植基於SIMPP的安全即時(shí)通訊語(yǔ)音之設(shè)計(jì)與實(shí)作

1、植基於SIMPP的安全即時(shí)通訊語(yǔ)音之設(shè)計(jì)與實(shí)作蔡金龍高雄師範(fàn)大學(xué)資訊教育研究所goadragonason楊中皇高雄師範(fàn)大學(xué)資訊教育研究所.twAbstract現(xiàn)在的即時(shí)通訊有越來(lái)越多的功能，其中的語(yǔ)音聊天功能讓使用者可以更快速地彼此溝通。有越來(lái)越多的人使用即時(shí)通訊的語(yǔ)音聊天功能，但卻很少人留意到即時(shí)通訊的語(yǔ)音是比傳統(tǒng)電話更容易被竊聽(tīng)的。雖然現(xiàn)在的即時(shí)通訊軟體提供了語(yǔ)音聊天功能，但卻沒(méi)有顧及到安全性。為了解決即時(shí)通訊語(yǔ)音功能缺乏安全性，本研究以SIMPP2為基礎(chǔ)，實(shí)作出安全的即時(shí)通訊語(yǔ)音功能。透由winmm函式庫(kù)進(jìn)行語(yǔ)音的採(cǎi)樣並轉(zhuǎn)成數(shù)位資料，再利用開(kāi)放原

2、始碼OpenSSL密碼學(xué)函式庫(kù)，使用SIMPP產(chǎn)生的短期共同金鑰，以AES256進(jìn)行加密，才將語(yǔ)音資料送出，受話方取得語(yǔ)音資料後進(jìn)行解密，再將語(yǔ)音資料轉(zhuǎn)成聲波。若有心人士從網(wǎng)路中取得語(yǔ)音封包，轉(zhuǎn)換成聲音檔，也只能聽(tīng)到噪音，無(wú)法得知其雙方的談話內(nèi)容。確保談話的安全性。.Keywords：Instant Messaging (IM), SIMPP, voice call, cryptography, secureDesign and Implementation of a Secure Voice Chat of Instant Messaging Based on SIMPPJin-Long T

3、saiInstitute of Information and Computer Education, National Kaohsiung Normal UniversitygoadragonasonChung-Huang YangInstitute of Information and Computer Education, National Kaohsiung Normal U.twAbstractThe current instant messaging (IM) has more and more functions. It

4、 not only has the text chat, but also voice chat. Voice chat provides users with a more rapid means of communication. However, the voice chat of IM is not secure. Voice data is easily monitored and recorded over network.In order to protect the voice chat of IM from monitor, we designed and implement

5、ed secure voice chat of IM based on Secure Instant Messaging and Presence Protocol (SIMPP). Firstly, we use winmm library to get digital voice data. Secondly, voice data is encrypted with key generated by SIMPP. This study uses open source OpenSSL cryptographic library for security. The encrypted vo

6、ice data is send to another user. When being received, the encrypted voice data will be decrypted to original voice data with key. After been decrypting, the voice data will be transformed to voice by winmm library. If cracker got the voice packets from network, he will hear noise and does not know

7、the content of the voice talk when playing the encrypted voice data. Thus, this study makes voice calls of IM secure.Keywords：Instant Messaging (IM), SIMPP, voice call, cryptography, secure1. IntroductionThe current instant messaging (IM) has more and more functions. It has the text chat and voice c

8、hat. Voice chat is a more rapid means of communication for users. Nowadays, more and more people use the voice chat of instant messaging. But only a few people pay attention to security of voice chat of IM. Transmission of voice over the network is wiretapping easier than the traditional telephone.

9、If cracker wants monitor the voice chat, he just uses easily software tool to monitor 1, 9. In this study, we designed and implemented secure voice chat of IM, so that users not only enjoy the convenience of voice chat over network but also have confidence. They dont worry about any sniffer software

10、, because our voice chat of IM is secure. In part 2, we introduce IM architecture, open IM standards, IM client with voice chat, and security of IM voice chat. In part 3, we proposed design of secure voice chat of IM. In part 4, we implemented secure voice chat of IM based on SIMPP. We use winmm lib

11、rary gets digital voice data, SIMPP 2 for key exchange and OpenSSL cryptographic library for security. In last part, this study makes voice chat secure.2. Related Works2.1 Instant MessagingIn year 2000, Internet Engineering Task Force (IETF) defined IM as that user can see the presence of others if

12、they add each other in buddy list, and uses can exchange real time message with each other if their presence is online 6. Therefore IETF defined RFC 2778 standard 7 which define IM systems to be comprised of two kinds of services. One is Presence Service, another is Instant Messaging Service.Fig.1Pr

13、esence Service models defined in RFC 2778Fig.2Instant Messaging Service models defined in RFC 2778See Figure 1, there is two services to deal with the user status of the mechanism in an instant messaging software. The two services are PRESENTITY and WATCHER. PRESENTITY is responsible for the presenc

14、e message to PRESENTITY SERVICE. PRESENCE SERVICE will transmit status of other users to the WATCHER.See Figure 2, instant messaging software has two services to deal with Instant Messaging of the mechanism. One service is SENDER and the other is INSTANT INBOX. SENDER is responsible for the instant

15、message to INSTANT MESSAGING SERVICE. INSTANT MESSAGING SERVICE transmits instant messages to the INSTANT INBOX.2.2 IM StandardsBecause IM system providers use they own protocol, even some one is not public, IM lacks interoperability. Therefore, IETF released IMPP (Instant Messaging and Presence Pro

16、tocol) to develop open standards for instant messaging 6. However, IMPP doesnt become a popular instant messaging protocol. The popular instant messaging standards are SIMPLE and XMPP, but SIMPLE and XMPP are compatible with IMPP.SIMPLE (Session initiation protocol for Instant Messaging and Presence

17、 Leveraging Extensions) is an open standard of instant messaging based on SIP. SIMPLE is implemented by taking SIP. It is defined in RFC 3261 by IETF. It can integrate many media services like voice, video, and files 3,6.XMPP (eXtensible Messaging and Presence Protocol) also is an open standard of i

18、nstant messaging. XMPP 6 is based on XML. With being an XML-based protocol, XMPP has the flexibility of developing in the XML environment. This means that anyone can send extended information to deal with customized requirements. So XMPP is very potential in the future. Because XMPP comes from open

19、source Jabber, many open sources IM based on Jabber are compatible with XMPP.Whether SIMPLE or XMPP, their communication model, have an instant messaging server to provide user with their buddy list, return to the status of their, and see the status of the other like Fig.3. Crackers can easily captu

20、re packets between client-server and client-client at network, so crackers can watch every message in the IM system if message transmitted in plaintext. Unfortunately, most IM system send messages in plaintext dont have security mechanism to ensuring the secure communication. Thus, crackers can not

21、only see the messages, but also temper messages. Thus, SIMPLE or XMPP is a popular open standard of IM, but is not a secure protocol.Fig.3 instant messaging commutation three-way model2.3 IM with Voice ChatMSN Messenger is renamed to Windows Live Messenger (WLM). WLM has very feature like text messa

22、ge, voice chat, file transfer, whiteboard, video and etc. It takes essentially the client-server architecture but voice chat is based on peer-to-peer. The protocol is MSNP 14 based on SIMPLE. The secure mechanism only protects the passwords of uses when that users login IM system. After users login

23、successfully, all message transmitted in MSNP are in plaintext 2, 5.The voice chat of Yahoo! Messenger is called Yahoo! Voice. The protocol used by Yahoo! Messenger is YSMG 3, 14 based on SIMPLE. Thus, the voice chat of Yahoo! Messenger is implemented by SIMPLE based on SIP. The speech coder is take

24、 iLBC. Yahoo! Messenger takes essentially the client-server architecture. The users didnt connect to each other directly the users established a connection through SIP proxy. But the secure mechanism only protects the passwords when that users login IM system. Message transmitted in YMSG are in plai

25、ntext in addition to authentication phrase.The core technology of Google Talk is XMPP. XMPP Standards Foundation defined Jingle, an XMPP protocol extension to initiate and manage peer-to-peer media sessions. Google implemented libjingle compatible Jingle protocol 8. Google not only uses it for the d

26、evelopment of Google Talk, more releases libjingle source. Google Talk provides text messages, voice call. The secure mechanism is only at authentication phrase.Whether it is Windows Live Messenger, Google Talk, or Yahoo! Messenger, it packets compressed voice data to voice chat session in plaintext

27、 1 so that crackers could capture the voice chat traffic easily and hear what users talk about.2.4 Discussion on Security of IM with voice chatAt present, the security for the majority of instant messaging software protects only account and password. For instance, Yahoo! Messenger uses SSL/TLS to cr

28、eate a secure session for user authentication when users login in server 3. Additionally, instant messaging client soft hash the password for authentication. Instant messaging server compare the hashes from client soft and hashes saved in server. The way is good to protect password for security. Bec

29、ause just transmitting hash of password not password itself, it is difficult for anyone to back step hash of password to get password.Windows Live Messenger uses Microsoft Passport system. Although authentication of WLM is performed over SSL, server supplies client and sends encrypted cookies in pla

30、intext, so that cracks use the encrypted cookies to impersonate and man-in-the-middle attacks. Therefore, after authentication phrase, most IM system doesnt ensure communications against attacks. It can not guarantee that the user A and user B, as well as communications between the host of Confident

31、iality, Integrity, Availability, Non-repudiation.On Linux platform, there is VoIPong 11, the open-source VoIP monitoring tools. It is written by C language for performance. It can scout a variety of VoIP Protocol include H323, SIP, RTP, RTCP, Cisco's Skinny Client Protocol. It can detect the VoI

32、P and the record voice into a WAVE file in the local. VoIPong successfully detected all VoIP calls and the VoIP gateways on a 45 Mbit/sec actual network traffic. On Toshiba notebook with 256MB RAM, Celeron 1700 Mhz, CPU utilization during the run is between 66% - 80%.And other open-source like Vomit

33、, OreKa, Cain & Abel fee software and so on can monitor the voice network. Nowadays most of the so instant messaging software is its voice can easily be monitored. If the conversation involves important secrets, or personal ID card number, bank passwords and so on, will have to suffer heavy loss

34、es. Instant messaging voice chat communication is a demand for security.2.5 Security for voice chat of IMEnhance the security of voice instant messaging; there are four types of Strategies to take. The fist type is using plug-ins. The second is built-in encryption voice chat program. The third is th

35、e use of SSL / TLS. The fourth is using secure exchange instant messaging security agreement.2.5.1 Plug-insThe benefits of the use of plug-ins are no changes in the original program. Zfone is developed by PGP founder Phil Zimmermann, to support common operating system like Linux, FreeBSD, and Window

36、s. Zfone for ordinary users are free of charge, even though the complexity of copyright Zfone. Zfone is designed to make the existing VoIP client secure. As long as Zfone opened earlier than the original VoIP client, Zfone will automatically set up secure channel for voice calls, and will operate on

37、 the results displayed in the GUI.2.5.2 Built-in encryption voice chat programJAJAH is commercial VoIP software. It only recently protects voice chat with 128-bit security. Its main characteristics are not only providing free PC to PC voice calls, but also to provide 150 minutes per week of free PC

38、to Phone services.Skype is the same as commercial software, but still offer free PC to PC voice calls, text message, video chat, file transfers and other functions. In essence, Skype looks like common IM system such as WLM, YMSG, but its Architecture, protocol and techniques are much different from

39、the other IM or VoIP system. Skype uses AES 256-bit encryption to protect sensitive information include text message, voice chat, and video chat.Twinkle is open source VoIP software, authorized the use of GPL, operation platform for Linux, not Windows version. It supports a wide range of voice codin

40、g such as G.711, GSM, Speex, iLBC, G.726. It uses secure ZRTP and SRTP protocol to make voice chat session.2.5.3 SSL / TLSTLS (Transport Layer Security) defined in RFC 5246 and its predecessor, SSL (Secure Sockets Layer) are cryptographic protocols providing security and data integrity for communica

41、tions over networks. SSL / TLS are based on PKI (Public Key Infrastructure). However, PKI uses RSA cryptography. In the RSA cryptography, there are a lot of Modulus operators. Modulus operators are not effective. It will result in the burden of system.2.5.4 Secure exchange instant messaging security

42、 agreement.Secure Instant Messaging & Presence Protocol (SIMPP) proposed by Tzong-Yih Kuo2 is a secure instant messaging protocol. SIMPP not only protect information from monitoring, but also is a key exchange protocol. SIMPP is based on elliptic-curve cryptography to improve IMKE 5 based on RSA

43、 cryptography, proposed by Mannan and Oorschot. SIMPP is not only more efficient than IMKE protocol through being based on elliptic-curve cryptography, but also secure than IMKE protocol to avoid the common man-in-the-middle. SIMPP can ensure data with confidentiality and recognition when transmitte

44、d between the server and client, the client and client.3. Design and of secure voice instant messagingThis study is based on SIMPP. So messages between the two sides are secure.In order to implement secure voice chat of instant messaging, it is the first step to sample voice wave and transform it to

45、 the telecommunications signals through audio device. The second step is to transform telecommunications signals to the digital signals. The third step is to encrypt to the digital signals with shared key and send the encrypted voice data to the receiver. And then the encrypted voice data must be de

46、crypted with shared key to get original voice digital signals. The voice digital signals are transformed to telecommunications signals by system audio API. Finally, the telecommunications signals are played as voice wave human can hear through audio device. Following for system operation flow Fig.4:

47、Fig.4 system flow chartIn Fig.4, the method of encryption and decryption are symmetric cryptographic algorithms AES-256, ECB mode. Because voice calls focuses on real-time treatment, this study uses a secure and effective cryptography algorithm to deal with security on real-time. Today's cryptos

48、ystems are divided into two types: symmetric and asymmetric. Symmetric crypto systems encrypt and decrypt data with the same key (the secret key) but asymmetric cryptosystems encrypt and decrypt data with different key. The performance of symmetric cryptography would be more effective 13, but it is

49、a challenge to let both side have same symmetric key. In order to deal with the challenge, this study use SIMPP protocol to implement key exchange. SIMPP can be safely let both sides have the same symmetric key, and will not be found by cracker.Fig.5 voice chat invited flowchartWhen the user A and u

50、ser B want hold voice chat, the user A will send a call request. User B can choose to accept or refuse the call. When the user B receipt, he will send the IP and Port of voice chat to the user A. User A send IP and Port to user B, then his voice data are encrypted transmitted to the user B. User B r

51、eceived IP-related information, from user A and encrypt voice data by use of the same symmetric key. At the same time, their voice chat session is in cipher text, this time the two sides begin to voice chat securely.4. Implementation of Secure Voice Instant MessagingThis study is based on SIMPP. It

52、takes client-server architecture to implement secure voice of instant messaging. When users want to make voice chat, the client software sends the voice chat invitation and information about the point-to-point data transmission, through from the original SIMPP architecture. Finally, secure voice cha

53、t for IM is start by point-to-point type.In this study, the secure voice chat of IM is implemented on the SIMPP client. Now SIMPP client not only has secure text chat, but also voice chat. Program development tools using Borland C + + Builder on Windows platforms. It is to use winmm multimedia libra

54、ry to sample voice and playback. Winmm is used on Windows platform, a group of WINAPI to deal with multi-media. From the Windows NT 3.1 operating platforms, audio device is thoroughly controlled by the winmm library multimedia. Secure part of chat voice, using open source OpenSSL cryptographic libra

55、ry to encrypt with Symmetric encryption algorithm AES256, ECB mode. Voice data will be encrypted before sent to the receiver side. When received, the voice data must be decrypted by the generated SIMPP symmetric key, and then the voice data can be converted into voice waves. The two sides can hold s

56、afe voice chat.Table 1: secure voice chat of IM specificationsProgram Development ToolsBorland C+ BuilderMultimedia LibrarywinmmCryptographic LibraryOpenSSLSymmetric CryptosystemAES256，ECBKey Exchange AgreementSIMPPThe secure IM uses the SIMPP server revised from open source jabberd and operated on

57、Ubuntu 8.04. Using open source MySQL stores basic user information and authentication information. SIMPP server is more secure than jabberd. SIMPP cryptography used in the specifications in the following table:Table 2: SIMPP cryptographic specificationsPublic-Key CryptosystemGF(p) Elliptic Curve (y2

58、=x3 - 3x+b mod p)，Size of KeyServer 224 Bits，Client BitsKey Exchange AgreementECDH (Elliptic Curve Diffie-Hellman)Digital Signature AlgorithmECDSA (Elliptic Curve Digital Signature Algorithm)Symmetric Cryptosystem128 Bits AES，CBC modeOne-way Hash FunctionSHA-256Firstly, login the SIMPP server and click on buddy list, a dialogue window will appear. There is the microphone icon above a window. Click the icon to invite to the other side, secure voice chat session will operate if the other side applies.Fig.6 button of the secure voice chat of IMThe Fig.6 shows two sides have been SIMP