and Adleman (RSA algorithm stands for three names) at MIT. The mathematical basis of the algorithm is Euler’s theorem of number theory, and its security depends on the difficulty of factor decomposition of large numbers, so far the algorithm has not found serious security vulnerabilities. RSA uses two keys, one is the PubHc Key and the other is the Private Key. The plaintext is divided into blocks. The size of the blocks can be variable but the length of the Key cannot exceed. RSA converts a plaintext block into ciphertext of the same length as the key. Its algorithm is as follows:
Firstly, two large dissimilar prime numbers P and q are selected, n=pq is calculated, and the number e less than n is taken to be mutually prime with (p-L) (q-L). According to the given e, d is chosen if the modular remainder of Ed divided by z is 1 (that is, if Ed mod (p-L)(q-L)=1), according to the Euclidean algorithm (a= BN + C, then the greatest common factor of A and B is equal to the greatest common factor of B and C), then d- can be found. In this way, the number pair (n, e) is the public key and the number pair (n, D) is the private key. Assume that the data is A and divide it into n equal length data blocks, each of which is nKn. Calculate C=llle mod n, then C is the encoded data. For decoding, take III=Cd mod n. Hackers attack to get e, so it is necessary to factor n, choose a large enough prime p, q can prevent factorization.
For p and Q, the choice is generally large enough primes. For large numbers, there is no definite limit, because with the development of computer technology, the ability to crack is gradually increasing (according to Moore’s law, the calculation power doubles in 18 months). RSA LABS recommends that the product of P and Q reach 768 bits at relatively low safety requirements; When the safety requirement is relatively high, the product reaches more than 1024 bits.
The RSA algorithm can also be used for “digital signature”, which uses the private key for encryption and the public key for decryption.
Hash algorithm: MD5 algorithm
The MD5 algorithm is not an encryption algorithm, but it forms a digital fingerprint of information to ensure data integrity. The MD5 algorithm has three features:
- A) It can process information of any size and generate fixed-length 128-bit information summary;
- B) Unpredictability. The size of the information summary has no relation with the size of the original information, and every small change of the original information will have a great impact on the information summary;
- C) With irreversibility, there is no way to directly recover the original information through information summary.
Application discussion: The authentication model of instant messaging system based on combination encryption algorithm
In this paper, the advantages of the above algorithms are comprehensively utilized to establish the following message sending model in IM system to solve the security problems such as information stealing, tampering and forgery. In the model, users A and B are clients of the IM system. Users A and B have each other’s public key or digital certificate, and A sends messages to B. The whole process is shown in Figure 1.
The following model is used to deal with the security problem of worm virus infection in IM system, as shown in Figure 2.
Application discussion: Realizing the communication model of instant communication system by combination encryption algorithm
Established in accordance with the above encryption authentication model, as shown in figure 3 the implementation of the safety of the instant communication system model, the model contains two levels of authentication, one is the two-way authentication between server and client, the second is the two-way authentication between the client and the client, the connection at both ends before sending data, have to negotiate and exchange of key information. As the CA authentication center of self-signed certificates, the server uses the cryptographic technology to authenticate the public secret key technology.
The public key technology in the model acts as the function of encrypting shared key and digital signature to solve the problems of server to client, client to client authentication and key transfer for data communication between clients. In Java cryptography architecture, key generation and manipulation can be performed using the Keytool program.
Application discussion: Security and efficiency analysis of application model of combinatorial encryption algorithm
In the above model, symmetric encryption algorithm is used to encrypt messages and files to solve the problem of confidentiality of information and file transmission, which has the characteristics of fast encryption speed. The encryption technology of public key algorithm is used to solve the plaintext transmission of symmetric key in network. Abstract is calculated by Hash algorithm, and then signed by digital signature technology of public key algorithm, which not only improves efficiency, but also ensures the identification and non-repudiation of information file transmission. In the process of file processing, virus scanning and combination encryption are used to reduce the probability of file transmission virus worm infection.
Hotline: +86 400-966-9672
Mail box: [email protected]
Officer web: www.workplus.io