56
for both encryption and digital signature is
sufficient for the required
confidentiality and integrity protection.
A trusted channel for key exchange is assumed to be available. This could
be in the form of physical transfer using SD card or a VPN connection to a
trusted server.
5.
Design and Implementation
The design of the application adopted a user-centric approach and began
with the design of the user interface.
a. User
Interface
The main screen of the application is shown in Figure 19.
Figure 19. Secure Chat User Interface (Main Screen)
57
The
Recipient Phone Number
area of the screen is comprised of a
drop down combo box that lists available phone numbers and a text box for the
user to key in a new recipient number. The checkbox beside the free text box
must be checked in order for the application to accept the text box input as the
recipient phone number.
There are two
Send Buttons
: one for
sending secure messages and
one for sending the message in clear. The aim is to provide a single interface if
the user needs to send unencrypted messages to parties outside the secure
conversation. This option should be removed in more secure applications to
prevent the user from accidentally sending the message in clear text. However,
all incoming unencrypted messages will be transferred to the default Windows
Outlook Mobile, and not be trapped by the Secure Chat application.
The
SMS Message
box allows the user
to key in the message to be
sent. The maximum length is 117 bytes because that the maximum input length
accepted by RSA with a 1024-bit key length. Expanding the length beyond 117
bytes will result in another round of encryption and more overheads. It is
assumed that 117 bytes is a sufficient length for the purpose of this
demonstration application.
The
Conversation Box
displays the ongoing conversation in a
typical chat application. Outbound messages are prefixed by “Me:” and the
inbound messages are marked by the last four digits of the sender’s
phone
number. The user can use the scroll bars to scroll through the history of the
conversation.
The
System Messages
text box displays system messages such as
key generation status,
and the encryption, signature and sending processes.
The
Option Menu
offers two selections for generating RSA Public-
Private key pair and for sending the Public Key via SMS. It should be noted that
the sending of Public Keys without additional authentication is subject to man-in-
the-middle attacks.