B. SECURE
CHAT
1. Aim
The aim of this application was to verify the feasibility of providing
confidentiality and integrity protection for SMS messages by using asymmetric
encryption. Observations were also made with regard to the practicality of such
an implementation.
2. Security
Requirement
Every SMS message sent from the device is digitally signed and
encrypted. The messages are decrypted by the recipient and the digital signature
is also verified by the recipient to detect any modification of the message.
3.
Assumptions and Limitations
The algorithm used is the RSA algorithm provided in the Microsoft Crypto
API. RSA was selected because it provided native support for encryption and
digital signature. It is assumed that the RSA algorithm with a 1024-bit key length
56
for both encryption and digital signature is sufficient for the required
confidentiality and integrity protection.
A trusted channel for key exchange is assumed to be available. This could
be in the form of physical transfer using SD card or a VPN connection to a
trusted server.
5.
Design and Implementation
The design of the application adopted a user-centric approach and began
with the design of the user interface.
a. User
Interface
The main screen of the application is shown in Figure 19.
Figure 19. Secure Chat User Interface (Main Screen)
57
The
Recipient Phone Number
area of the screen is comprised of a
drop down combo box that lists available phone numbers and a text box for the
user to key in a new recipient number. The checkbox beside the free text box
must be checked in order for the application to accept the text box input as the
recipient phone number.
There are two
Send Buttons
: one for sending secure messages and
one for sending the message in clear. The aim is to provide a single interface if
the user needs to send unencrypted messages to parties outside the secure
conversation. This option should be removed in more secure applications to
prevent the user from accidentally sending the message in clear text. However,
all incoming unencrypted messages will be transferred to the default Windows
Outlook Mobile, and not be trapped by the Secure Chat application.
The
SMS Message
box allows the user to key in the message to be
sent. The maximum length is 117 bytes because that the maximum input length
accepted by RSA with a 1024-bit key length. Expanding the length beyond 117
bytes will result in another round of encryption and more overheads. It is
assumed that 117 bytes is a sufficient length for the purpose of this
demonstration application.
The
Conversation Box
displays the ongoing conversation in a
typical chat application. Outbound messages are prefixed by “Me:” and the
inbound messages are marked by the last four digits of the sender’s phone
number. The user can use the scroll bars to scroll through the history of the
conversation.
The
System Messages
text box displays system messages such as
key generation status, and the encryption, signature and sending processes.
The
Option Menu
offers two selections for generating RSA Public-
Private key pair and for sending the Public Key via SMS. It should be noted that
the sending of Public Keys without additional authentication is subject to man-in-
the-middle attacks.
58
Do'stlaringiz bilan baham: |