SYSECURE:A PIDGIN PLUG-IN FORSYMMETRIC ENCRYPTION
Jason CodyHamilton Turner
Outline
Introduction System Design
General API Security Features
SySecure 1.0 Challenges Conclusions
Introduction
Implement a symmetric key encryption plugin for use with Pidgin, a universal chat client. Phase I: Enable symmetric encryption Phase II: Enable symmetric encryption
for sessions and distribute session keys using public key encryption
SySecure 1.0 : Currently does both* *SySecure 1.1: full security features
Unencrypted Msg
Encrypted Msg
System Design: General
SySecureGTK_UI
Session_KeyPublic_Key
Msg_Handler
PidginSignals
Rcv MsgSend Msg
Encrypt Decrypt
Manages pub keys
GenerationEncryptionDecryption
User Interface
System Components: API
libpurple Core IM library
Pidgin Pidgin interface
GTK+ User interface
Mozilla NSS Network Security Suite
System Design: Security
MSG
E(PK, Session Key)
E(PR, H(MSG))
Public Key
Sender ID --Acquired from conversation window
--RSA Public Key, created on initialization of first conversation and stored.
--Session Key: 128bit key
--MSG is plaintext--Digital Signature is a hash of the message encrypted with the sender’s public key
*Note: This is a connectionless, application protocol similar in function to PGP (except there is no data compression—yet)
System Design: Security
MSG
E(PK, Session Key)
E(PR, H(MSG))
Public Key
Sender ID
--MSG and Hash are encrypted using AES in CBC mode then converted to ASCII code for transmission
*Note: This is a connectionless, application protocol similar in function to PGP (except there is no data compression—yet)
MSG
E(PR, H(MSG))
MSG
E(PR, H(MSG))
System Design: Security
E(PK, Session Key)
Public Key
Sender IDOn receipt, the receiver gets the sender’s ID from the PidginThe receiver decrypts the session key using their private keyUse the session key to decrypt the MSG and retrieve the encrypted hash
Session Key
*Note: This is a connectionless, application protocol similar in function to PGP (except there is no data compression—yet)
System Design: Security
MSG
Session Key
E(PR, H(MSG))
Public Key
Sender ID
Use the Sender ID to retrieve the public key of the sender
Use the sender public key to decrypt the hash
Take a hash and compare it to the received hash. If equal, accept message
H(MSG)
*Note: This is a connectionless, application protocol similar in function to PGP (except there is no data compression—yet)
Plugins for Pidgin Once compiled
Plugins are just dlls
“Install” Sysecure by dropping the dll in the plugin directory
It will then appear in the plugin selection window
Challenges Requires direct interface with:
Pidgin Libpurple GTK+ Mozilla NSS
Debugging and IM – Lockout (i.e. Yahoo! will lock you out if you log in/out
to frequently) Memory leak detection Debugging plugin code
Only way to debug is to run it
Way Ahead…
Hashing and Public Key File I/O still in development
Update user interface to easily distinguish between encryption/decryption mode
Extend support to file transfer
Questions?
Download Pidgin at:http://www.pidgin.im