Encryption for Instant Messaging

Instant messaging seems to be a mystery to most people that use it.

The people I know really don’t think about the mechanisms that are involved in transmitting a text message over the internet from one person to another. Fewer still understand the security implications of exposing sensitive information over unencrypted communication channels between two or more transfer points.

The fact of the matter is that no instant messaging system is secure. No instant messenger platform or network that I am aware of currently enables end-to-end encryption by-default, and most (if not all) of those networks are either vulnerable to, or are already actively being exploited by, various government and non-government agencies for various surveillance ends. To combat this, growing numbers of individuals are utilizing encryption methods such as OTR (Off-The-Record) with instant messaging clients such as Pidgin and Adium. Others still are moving to more secure networks altogether such as Diaspora or BuddyCloud. The aim of this article is to specifically speak to the basic security measures and encryption methods that anyone may begin employing to begin securing their communications.

To start, reducing your overall exposure by limiting the number of networks you communicate over is a great first step to reducing potential exposure of your information. If you communicate over several instant messaging networks, picking a single network to operate from makes it easier to reduce the number of potential routes that your sensitive communications are traveling over as well as the overall chance of your communications being intercepted during transmission.

Picking a single communications network to operate from is not the end of this particular part of the story, either. Picking the right network to operate from is the next challenge. Almost every network is indistinguishable from another, save for the fact that no networks currently communicate with each other. The only exception to this rule is AOL Instant Messenger’s cross-connects to Google’s Talk network (both of which are XMPP/Jabber-based). Given the recent revelations that Google isn’t securing it’s own internal networks when transmitting data between it’s own data centers, it calls into question the practices of all other service providers of the same caliber. If Google, a best-in-class Fortune 50 technology behemoth, isn’t securing it’s traffic between data centers who else is avoiding due-diligence in this same area?

Bearing that question in-mind, treating all networks and all communications as exposed or compromised gives you a more truthful perspective to work from. By using Off-The-Record and verifying your partner’s signature(s) or key(s) either separately via a separate channel (perhaps a key-signing party, a text copy of a signature provided on an encrypted USB stick, etc.) or via the Socialist Millionaire cryptographic solution. Google’s “Off The Record” functionality present in the Gmail and Google UIs should not be confused with OTR functionality provided by libpurple-based clients. Google’s OTR option only prevents logging of chats in your Google account and still potentially logs your chats to Google-controlled servers.

Once OTR messaging is established between two parties, two features that are far less common among cryptographic communication schemes (text borrowed from the OTR chat Wikipedia page):

  • Perfect forward secrecy: Messages are only encrypted with temporary per-message AES keys, negotiated using the Diffie-Hellman key exchange protocol. The compromise of any long-lived cryptographic keys does not compromise any previous conversations, even if an attacker is in possession of ciphertexts.
  • Deniable authentication: Messages in a conversation do not have digital signatures, and after a conversation is complete, anyone is able to forge a message to appear to have come from one of the participants in the conversation, assuring that it is impossible to prove that a specific message came from a specific person. Within the conversation the recipient can be sure that a message is coming from the person they have identified.

With OTR enabled, it becomes possible to truly trust communications over protocols such as XMPP/Jabber (GTalk/AIM) and certain IRC networks when combined with an OTR & libpurple-based client. Taking this first step empowers the individuals involved to re-secure their communications and begin to rebuild trust while significantly hampering any efforts by third-parties to engage in clandestine surveillance or man-in-the-middle attacks.

Preventing or significantly hampering digital surveillance is paramount if we are to continue to exist as a free and empowered society. A society in which journalists are able to more easily share their information and knowledge with the world at-large. A society in which citizens are able to freely browse and accumulate information without fear of censorship or reprisal from authority figures. And most importantly, a society in which the free flow of information is uninhibited by small people with big ideas about how the world must be instead of how it can be.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s