Maninda Edirisooriya. Introduction Extension for Google Chrome. Privacy protection system for online chat. Encrypts chat text using 128 bit AES. Decrypts.

Slides:

Advertisements

Similar presentations

A Security Analysis of Two Commercial Browser and Cloud Based Password Managers Rui Zhao 1, Chuan Yue 1, Kun Sun 2 University of Colorado Colorado Springs.

Advertisements

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005

Computer Science 101 Data Encryption And Computer Networks.

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

1 Pertemuan 12 Security Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Chapter 5 Cryptography Protecting principals communication in systems.

Wired Equivalent Privacy (WEP)

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

DePaul Information Security

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.

SSH Secure Login Connections over the Internet

CSCI 6962: Server-side Design and Programming

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Authentication Approaches over Internet Jia Li

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Encryption Objective 1: Explain data encryption procedures.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

18-jan-962. ETH-W4 (ra)1 security on the Web l security l authentication l privacy.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Cryptanalysis Andrew Burkett, Jacob Peddicord, David Burl Project Leader: Jonathan Mudronja.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.

Website Development with PHP and MySQL Saving Data.

WEP Protocol Weaknesses and Vulnerabilities

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?

Chapter 7 – Confidentiality Using Symmetric Encryption.

Public Key Encryption.

Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.

HTML Form Widgets. Review: HTML Forms HTML forms are used to create web pages that accept user input Forms allow the user to communicate information back.

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE

PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.

Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

IS2802 Introduction to Multimedia Applications for Business Lecture 8: JavaScript and Cookies Rob Gleasure

MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

Implementing Secure IRC App with Elgamal By Hyungki Choi ID : Date :

THE SEVEN LAYERS OF THE OSI MODEL. PHYSICAL LAYER Encodes the packets into a signal recognized by the medium that will carry them Ex. Analog signal sent.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Web Applications Security Cryptography 1

Security Using Armstrong Numbers and Authentication using Colors

Networks Problem Set 1 Due Oct 3 Bonus Date Oct 2

Cross-Site Request Forgeries: Exploitation and Prevention

Web Systems Development (CSC-215)

SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET

ONLINE SECURE DATA SERVICE

Exercise 1: Let’s Communicate - Decrypt The message

Presentation transcript:

Maninda Edirisooriya

Introduction Extension for Google Chrome. Privacy protection system for online chat. Encrypts chat text using 128 bit AES. Decrypts at the receiver. Common password for both users.

Motivation No existing cheap solution. Lot of Information analyzers in use for advertisements. No freedom against governments – filter key words For people who do not trust on servers. (Like me )

Design and Implementation Design – JavaScript and HTML Run as an extension in web browser – In Application Layer.

Design and Implementation At each end Encryption/Decryption occurs. Cipher text in Base-64 encoded is sent via network.

Design and Implementation Encryption – change text to Base-64 Decryption – show text in tooltip and copy to clipboard.

Design and Implementation Setting Password Step 1 – Convert password to ASCII numeric Step 2 – Get MD5 digest of ASCII as key. Encryption Step 1 – Identify the text box in focus and convert the text string to ASCII numeric Step 2 – Break it into 128 bit blocks. Assign nulls for padding. Step 3 – Apply AES 128 block cipher using key.

Design and Implementation Step 4 – Convert encrypted numeric values to base 64 character encoding. Step 5 – Replace original string with this. This will be sent via server. Decryption Step 1 – Select received text and convert to numeric values. Step 2 – Break into blocks.

Design and Implementation Step 3 – Apply AES 128 decryption to each set of blocks. Step 4 – Remove padding nulls from the result. Step 5 – Convert to ASCII characters and show in a tooltip while copying it to clipboard. Ending Session Replace the variables with key value with another value.

Demonstration Start a session – enter password Enter again.

Demonstration If passwords are not matching or Empty password – Error

Demonstration When want to chat type and press Alt + z or Select “Encrypt Text” from menu. Alt + z or

Demonstration At receiver’s end – select text and press Alt +d or Select “Decrypt Text” from menu.

Demonstration Can be used without a chat box – Real Time Mode Select “Real Time” from menu.

Demonstration Other features – Google bubble translator and Password generator.

Demonstration When want to end conversation – End Session Select “End Session” from menu and confirm.

Conclusion Simple and cheap way to communicate confidentially. But impossible to send emoticons. No key sharing mechanism. AES 128 simple cipher is vulnerable to language statistics based attacks. Therefore Could and should be developed more for commercial use.

Questions and Answers Any Questions ?