Design And Implementation Of Secure Communication Application Based On XMPP

In recent years,with the continuous development of the Internet and communication technology,great changes have taken place in the way people communicate.With the help of the Internet and mobile networks,instant messaging has become one of the most popular means of communication.However,while people enjoy the convenience brought by instant communication,they also face huge security threats,among which the most prominent is the risk of leakage of user data in the process of transmission and local storage.Therefore,this paper studies the security of data transmission and storage in instant communication,and designs and implements a secure communication application system based on XMPP(Extensible Messaging and Presence Protocol).This system is based on the client/server architecture design,and the instant message communication between users is completed by means of XMPP framework.The client and server communicate and exchange data through XMPP protocol.The client includes the Android terminal and PC terminal,which can complete real-time synchronous update of messages on different clients of users.The security of the application is based on the third-party trusted PKI(Public Key Infrastructure)system,and the CA(Certificate Authority)is introduced to authenticate the user's identity,and a set of double certificates are issued for each user's different device client.Double certificates separate the authentication of a single digital certificate from the function of data encryption.Signature certificates are used for authentication,encryption certificates are used for data encryption operations,and issuing double certificates to different devices can ensure the uniqueness and confidentiality of signature certificates.In addition,for data stored locally and data transmitted in communication,the system supports state secret algorithm for encryption and decryption,meeting the national security standards.At the same time,aiming at the low efficiency of file sharing in current encrypted communication applications,this paper designs and implements an improved file encryption transmission and sharing mechanism.This mechanism separates the ciphertext file from the file session key,the ciphertext file is uploaded to the file server,and the path information of the file session key and the ciphertext file is firstly encrypted by group chat or single chat,and then transmitted to the target user or user group through instant communication.Therefore,the forwarder only needs to briefly process the file session key and the path information of the ciphertext file to complete the file forwarding.While ensuring the security,it effectively reduces the resource consumption of the client and server,improves the utilization of ciphertext files,and further reduces the related file operations.The application system mainly includes six functional modules: user registration,user login and logout,friend management,group management,instant communication management and user interface management.Among them,the user registration function module mainly completes the verification of the registered mobile phone number,applies for double certificates to the CA,and finally completes the registration of XMPP server account.The user login and logout function module mainly completes the user login authentication and ensures that legitimate users can use other function modules of the application system.The friend management module mainly completes the management of users' friends and provides encryption certificate support for the encryption and decryption of data transmitted in single chat.The group management module manages the chat group and provides the group session key support for the encryption and decryption of the data transmitted in the group chat.The instant communication module mainly completes the operation of sending,receiving and storing messages in single chat and group chat,and adds and decrypts the transmitted data and stored data through the third party secret module to further guarantee the security of the data in the instant communication module.Finally,this article is based on Linux operating system(Ubuntu 16.04)to realize the function of the application server,respectively,implements the mobile client and PC client software based on the Android 6.0/7.0 and Windows 7/10,and the functions of the various modules of the system test and performance test,the test results verify the effectiveness and efficiency of the system.The "Mi Liao" product developed based on the results of this paper has been applied to the relevant business systems of xinjiang CA and shenzhen CA.