DOCSLIB.ORG

What's New with Whatsapp & Co.? Revisiting the Security of Smartphone Messaging Applications

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
What's New with Whatsapp & Co.? Revisiting the Security of Smartphone Messaging Applications What’s new with WhatsApp & Co.? Revisiting the Security of Smartphone Messaging Applications Robin Mueller Sebastian Schrittwieser Peter Fruehwirt Vienna University of St. Poelten University of SBA Research Technology Applied Sciences Austria Austria Austria pfruehwirt@sba- e0926507 sebastian.schrittwieser research.org @student.tuwien.ac.at @fhstp.ac.at Peter Kieseberg Edgar Weippl SBA Research SBA Research Austria Austria pkieseberg@sba- eweippl@sba- research.org research.org ABSTRACT Keywords In recent years mobile messaging and VoIP applications Mobile Security, Smartphone Messengers, Transport Layer for smartphones have seen a massive surge in popularity, which has also sparked the interest in research related to the security of these applications. Various security researchers 1. INTRODUCTION & RELATED WORK and institutions have performed in-depth analyses of specific With the ever increasing popularity of OTT (over-the- applications or vulnerabilities. This paper gives an overview top) messaging in recent years and massively successful ap- of the status quo in terms of security for a number of se- plications such as WhatsApp, Line and WeChat claiming to lected applications in comparison to a previous evaluation have active monthly user bases of up to 400 million users conducted two years ago, as well as performing an analysis or more [13, 10, 12], large numbers of similar applications on some new applications. The evaluation methods mostly have emerged on the mobile app market trying to imitate focus on known vulnerabilities in connection with authen- those huge successes. In 2012 the number of messages sent tication and validation mechanisms but also describe some over OTT networks had eclipsed the number of SMS mes- newly identified attack vectors. The results show a predomi- sages, with researchers projecting OTT messages to exceed nantly positive trend for new applications, which are mostly SMS by a factor of 4 by the year 2017 [18]. The fast growth being developed with robust security and privacy features, and large number of available applications in a relatively while some of the older applications have shown little to no young field naturally causes many of them being developed progress in this regard or have even introduced new vulner- without sufficient security in mind. Schrittwieser et al. [15] abilities in recent versions. and Cheng et al. [3] describe various attack scenarios and possible implications of security vulnerabilities related to these kinds of applications. Other research focused further on the consequences of vulnerabilities in those applications, Categories and Subject Descriptors e.g. privacy[17] or the system architecture [2]. The security C.2.4 [Distributed Systems]: [Distributed Applications]; functionality of smartphone operating systems are widely D.4.6 [Security and Protection]: Access controls studied [5, 6, 7, 4, 8], app specific vulnerabilities further exist. The goal of this paper is to follow up previous research General Terms by re-evaluating existing applications to show advances in the security field as well as examining newly emerged ones Security, Experimentation for known or potentially new vulnerability patterns. User authentication is a popular field of ongoing research [16, 1], especially in web services [9] and distributed systems [11]. We re-evaluate the security of the authentication system of mobile messaging apps two years after the publication of Permission to make digital or hard copies of all or part of this work for critical vulnerabilities. personal or classroom use is granted without fee provided that copies are As the number of OTT messaging applications is very not made or distributed for profit or commercial advantage and that copies large, we will focus only on a subset of the available applica- bear this notice and the full citation on the first page. To copy otherwise, to tions (namely those that utilize the users' phone number for republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. establishing their identity) and attempt to circumvent the Copyright 2014 ACM 978-1-4503-3001-5/14/12 ...$15.00. various included authentication and security mechanisms. Section 2 will give an overview of the basic features and iOS characteristics of the applications in question as well as their The iOS API that integrates with phone features, such as platforms. The evaluation methods used and possible at- incoming and outgoing SMS, is rather limited by design { tacks are described in Section 3. Section 4 contains the de- for instance it does not allow an application to automatically tailed results of the evaluation along with identified weak- extract the phone number (which means a new registrant al- nesses or potential problems. Section 5 will conclude the ways has to enter the number her/himself) nor does it allow results of the research and give some final recommendations it to programmatically send and receive text messages (it for future development in the area. can however open the messaging app with a pre-populated recipient and message field { the application Forfone does 2. MESSAGING APPLICATIONS this, for example). This means that generally the registra- tion process cannot be automated and the user's input is Similar to the previous work of Schrittwieser et al. [15] we usually required at least twice - first when entering their are only looking at applications that solely rely on the users' phone number and subsequently when entering the verifica- phone number in the verification process, i.e. no passwords tion code. are involved. Generally this means that a new user has to One thing that stood out positively in regards to privacy enter his phone number when registering an account. The was the fact that whenever an application tried to upload application will use this number as a means of identifying the phone's contact list, a dialogue would open, asking the the user. To prevent malicious attackers from simply en- user whether this should be allowed or not. If the user re- tering arbitrary phone numbers to impersonate their target, fused, most applications would simply continue operating most applications include some sort of verification process without uploading the contacts. to make sure that the entered phone number actually be- longs to the user. The way this verification is done varies Android between applications, but it usually involves some kind of Android on the other hand has a very flexible and pow- authentication token (in most cases this is simply a 4 to 6- erful API that allows lots of advanced features. Most of digit number) being communicated between the server and the analyzed applications would automatically extract the the phone in a way that enables the server to establish the phone number and pre-populate the input field (although authenticity of the entered phone number. This is almost one could edit the number in all cases) and some even had a universally done through SMS, although the actual protocol completely automated verification system: They would send can be vastly different in terms of implementation and secu- the registration request to the server, intercept the incoming rity. Most applications will simply send a short verification SMS from within the application and immediately parse and code per SMS to the number that the user is trying to reg- attempt to validate the received code. This usually worked ister which they then have to copy into the application in fine when registering a legitimate phone, but as soon as a order to prove that they are actually the owner of the given different number was entered (so the verification message phone number. The individual protocols and their identified would not be sent to the correct phone) most of the applica- flaws will be outlined in Section 4. tions would simply open a prompt to enter the received code It should also be noted that while many popular instant manually. The Android API even allows automated send- messaging applications use the aforementioned (or a simi- ing of SMS messages from within the application which was lar) approach, there is also a multitude of applications avail- used in some cases for a sort of reverse-verification, where able that use more traditional username/password or email- the phone would send an active text message to the server address/password combinations for authenticating users. instead of the other way around. This approach comes with Those applications and methods may introduce their own its own set of vulnerabilities, which will be described in the vulnerabilities, but in general their potential for abuse and appropriate section. impersonation is somewhat lower as usernames can be cho- Furthermore, the way Android's permission system works sen arbitrarily and are not directly associated with a per- (the user has to accept a set of required permissions only son's identity in the same way a phone number or an email once during installation of an application) makes the appli- address are. On the other hand, email authentications usu- cations intransparent with respect to what they are doing ally use some sort of activation email to verify the legitimacy with one's data. Contacts will be uploaded automatically of the address and the identity of the user { in that regard in most cases with no way of opting out (other than not they are technically similar to some of the SMS-based pro- installing the application), and access to the messaging sys- tocols described here, although email-based authentication tem means that the application could theoretically send out methods are a much older concept and as such are generally unrequested (paid) messages to any of the user's contacts. more refined and better established than the relatively new, SMS-based protocols. 3. EVALUATION Platform Specifics Since testing was done on two different platforms, Android 3.1 Methods (4.1.2) and iOS (6.1.3), we outline some of the more common The actual evaluation consisted of two groups of appli- differences we have experienced between them regarding the cations - first we re-evaluated all of the applications that authentication mechanisms.
Load more

Recommended publications
  • Kakaotalk Theme Guide
    kakaotalkThemeGuide Creat My Own Theme Android UPDATE 2017/02/23 STEP1 Check Points Customized Themes Create a unique look and feel that is all your own. With the custom theme feature, you can transform your wallpaper, chat bubbles, font, color scheme and more. Check point - This feature is available in KakaoTalk version 5.1.0 or later. - The color of the text can be changed. - Layout cannot be modified. - Produce based on a 480PX x 800PX (HDPI) resolution. - Produse based on a 1080x1920(xxhdpi) resolution Download File KakaoTalk Theme has been designed so that it is created in an APK file format, with execution speed and scalability in mind kakao.com > services > kakaotalk > Customized Themes download KakaoTalk sample themes. http://www.kakao.com/services/talk/theme STEP2 Modify Resources 1) Modify Images The package name/res/drawable-xxhdpi folder contains sample images that can be modified using the theme function. Refer to the resources list in the “Check Modifiable Resource” page and replace the image you wish to change with the identical file name. For example, if you wish to change the Splash screen that is displayed when KakaoTalk is executed, then change the thm_general_splash_img.png file shown in the folder above. Leave as-is or delete if there is no image that needs to be changed. Images that change size depending on the size of the phone or the situation are those categorized as “9-patch” in the recommended type column in the list and requires additional modification. Please refer to the URL below for more information on 9-patch.
    [Show full text]
  • Uila Supported Apps
    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
    [Show full text]
  • AVG Android App Performance and Trend Report H1 2016
    AndroidTM App Performance & Trend Report H1 2016 By AVG® Technologies Table of Contents Executive Summary .....................................................................................2-3 A Insights and Analysis ..................................................................................4-8 B Key Findings .....................................................................................................9 Top 50 Installed Apps .................................................................................... 9-10 World’s Greediest Mobile Apps .......................................................................11-12 Top Ten Battery Drainers ...............................................................................13-14 Top Ten Storage Hogs ..................................................................................15-16 Click Top Ten Data Trafc Hogs ..............................................................................17-18 here Mobile Gaming - What Gamers Should Know ........................................................ 19 C Addressing the Issues ...................................................................................20 Contact Information ...............................................................................21 D Appendices: App Resource Consumption Analysis ...................................22 United States ....................................................................................23-25 United Kingdom .................................................................................26-28
    [Show full text]
  • Instant Messaging Market, 2009-2013 Executive Summary
    THE RADICATI GROUP, INC. A TECHNOLOGY MARKET RESEARCH FIRM 1900 EMBARCADERO ROAD, SUITE 206. • PALO ALTO, CA 94303 TEL. 650 322-8059 • FAX 650 322-8061 Instant Messaging Market, 2009-2013 Editor: Sara Radicati, Ph.D; Principal Analyst: Todd Yamasaki SCOPE This study examines the market for Instant Messaging (IM) solutions from 2009 to 2013. It provides extensive data regarding current installed base, broken out by region, business size, and other variables, including four year forecasts. This report also examines IM solution features, business strategies, plus product strengths and weaknesses. All market numbers, such as market size, forecasts, installed base, and any financial information presented in this study represent worldwide figures, unless otherwise indicated. All pricing numbers are expressed in $USD. METHODOLOGY The information and analysis in this report is based on primary research conducted by The Radicati Group, Inc. It consists of information collected from vendors, and users within global corporations via interviews and surveys. Secondary research sources have also been used, where appropriate, to cross-check the information collected. These include company annual reports and market size information from various market segments of the computer industry. EUROPE: 29E FITZJOHNS AVE • LONDON NW3 5JY • TEL. +44 (0)207 794 4298 • FAX. +44 (0)207 431 9375 e-mail: [email protected] http://www.radicati.com Instant Messaging Market, 2009-2013 – Executive Summary EXECUTIVE SUMMARY EXECUTIVE SUMMARY This study looks at the Instant Messaging market as comprising four different market segments: o Public IM networks – This segment includes free IM services which primarily target consumers, but are also prevalent amongst business users.
    [Show full text]
  • Survey of Instant Messaging Applications Encryption Methods
    Avrupa Bilim ve Teknoloji Dergisi European Journal of Science and Technology Cilt. 2, No. 4, S. 112-117, Haziran 2015 Vol. 2, No. 4, pp. 112-117, June 2015 © Telif hakkı EJOSAT’a aittir Copyright © 2014 EJOSAT Araştırma Makalesi www.ejosat.com ISSN:2148-2683 Research Article Survey of Instant Messaging Applications Encryption Methods Abdullah Talha Kabakus1*, Resul Kara2 1 Abant Izzet Baysal University, IT Center, 14280, Bolu, Turkey 2 Duzce University, Faculty of Engineering, Department of Computer Engineering, 81620, Duzce, Turkey (First received 15 February 2015 and in final form 29 May 2015) Abstract Instant messaging applications has already taken the place of traditional Short Messaging Service (SMS) and Multimedia Messaging Service (MMS) due to their popularity and usage easement they provide. Users of instant messaging applications are able to send both text and audio messages, different types of attachments such as photos, videos, and contact information to their contacts in real time. Because of instant messaging applications use internet instead of Short Message Service Technical Realization (GSM), they are free to use and they only require internet connection which is the most common way of communication today. The critical point here is providing privacy of these messages in order to prevent any vulnerable points for hackers and cyber criminals. According to the latest research by PricewaterhouseCoopers, percentage of global cyber attacks is increased to 48% with 42.8 million detected incidents. Another report that is published by security company Postini indicates that 90% of instant messaging targeted threats are highly destructive worms. In this study, instant messaging applications encryption methods are comparatively presented.
    [Show full text]
  • Security System for Mobile Messaging Applications Pejman Dashtinejad
    Security System for Mobile Messaging Applications Pejman Dashtinejad Master of Science Thesis Stockholm, Sweden TRITA–ICT–EX-2015:2 Introduction | 1 Security System for Mobile Messaging Applications Pejman Dashtinejad 8 January 2015 Master of Science Thesis Examiner Professor Sead Muftic Department of ICT KTH University SE-100 44 Stockholm, Sweden TRITA–ICT–EX-2015:2 Abstract | iii Abstract Instant messaging (IM) applications are one of the most popular applications for smartphones. The IMs have the capability of sending messages or initiating voice calls via Internet which makes it almost cost free for the users to communicate with each other. Unfortunately, like any other type of applications, majority of these applications are vulnerable to malicious attacks and have privacy issues. The motivation for this thesis is the need to identifying security services of an IM application and to design a secure system for any mobile messaging application. This research proposes an E2EE (End-to-End Encryption) approach which provides a secure IM application design which protects its users with better integrity, confidentiality and privacy. To achieve this goal a research is conducted to investigate current security features of popular messaging applications in the mobile market. A list of requirements for good security is generated and based on those requirements an architecture is designed. A demo is also implemented and evaluated. Keywords: Mobile, Application, messaging, Chat, Encryption, Security Acknowledgments | v Acknowledgments First and foremost, thank you God to give me another chance to complete my higher education and to learn enormous skills and knowledge through all these years of study at the university.
    [Show full text]
  • Executive Summary
    Executive Summary Chat apps are quickly becoming the preferred medium for digital communication in some of the world’s fastest-growing markets. Global monthly users of the top four chat apps (WhatsApp, Messenger, WeChat, and Viber) now exceed those of the top four traditional social media networks (Facebook, Instagram, Twitter, and LinkedIn) (Business Insider Intelligence, 2017). The most popular chat app, WeChat, had 889 million monthly active users as of Q4 2016 (according to Tencent Penguin Intelligence’s 2017 WeChat User Behavior Report [as cited in Brennan, 2017]). Given these radical shifts, the Institute for the Future (IFTF), with support from the Google News Lab, conducted an ethnographic case study of the chat app news media ecosystem in Korea. The goal was to better understand the role chat apps will play in the creation and propagation of news around the world, highlighting key challenges and opportunities for newsrooms and journalists. Our study focuses primarily on KakaoTalk, the most popular chat app in South Korea. South Korea has the fastest internet speed in the world (averaging 28.6 Mbps in the first quarter of 2017 [Akamai, 2017]), the highest smartphone ownership rates in the world (Hana, 2016), free access to global media and internet, and high saturation of both indigenous (KakaoTalk) and foreign chat apps, making the country a good indicator where news media are headed both in the region and around the world. We found three key insights for journalists and newsrooms to consider: 1. MILLIONS OF ORDINARY PEOPLE ARE DRIVING THE FLOW OF NEWS THROUGH CHAT APPS, FURTHER EVOLVING THE INFORMATION ECOSYSTEM IN THE DIGITAL WORLD: The flow of information today within chat apps is similar to a massive, virtual version of the children’s game of telephone, in which individuals whisper messages to each other one by one, the final message inevitably differing significantly from the original.
    [Show full text]
  • Forensic Analysis of the Backup Database File in Kakaotalk Messenger
    Forensic analysis of the backup database file in KakaoTalk messenger Jusop Choi∗, Jaewoo Parky and Hyoungshick Kimy ∗Department of Computer Science and Engineering, Sungkyunkwan University, Republic of Korea Email : [email protected] yDepartment of Software, Sungkyunkwan University, Republic of Korea Email : fbluereaper, [email protected] Abstract—Instant messaging services should be designed to A security practice commonly used in IM applications is to securely protect their users’ personal contents such as chat encrypt such sensitive files with a key that the IM application messages, photos and video clips against a wide range of attacks. can only access. Needless to say, the security of this security In general, such contents are securely encrypted in storage. In this paper, however, we demonstrated that the backup database practice strongly relies on the protection of the encryption key. file for chat messages in KakaoTalk (the most popularly used Our research was motivated to check whether the protection instant messaging service in Republic of Korea, http://www. of the encryption key in IM applications would actually be kakao.com/talk/en) can be leaked to unauthorized users. We acceptable to the standard criteria in the information security carefully examined the backup procedure in KakaoTalk through community. reverse engineering the KakaoTalk application to analyze how the backup database file was encrypted and the encryption key can In order to provide practical answers to this research be generated. Our analysis showed that the encrypted database question, we examined the key protection implementation in is susceptible to off-line password guessing attacks. Based on this IM applications through a case study of KakaoTalk (http: finding, we recommend that a secure key generation technique //www.kakao.com/talk/en) that is the most popularly used IM should be designed to improve resistance against offline password guessing attacks by using a random secret number to generate application in South Korea with more than 49.1 million active the encryption key.
    [Show full text]
  • Private Status Sharing and Sender-Controlled Notifications In
    I Share, You Care: Private Status Sharing and Sender-Controlled Notifications in Mobile Instant Messaging 34 HYUNSUNG CHO, KAIST, Republic of Korea JINYOUNG OH, KAIST, Republic of Korea JUHO KIM, KAIST, Republic of Korea SUNG-JU LEE, KAIST, Republic of Korea While mobile instant messaging (MIM) facilitates ubiquitous interpersonal communication, its constant connectivity could build the expectation of an immediate response to messages, and its notifications flood could cause interruptions at inopportune moments. We examine two design concepts for MIM—private status sharing and sender-controlled notifications—that aim to lower the pressure for an immediate reply and reduce unnecessary interruptions by untimely notifications. Private status sharing reactively reveals a customized status with a selected partner(s) only when the partner has sent a message. Sender-controlled notifications give senders the control of choosing whether to send a notification for their own messages. We built MyButler, an Android app prototype that instantiates these two concepts and integrated it with KakaoTalk, a commercial MIM app. During a two-week field study with 11 pairs (5 couples and 6 friend pairs), participants expressed themselves through a total of 210 different statuses, 64.3% of which indicated the current activity or task ofthe user. Participants reported that private status sharing enabled them to explain their unavailability and relieved the pressure and expectations for timely attendance. We reveal more findings on the types of privately shared statuses and their roles in MIM communication; the in-situ behaviors and patterns of using sender-controlled notifications; and the motivations of MIM users in choosing whether to alert their messages.
    [Show full text]
  • Guess Who's Texting You? Evaluating the Security of Smartphone
    Guess Who’s Texting You? Evaluating the Security of Smartphone Messaging Applications Sebastian Schrittwieser, Peter Fruhwirt,¨ Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, Edgar Weippl SBA Research gGmbH Vienna, Austria (1stletterfirstname)(lastname)@sba-research.org Abstract been the subject of an ample amount of past research. The common advantages of the tools we examined lie in In recent months a new generation of mobile messag- very simple and fast setup routines combined with the possi- ing and VoIP applications for smartphones was introduced. bility to incorporate existing on-device address books. Ad- These services offer free calls and text messages to other ditionally these services offer communication free of charge subscribers, providing an Internet-based alternative to the and thus pose a low entry barrier to potential customers. traditional communication methods managed by cellular However, we find that the very design of most of these mes- network carriers such as SMS, MMS and voice calls. While saging systems thwarts their security measures, leading to user numbers are estimated in the millions, very little atten- issues such as the possibility for communication without tion has so far been paid to the security measures (or lack proper sender authentication. thereof) implemented by these providers. The main contribution of our paper is an evaluation of the In this paper we analyze nine popular mobile messaging security of mobile messaging applications with the afore- and VoIP applications and evaluate their security models mentioned properties and the possibilities of abuse in real- with a focus on authentication mechanisms. We find that a world scenarios.
    [Show full text]
  • Case No COMP/M.6281 - MICROSOFT/ SKYPE
    EN Case No COMP/M.6281 - MICROSOFT/ SKYPE Only the English text is available and authentic. REGULATION (EC) No 139/2004 MERGER PROCEDURE Article 6(1)(b) NON-OPPOSITION Date: 07/10/2011 In electronic form on the EUR-Lex website under document number 32011M6281 Office for Publications of the European Union L-2985 Luxembourg EUROPEAN COMMISSION Brussels, 07/10/2011 C(2011)7279 In the published version of this decision, some information has been omitted pursuant to Article MERGER PROCEDURE 17(2) of Council Regulation (EC) No 139/2004 concerning non-disclosure of business secrets and other confidential information. The omissions are shown thus […]. Where possible the information omitted has been replaced by ranges of figures or a general description. PUBLIC VERSION To the notifying party: Dear Sir/Madam, Subject: Case No COMP/M.6281 - Microsoft/ Skype Commission decision pursuant to Article 6(1)(b) of Council Regulation No 139/20041 1. On 02.09.2011, the European Commission received notification of a proposed concentration pursuant to Article 4 of the Merger Regulation by which the undertaking Microsoft Corporation, USA (hereinafter "Microsoft"), acquires within the meaning of Article 3(1)(b) of the Merger Regulation control of the whole of the undertaking Skype Global S.a.r.l, Luxembourg (hereinafter "Skype"), by way of purchase of shares2. Microsoft and Skype are designated hereinafter as "parties to the notified operation" or "the parties". I. THE PARTIES 2. Microsoft is active in the design, development and supply of computer software and the supply of related services. The transaction concerns Microsoft's communication services, in particular the services offered under the brands "Windows Live Messenger" (hereinafter "WLM") for consumers and "Lync" for enterprises.
    [Show full text]
  • Secure Browser-Based Instant Messaging
    Brigham Young University BYU ScholarsArchive Theses and Dissertations 2012-09-22 Secure Browser-Based Instant Messaging Christopher Douglas Robison Brigham Young University - Provo Follow this and additional works at: https://scholarsarchive.byu.edu/etd Part of the Computer Sciences Commons BYU ScholarsArchive Citation Robison, Christopher Douglas, "Secure Browser-Based Instant Messaging" (2012). Theses and Dissertations. 3372. https://scholarsarchive.byu.edu/etd/3372 This Thesis is brought to you for free and open access by BYU ScholarsArchive. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of BYU ScholarsArchive. For more information, please contact [email protected], [email protected]. Secure Browser-Based Instant Messaging Christopher D. Robison A thesis submitted to the faculty of Brigham Young University in partial fulfillment of the requirements for the degree of Master of Science Kent E. Seamons, Chair Daniel M. A. Zappala Sean C. Warnick Department of Computer Science Brigham Young University December 2012 Copyright c 2012 Christopher D. Robison All Rights Reserved ABSTRACT Secure Browser-Based Instant Messaging Christopher D. Robison Department of Computer Science, BYU Master of Science Instant messaging is a popular form of communication over the Internet. Statistics show that instant messaging has overtaken email in popularity. Traditionally, instant messaging has consisted of a desktop client communicating with other clients via an instant messaging service provider. However, instant messaging solutions are starting to become available in the web browser{services like Google Talk, Live Messenger and Facebook. Despite the work done by researchers to secure instant messaging networks, little work has been done to secure instant messaging in the browser.
    [Show full text]