| This paper studied and discussed on the topic of how to secure the communication in an instant message communication system. Based on the analysis of the instant message communication system security model, this paper points out that most current instant messaging system is faced with lots of security threats. In order to solve these secruity problems the instant message communication system faced and to make the transmission of IM messages secure and reliable, A message encryption protocol, which provides end-to-end message security, is studied and implemented. This protocol runs on the application layer of TCP/IP. It also providessecurity services such as identity authentication and message encryption for users of IM system.Identity authentication and key exchange is the basis for all security protocols. Using common authentication key exchange either brings unnecessary difficulties or be vlunerable to security attacks for IM users. In order to balance the two problems above, this paper presents a shared information based password authentication key exchange protocol according to a special millionaire’s problem algorithm. The protocol can resist the man-in-the-middle attack and offline dictionary attack while brings little burden to IM users.As to secure the transmission of instant messages, this paper also proposes a message encryption protocol. This protocol provides encryption, signature and other security services for instant messaging systems by repackaging and encoding the plaintext messages. In this paper, the message format, encoding rules and security algorithm is detailly disscused. The protocol is also reliazed by using software method.In the end, an enterprise instant messaging system, which implements the security protocol stated in this paper, is introduced. the test and verification of this security protocol is also illustrated in the paper, which proves its feasibility and availability. |
PDF Full Text Request