Secure Public Instant Messaging (IM): A Survey Mohammad Mannan Paul C. Van Oorschot Digital Security Group School of Computer Science Carleton University,

Slides:

Advertisements

Similar presentations

TechTracks: Instant Messaging (IM) Amanda Stone South Carolina State Library IM: AStonescsl.

Advertisements

Instant Messenger Security with a focus on implementing security policies in corporate IM services Kaushal S Chandrashekar CS 691 Dr. Edward Chow UCCS.

Chapter 17: WEB COMPONENTS

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

COMPUTER BASICS METC 106. The Internet Global group of interconnected networks Originated in 1969 – Department of Defense ARPANet Only text, no graphics.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Breaking Trust On The Internet

Threats To A Computer Network

Instant Messaging Internet Technologies and Applications.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Securing Instant Messaging Matt Hsu. Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging.

Computers Going Online Internet Resources and Applications Finding information on the Web browsing: just looking around searching: trying to find specific.

Guide to Operating System Security Chapter 10 Security.

Analysis of Instant Messenger Programs Celia Hung and Nathan Miller ECE 478/578 Department of Electrical Engineering Oregon State University.

Instant Messaging Security Flaws By: Shadow404 Southern Poly University.

Norman SecureSurf Protect your users when surfing the Internet.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.

Presence Applications in the Real World Patrick Ferriter VP of Product Marketing.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Security Risks of Instant Messaging in the Workplace Imtiaz Paniwala Instructor: Dr. Yang Date: March 24, 2004.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Security. Introduction to Security Why do we need security? What happens if data is lost? –Wrong business decisions through lack of information –Long-term.

Chapter 6: Web Security Security+ Guide to Network Security Fundamentals Second Edition.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Staying Safe Online Keep your Information Secure.

Web Security Chapter 6. Learning Objectives Understand SSL/TLS protocols and their implementation on the Internet Understand HTTPS protocol as it relates.

COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.

Instant Messaging for the Workplace A pure collaborative communication tool that does not distract users from their normal activities.

Instant Messaging Alan Parker Robert Callow Brian Kearney Fortunato Macari Daniel Harrington Chang Gong Wang.

Security+ All-In-One Edition Chapter 14 – and Instant Messaging Brian E. Brzezicki.

Instant Messaging for the Workplace A pure collaborative communication tool that does not distract users from their normal activities.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.

ARE YOU BEING SAFE? What you need to know about technology safety Shenea Haynes Digital Citizenship Project ED 505.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

8 1 ADVANCED COMMUNICATION TOOLS Using Chat, Virtual Worlds, and Newsgroups New Perspectives on THE INTERNET.

 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.

Introduction to Barracuda IM Firewall. Two Security Products in One Public IM Management –Manages traffic from public IM clients, including AIM, Yahoo!

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

I NSTANT M ESSAGING Presented By : Sana Riaz Roll no:F1F12MCOM0185.

Jabber Client Jeevan Varma Anga Distributed Systems(CSC8530) Villanova University.

1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.

Tracking Changes in MS Word. Track Changes Allows you to keep track of the changes you make to a document Extremely helpful when more than one person.

Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM

A Case Study: UIM The Universal Instant Messenger Babak Esfandiari Carleton University SYSC 5800 Winter 2003.

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG

1 Figure 9-10: Database and Instant Messaging Security Concerns Other Applications  There are many other applications  Each has its own security issues.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Living in a Network Centric World Network Fundamentals – Chapter 1.

Security fundamentals Topic 9 Securing internet messaging.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Computer Security By Duncan Hall.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

SSL(HandShake) Protocol By J.STEPHY GRAFF IIM.SC(C.S)

2/19/2016clicktechsolution.com Security. 2/19/2016clicktechsolution.com Threats Threats to the security of itself –Loss of confidentiality.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Instant Messaging. Magnitude of the Problem Radicati reports that 85% of enterprises today use IM. Furthermore, Radicati predicts IM usage increases will.

Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Armenia Twinning 2011 Component F – Information Society, 2 – 6 May DEVELOPMENT OF INFORMATION SOCIETY STATISTICS IN LITHUANIA SURVEY ON.

SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.

Chapter 40 Internet Security.

Introduction to Barracuda IM Firewall

BUILD SECURE PRODUCTS AND SERVICES

INTERNET SECURITY.

Presentation transcript:

Secure Public Instant Messaging (IM): A Survey Mohammad Mannan Paul C. Van Oorschot Digital Security Group School of Computer Science Carleton University, Ottawa, Canada

What’s This Talk About? Do we need secure IM? Do the current methods provide enough security for IM?

Organization Scope and background What’s at stake? Reasons why IM is insecure Existing IM security mechanisms Shortcomings Concluding remarks

Scope PC-to-PC (one-to-one) text messaging Popular public and business IM AOL, Yahoo!, and MSN Messenger, ICQ Yahoo! Business Messenger, Reuters Messaging third party clients (Trillian, IMSecure) Out of scope Short Messaging System(SMS) Internet Relay Chat (IRC) chat room/group chat

Background IM is mainly used for – exchanging text messages tracking availability of a list of users Recent statistics Pew report 2004 – 42% Internet users use IM in the U.S. growth rate of IM population: 29% (since 2000) 70% Internet users report using more than IM Ferris Report (business IM users) 10 million in million in 2007

IM Communications Model Client-server: presence, contact list and availability management, message relay between users Client-client: audio/video chat, file transfer Authentication: password-based, sometimes use SSL (Secure Socket Layer) IM Server Client 1Client 2

What’s at Stake? Conversations (privacy and information leakage) Propagation vector for Internet worms, viruses and Trojans SPIM (IM spam) – Unsolicited commercial IMs Radicati Group projections – 1.2 billion SPIMs in 2004 (5% of total IMs) 400 million in billion spam messages in 2004 Compromised systems

Reasons why IM is insecure “Insecure” connection impersonation replay Sharing IM features with other applications Exploitable URI (Uniform Resource Identifiers) handlers aim, ymsgr example: aim://addbuddy?mybuddy attacks buffer overflow scripting attacks Deceitful hyperlinks

Existing IM Security Mechanisms(1) Built-in methods launch anti-virus explicit consent for add contact, file transfer, presence info (not cryptographically protected) new version and critical updates notification prevents automated account creation word filtering password-protected settings etc.

Existing IM Security Mechanisms(2) Third-party security solutions AIM can make use of Class 2 digital certificates IMSecure Trillian Why don't we use security solutions for IM? Proprietary protocols P2P connections

Shortcomings of Current Solutions Anti-virus can check only limited file types URL exploitations Cost and maintenance burden of digital certificates SSL-based (corporate IM) solutions: resource hungry visible messages to server limited threat model (end-points are trusted)

Weaknesses of IMSecure Model IM ClientIMSecureUnprotected Messages Malicious Program Read/Modify Messages Encrypted Messages User System IM Server/ Others

Concluding Remarks IM security is important Current methods are insufficient Can we use existing protocols to secure IM? User interface issues Ongoing work in IETF (see also paper)

Thanks. Paper: Presentation:

Web References Symantec: IM Worms Could Spread In Seconds, June 2004, Look out spam, here comes spim, Mar. 2004, Microsoft warns of JPEG threat, Sep pagePos=2 pagePos=2 National Cyber Security Alliance Perception Poll Release

Related Work Much work on feature enhancement, analysis Secure Instant Messaging Protocol Preserving Confidentiality against Administrator, Kikuchi et al., March, Threats to Instant Messaging, Symantec Security Response, 2003.