| Although Instant Messaging (IM) services are quite mature and very popular as an instant way of communication over the Internet, they have received barely any attention from the security research community. We provide a survey on security features and threats to existing IM networks and discuss how currently available systems fail to provide adequate security in light of existing threats.; Despite important differences distinguishing IM from other Internet applications, no protocols have been designed to adequately deal with the unique security issues of IM. We present the Instant Messaging Key Exchange (IMKE) protocol as a step towards secure IM. IMKE is designed to provide security in the present Internet threat model. It is intended to be embedded in (as a small change to) popular IM protocols, not to function as another independent messaging protocol. A discussion of realistic threats to IM and a related analysis of IMKE using a BAN (Burrows-Abadi-Needham)-like [30] logic is also provided. An implementation of IMKE using the open-source Jabber protocol is provided as well. |
PDF Full Text Request