Research And Design Of A Secure Instant Messaging System

With the rapid development of the Internet and the computer technology, the way people communicate has become more diverse. The Instant Messaging (IM) has become one of the most important ways of communication due to its instantaneity and high efficiency. But it also brings many security threats. In terms of assuring the security of IM, the current research has achieved some results, but there are still many deficiencies, such as enhancing the security of IM system from its exterior, over-reliance on creditability of IM Servers and confidentiality of the customized protocol of IM systems,the lack of effective precautionary measures againt IM.worms, and so on. In this paper, the innovation is that we propose an effective security protocol and a method of preventing IM worms to guarantee IM security aiming at the main security threats. The main work of this paper is as follows:Firstly, we analyze the major security threats existing in IM and their principle which include the communication link security, IM worms, the attacks against the IM server and IM system's own security flaws. To ensure the communication link security, we propose a kind of IM security protocol based on Elliptic Curve Public-Key Cryptography (ECC) and digital certificate. The protocol uses the ECC to carry out key management and session key agreement and symmetric encryption algorithm to encrypt the communication content. Moreover, it authenticates the identity of both parties of communication through digital certificate to prevent man-in-the-middle attack. Therefore, the protocol ensures the confidentiality and integrity of communication between the client and the server, the client and the client. And then we not only carry out a detailed analysis to the security of the protocol, but also use BAN logic to verify its safety.Secondly, we analyze in detail the function structure, working mechanism and propagation characteristics of IM worms which exist in the IM systems, and introduce the current methods against IM worms. In this paper, we propose a revised method of preventing IM worms directing at the flaws of these methods, and introduce CAPTCHA technique to it. So that it can detect IM worms at an early stage in a more positive way. On the premise of not affecting the normal communication between users, this method can restrain the propagation of IM worms effectively.Finally, we design and implement the secure IM prototype system called SecureIM. In SecureIM, we implement the security protocol and the proposed method of preventing IM worm. And we also test SecureIM to verify its safety and effectiveness.