Secure Public Instant Messaging (IM): A Survey

Mohammad Mannan Paul C. Van OorschotDigital Security GroupSchool of Computer ScienceCarleton University, Ottawa, Canada

What’s This Talk About? Do we need secure IM? Do the current methods provide

enough security for IM?

Organization Scope and background What’s at stake? Reasons why IM is insecure Existing IM security mechanisms Shortcomings Concluding remarks

Scope PC-to-PC (one-to-one) text messaging Popular public and business IM

AOL, Yahoo!, and MSN Messenger, ICQ Yahoo! Business Messenger, Reuters

Messaging third party clients (Trillian, IMSecure)

Out of scope Short Messaging System(SMS) Internet Relay Chat (IRC) chat room/group chat

Background IM is mainly used for –

exchanging text messages tracking availability of a list of users

Recent statistics Pew report 2004 –

42% Internet users use IM in the U.S. growth rate of IM population: 29% (since 2000) 70% Internet users report using email more than

IM Ferris Report (business IM users)

10 million in 2002 182 million in 2007

IM Communications Model

Client-server: presence, contact list and availability management, message relay between users

Client-client: audio/video chat, file transfer Authentication: password-based, sometimes use

SSL (Secure Socket Layer)

IM Server

Client 1 Client 2

What’s at Stake? Conversations (privacy and information

leakage) Propagation vector for Internet worms,

viruses and Trojans SPIM (IM spam) – Unsolicited commercial

IMs Radicati Group projections –

1.2 billion SPIMs in 2004 (5% of total IMs) 400 million in 2003 34.8 billion spam email messages in 2004

Compromised systems

Reasons why IM is insecure “Insecure” connection

impersonation replay

Sharing IM features with other applications Exploitable URI (Uniform Resource Identifiers)

handlers aim, ymsgr example: aim://addbuddy?mybuddy attacks

buffer overflow scripting attacks

Deceitful hyperlinks

Existing IM Security Mechanisms(1)

Built-in methods launch anti-virus explicit consent for add contact, file

transfer, presence info (not cryptographically protected)

new version and critical updates notification prevents automated account creation word filtering password-protected settings etc.

Existing IM Security Mechanisms(2) Third-party security solutions

AIM can make use of Class 2 digital certificates

IMSecure Trillian

Why don't we use email security solutions for IM? Proprietary protocols P2P connections

Shortcomings of Current Solutions

Anti-virus can check only limited file types URL exploitations Cost and maintenance burden of digital

certificates SSL-based (corporate IM) solutions:

resource hungry visible messages to server limited threat model (end-points are trusted)

Weaknesses of IMSecure Model

IM Client IMSecureUnprotected Messages

Malicious Program

Read/M

odify

Messa

ges

Encrypted Messages

User System

IM Server/Others

Concluding Remarks IM security is important Current methods are insufficient Can we use existing protocols to

secure IM? User interface issues Ongoing work in IETF (see also

paper)

Thanks.

Paper: http://www.scs.carleton.ca/~mmannan/publications/pst04.pdf

Presentation: http://www.scs.carleton.ca/~mmannan/publications/pst04.ppt

Web References Symantec: IM Worms Could Spread In Seconds, June

2004, http://www.techweb.com/wire/story/TWB20040618S0007 Look out spam, here comes spim, Mar. 2004,

http://www.theregister.co.uk/2004/03/31/look_out_spam_here_comes

Microsoft warns of JPEG threat, Sep. 2004 http://www.macworld.co.uk/news/index.cfm?NewsID=9635&Page=1&pagePos=2

National Cyber Security Alliance Perception Poll Release

http://www.staysafeonline.info/news/NCSAPerceptionPollRelease.pdf

Related Work Much work on feature

enhancement, analysis Secure Instant Messaging Protocol

Preserving Confidentiality against Administrator, Kikuchi et al., March, 2004.

Threats to Instant Messaging, Symantec Security Response, 2003.