SYSECURE:A PIDGIN PLUG-IN FORSYMMETRIC ENCRYPTION

Jason CodyHamilton Turner

Outline

Introduction System Design

General API Security Features

SySecure 1.0 Challenges Conclusions

Introduction

Implement a symmetric key encryption plugin for use with Pidgin, a universal chat client. Phase I: Enable symmetric encryption Phase II: Enable symmetric encryption

for sessions and distribute session keys using public key encryption

SySecure 1.0 : Currently does both* *SySecure 1.1: full security features

Unencrypted Msg

Encrypted Msg

System Design: General

SySecureGTK_UI

Session_KeyPublic_Key

Msg_Handler

PidginSignals

Rcv MsgSend Msg

Encrypt Decrypt

Manages pub keys

GenerationEncryptionDecryption

User Interface

System Components: API

libpurple Core IM library

Pidgin Pidgin interface

GTK+ User interface

Mozilla NSS Network Security Suite

System Design: Security

MSG

E(PK, Session Key)

E(PR, H(MSG))

Public Key

Sender ID --Acquired from conversation window

--RSA Public Key, created on initialization of first conversation and stored.

--Session Key: 128bit key

--MSG is plaintext--Digital Signature is a hash of the message encrypted with the sender’s public key

*Note: This is a connectionless, application protocol similar in function to PGP (except there is no data compression—yet)

System Design: Security

MSG

E(PK, Session Key)

E(PR, H(MSG))

Public Key

Sender ID

--MSG and Hash are encrypted using AES in CBC mode then converted to ASCII code for transmission

*Note: This is a connectionless, application protocol similar in function to PGP (except there is no data compression—yet)

MSG

E(PR, H(MSG))

MSG

E(PR, H(MSG))

System Design: Security

E(PK, Session Key)

Public Key

Sender IDOn receipt, the receiver gets the sender’s ID from the PidginThe receiver decrypts the session key using their private keyUse the session key to decrypt the MSG and retrieve the encrypted hash

Session Key

*Note: This is a connectionless, application protocol similar in function to PGP (except there is no data compression—yet)

System Design: Security

MSG

Session Key

E(PR, H(MSG))

Public Key

Sender ID

Use the Sender ID to retrieve the public key of the sender

Use the sender public key to decrypt the hash

Take a hash and compare it to the received hash. If equal, accept message

H(MSG)

*Note: This is a connectionless, application protocol similar in function to PGP (except there is no data compression—yet)

Plugins for Pidgin Once compiled

Plugins are just dlls

“Install” Sysecure by dropping the dll in the plugin directory

It will then appear in the plugin selection window

Challenges Requires direct interface with:

Pidgin Libpurple GTK+ Mozilla NSS

Debugging and IM – Lockout (i.e. Yahoo! will lock you out if you log in/out

to frequently) Memory leak detection Debugging plugin code

Only way to debug is to run it

Way Ahead…

Hashing and Public Key File I/O still in development

Update user interface to easily distinguish between encryption/decryption mode

Extend support to file transfer

Questions?

Download Pidgin at:http://www.pidgin.im