DOCSLIB.ORG

Forensic Artefacts Left by Pidgin Messenger 2.0

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

digital investigation 4 (2007) 138–145 available at www.sciencedirect.com journal homepage: www.elsevier.com/locate/diin Forensic artefacts left by Pidgin Messenger 2.0 Wouter S. van Dongen Fox-IT Forensic IT Experts, Olof Palmestraat 6, 2616 LM Delft, The Netherlands article info abstract Article history: Pidgin, formerly known as Gaim, is a multi-protocol instant messaging (IM) client that sup- Received 23 July 2007 ports communication on most of the popular IM networks. Pidgin is chiefly popular under Revised 23 November 2007 Linux, and is available for Windows, BSD and other UNIX versions. This article presents Accepted 21 January 2008 a number of traces that are left behind after the use of Pidgin on Linux, enabling digital in- vestigators to search for and interpret instant messaging activities, including online con- Keywords: versations and file transfers. Specifically, the contents and structures of user settings, log Pidgin files, contact files and the swap partition are discussed. In addition looking for such infor- Gaim mation in active files on a computer, forensic examiners can recover deleted items by Instant messenger searching a hard drive for file signatures and known file structures detailed in this article. Internet chat ª 2008 Elsevier Ltd. All rights reserved. Linux messenger MSN ICQ Yahoo! IRC 1. Introduction Gaim would become Pidgin, libgaim would become libpurple, and gaim-text would become finch. The name Pidgin was cho- This article is a continuation of the series of articles dealing sen as a reference to the term ‘Pidgin’, which describes com- with artefacts left by popular instant messaging clients. Previ- munication between people who do not share a common ous articles in this series covered MSN (Dickson, 2006a), Yahoo language. The name ‘purple’ refers to ‘prpl’, the internal lib- (Dickson, 2006b), AOL (Dickson, 2006c), Trillian (Dickson, gaim name for an instant messaging protocol (Wikipedia.org, 2007), and Windows Live Messenger (van Dongen, 2007). One 2007). popular instant messaging client that has not been described Pidgin users can simultaneously logon to different IM net- yet in this series is Pidgin. works. This means, for example, that it is possible to commu- Pidgin is a multi-protocol instant messaging client avail- nicate with contacts on AOL Instant Messenger, MSN able for Windows, Linux, BSD, and other UNIX versions. Pidgin Messenger and ICQ at the same time. Pidgin is compatible is included in most Linux distributions by default and is there- with the following protocols: fore particularly popular among Linux users. Pidgin was orig- inally known as GTKþ AOL Instant Messenger but, after AOL AIM complained about the use of their name, the project was Bonjour renamed to Gaim. AOL then trademarked the acronym ‘AIM’ Gadu-Gadu of their popular instant messaging client AOL Instant Messen- Groupwise ger which eventually led to a final series of name changes: ICQ E-mail address: [email protected] 1742-2876/$ – see front matter ª 2008 Elsevier Ltd. All rights reserved. doi:10.1016/j.diin.2008.01.002 digital investigation 4 (2007) 138–145 139 IRC that were associated to findings were carefully checked by us- Jabber ing the following evaluation questions: MSN QQ Are all the experiments which are carried out relevant for SIMPLE the conclusion? Sametime Have sufficient experiments been carried out in order to give XMPP a well-founded conclusion? Yahoo! Are there any counter examples? Zephyr Pidgin supports the basic functionalities of these IM net- works, such as file transfers, display pictures, messages with 3. Results emotions and notification when a contact is typing a message. Audio and video functionality is not currently supported in 3.1. Which accounts are used? Pidgin. This article explains several traces that are left behind after A question that generally arises in investigations involving in- using Pidgin 2.0 on Linux. The most popular protocols were stant messaging communications is which accounts were examined: MSN, ICQ, IRC and Yahoo!. Although this article used on the subject computer system. There are four ways focuses on Linux, the same artefacts can be found on Windows to determine which accounts are used by Pidgin. The first systems. and most evident way is to check the file ‘accounts.xml’. All This paper first outlines the research methodology used, IM accounts used by Pidgin are stored in the file named and then describes the results in eight sections. Section 3.1 ‘accounts.xml’ in the directory ‘/home/<user>/.purple/’. The starts with artefacts that are used to identify the instant mes- ‘accounts.xml’ configuration file is updated instantly when saging accounts used on the computer. Section 3.2 shows the user edits or removes an account, therefore no traces of re- where contact files of Pidgin can be found and what useful in- moved accounts can be found in this file. The standard header formation they contain. Section 3.3 ‘Preferences and user set- and footer of the ‘accounts.xml’ file are shown below and can tings’ details the preferences and settings that can be found in be used to salvage the file from the free space and slack space Pidgin. Section 3.4 ‘Conversation content’ explains how con- after it is removed. versation content can be found on the hard disk. Logging is Header of ‘accounts.xml’ file: explained in Section 3.5 and is followed by Section 3.6 about transmitted files. The result of de-installation of Pidgin is explained in Section 3.7. Finally, a quick reference regarding Pidgin on Microsoft Windows is provided, and the article con- <?xml version¼‘1.0’ encoding¼‘UTF-8’ ?> cludes with a summary of results. <account version¼‘1.0’> Footer of ‘accounts.xml’ file: 2. Methodology The Pidgin examination was conducted on Linux Ubuntu 6.10, </account> and the observed traces were also confirmed in Linux Fedora 7 and Linux Ubuntu 7.04. In preparation for the actual research, Pidgin was installed Each account is stored within an <account> tag. Within and configured with all of its functionalities. Using these func- this tag an account can be identified by the tags <protocol>, tionalities, test scenarios were created in VMware (Virtual <name>, <statuses> and <settings>. The <protocol> tag de- machines, available from http://www.vmware.com). Forensic scribes the protocol of the IM network, the <name> tag holds images were created and analyzed with AccessData Forensic the account, followed by the <password> tag, which holds the Toolkit (available from http://www.accessdata.com) version password of the account in plain text if the user has config- 1.62.1. Each scenario was conducted on a cleancopy of a VMware ured Pidgin to remember the password. An example of this in- image. Furthermore, a live analysis of the VMware images was formation for an ICQ account is provided here performed while the system uses the GNU Project Debugger (available from: http://sourceware.org/gdb/), Strace (available from: http://sourceforge.net/projects/strace/) and Pidgin’s inter- nal debug function to monitor file and system activity, Winhex <?xml version¼‘1.0’ encoding¼‘UTF-8’ ?> (available from http://www.x-ways.net) for the examination of <account version¼‘1.0’> the virtual memory and files, and Wireshark (available from <account> http://www.wireshark.org) to monitor TCP/IP traffic. <protocol>prpl-icq</protocol> Before analyzing the test scenarios, the ‘basic’ scenarios in- <name>392207942</name> stallation and first login attempt were investigated. After ana- <password>123456</password> lyzing all the test scenarios, the result of the de-installation of <statuses> Pidgin was examined. The plausibility of all the conclusions Download English Version: https://daneshyari.com/en/article/456572 Download Persian Version: https://daneshyari.com/article/456572 Daneshyari.com.
Recommended publications
  • Instant Messaging: Keeping Your Child Safe and Secure

    Instant Messaging: Keeping Your Child Safe and Secure

    Online Instant Messaging: Keeping Your Child Safe and Secure Presented by: Meredith Stannard, Nauset Regional High School [email protected] Barbara Dominic, Nauset Regional Middle School [email protected] Kathy Schrock, Nauset Public Schools [email protected] Spring 2003 1 Instant messages are lasting ©2001. USA Today. http://www.usatoday.com/tech/news/2001-06-21-teens-im-lasting.htm By Karen Thomas, USA TODAY Breaking up. Making up. Making plans. Asking out. Saying "hey." From the mundane to the emotionally charged, there are no limits to the ways today's kids connect and bond over instant messages (IMs) — those pop-up text windows used for carrying on real-time conversations online. "It's not just empty chatter. They're using (IMs) to have difficult conversations — someone's talking behind your back and you want to confront them," says Amanda Lenhart of the Pew Internet & American Life project. Its survey, out Thursday, finds that nearly three-fourths of online kids ages 12 to 17 rely on IMs to keep in touch with friends. Caroline Barker, 16, is among 35% of teens who use IMs daily; she chats with about 10 close friends and 50 acquaintances in the Bethesda, Md., area. "It's especially good for making plans, or if you're just bored," she says. "It's a given that everybody has it," adds her friend Valerie Hutchins, 15. These Maryland friends IM while doing homework, talking on the phone and watching TV. And they offer insight to the complex social rules that come with a form of communication that still has many adults bewildered.
  • CCIA Comments in ITU CWG-Internet OTT Open Consultation.Pdf

    CCIA Comments in ITU CWG-Internet OTT Open Consultation.Pdf

    CCIA Response to the Open Consultation of the ITU Council Working Group on International Internet-related Public Policy Issues (CWG-Internet) on the “Public Policy considerations for OTTs” Summary. The Computer & Communications Industry Association welcomes this opportunity to present the views of the tech sector to the ITU’s Open Consultation of the CWG-Internet on the “Public Policy considerations for OTTs”.1 CCIA acknowledges the ITU’s expertise in the areas of international, technical standards development and spectrum coordination and its ambition to help improve access to ICTs to underserved communities worldwide. We remain supporters of the ITU’s important work within its current mandate and remit; however, we strongly oppose expanding the ITU’s work program to include Internet and content-related issues and Internet-enabled applications that are well beyond its mandate and core competencies. Furthermore, such an expansion would regrettably divert the ITU’s resources away from its globally-recognized core competencies. The Internet is an unparalleled engine of economic growth enabling commerce, social development and freedom of expression. Recent research notes the vast economic and societal benefits from Rich Interaction Applications (RIAs), a term that refers to applications that facilitate “rich interaction” such as photo/video sharing, money transferring, in-app gaming, location sharing, translation, and chat among individuals, groups and enterprises.2 Global GDP has increased US$5.6 trillion for every ten percent increase in the usage of RIAs across 164 countries over 16 years (2000 to 2015).3 However, these economic and societal benefits are at risk if RIAs are subjected to sweeping regulations.
  • Business-To-Government Malware”

    Business-To-Government Malware”

    HACKINGTEAM AND GAMMA INTERNATIONAL IN “BUSINESS-TO-GOVERNMENT MALWARE” Sergey @k1k Golovanov, Malware Expert Kaspersky Lab MAIL_TO:[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] ... DATE_TIME: 24.07.2012 5:52:00 ATTCH: AbodeFlashPlayer.zip (~1M) TEXT: From: Kev http://www.slate.com/blogs/future_tense/2012/08/20/moroccan_websi te_mamfakinch_targeted_by_government_grade_spyware_from_hac king_team_.html http://www.bloomberg.com/photo/security- researcher-morgan-marquis-boire- /214749.html HOW WE CAN BE SURE THAT IT IS HACKINGTEAM? Remote Control System (RCS) http://www.hackingteam.it/index.php/remote-control-system HOW WE CAN BE SURE THAT IT IS HACKINGTEAM? https://www.virustotal.com/en/file/81e9647a3371568cddd0a4db597de8423179773d910 d9a7b3d945cb2c3b7e1c2/analysis/ hxxp://rcs-demo.hackingteam.it/***ploit.doc2 HOW WE CAN BE SURE THAT IT IS HACKINGTEAM? /Users/guido/Projects/driver-macos/ WHAT CAN IT DO? http://wikileaks.org/spyfiles/files/0/31_200810-ISS-PRG- HACKINGTEAM.pdf WHAT CAN IT DO? 1.Self-replication via USB flash drive (3 methods) 2. Infection of virtual VMware machines by copying itself into the autorun folder on the virtual drive 3. Infection of mobile BlackBerry and Windows CE devices 4. Ability to self-update 5. Installation of drivers 6. Signed HOW IT IS PROPAGATING? 1.Social engineering: Self-signed JAR files Filenames like FlashUpdate.exe 2.
  • A Conceptual Framework

    A Conceptual Framework

    Supply Chain Practice, Supply Chain Performance Indicators and Competitive Advantage of Australian Beef Enterprises: A Conceptual Framework Conference : Australian Agricultural and Resource Economics Society (AARES 51st Annual Conference) Place : Rydges Lakeland Resort Queenstown, New Zealand Date : 13-16 February 2007 Topic Area of the submission : Agribusiness Supply Chain Management Presentation format : Full Paper Name of the author(s) : 1. Jie, Ferry 2. Parton, Kevin 3. Cox, Rodney Department and Affiliation : Faculty of Rural Management University of Sydney Mailing Address : Leeds Parade, Orange NSW PO Box 883-Orange, NSW 2800 Australia Email Addresses : 1. [email protected] 2. [email protected] 3. [email protected] Phone Number : +61-2-63605500 1 Supply Chain Practice, Supply Chain Performance Indicators and Competitive Advantage of Australian Beef Enterprises: A Conceptual Framework Authors: 1. Ferry Jie – PhD Candidature, Faculty of Rural Management, University of Sydney, Australia 2. Prof Kevin Parton – Principal Supervisor, School of Rural Management, Charles Sturt University 3. Mr. Rod Cox – Co Supervisor, School of Rural Management, Charles Sturt University Abstract This research focuses on an Australian agribusiness supply chain, the Australian Beef Supply Chain. The definition of the Australian Beef Supply Chain is the chain or sequence of all activities from the breeding property to the domestic or overseas consumers. The beef sector in Australia is undergoing rapid change because of globalisation, a highly competitive beef market (local and export), quicker production cycle and delivery times and consequently reduced inventories, a general speed-up of the rate of change in the business environment, the trend toward more outsourcing of activities, and the rapid development of IT.
  • Artificial Intelligence and Machine Learning

    Artificial Intelligence and Machine Learning

    ISSUE 1 · 2018 TECHNOLOGY TODAY Highlighting Raytheon’s Engineering & Technology Innovations SPOTLIGHT EYE ON TECHNOLOGY SPECIAL INTEREST Artificial Intelligence Mechanical the invention engine Raytheon receives the 10 millionth and Machine Learning Modular Open Systems U.S. Patent in history at raytheon Architectures Discussing industry shifts toward open standards designs A MESSAGE FROM Welcome to the newly formatted Technology Today magazine. MARK E. While the layout has been updated, the content remains focused on critical Raytheon engineering and technology developments. This edition features Raytheon’s advances in Artificial Intelligence RUSSELL and Machine Learning. Commercial applications of AI and ML — including facial recognition technology for mobile phones and social applications, virtual personal assistants, and mapping service applications that predict traffic congestion Technology Today is published by the Office of — are becoming ubiquitous in today’s society. Furthermore, ML design Engineering, Technology and Mission Assurance. tools provide developers the ability to create and test their own ML-based applications without requiring expertise in the underlying complex VICE PRESIDENT mathematics and computer science. Additionally, in its 2018 National Mark E. Russell Defense Strategy, the United States Department of Defense has recognized the importance of AI and ML as an enabler for maintaining CHIEF TECHNOLOGY OFFICER Bill Kiczuk competitive military advantage. MANAGING EDITORS Raytheon understands the importance of these technologies and Tony Pandiscio is applying AI and ML to solutions where they provide benefit to our Tony Curreri customers, such as in areas of predictive equipment maintenance, SENIOR EDITORS language classification of handwriting, and automatic target recognition. Corey Daniels Not only does ML improve Raytheon products, it also can enhance Eve Hofert our business operations and manufacturing efficiencies by identifying DESIGN, PHOTOGRAPHY AND WEB complex patterns in historical data that result in process improvements.
  • Viral Triggers

    Viral Triggers

    Viral Triggers Instant Messaging Ilia Mirkin [email protected] January 26, 2005 Instant Messaging ! Talk: Communications between terminals ! Zephyr: Developed at MIT; little use outside ! ICQ: First popular IM service ! AIM: At first for AOL members only, later free service to all, but with ads for non-AOL members ! Jabber: Open IM architecture, though similar to AIM in most respects ! MSN/Yahoo/etc: Proprietary but free services similar to AIM ! Rendezvous: Can be used for messaging in LANs ! Skype: Peer-to-peer application for both voice and text Talk ! Originally developed for Multics, in 1973 ! Became a standard UNIX command with 4.2BSD ! Further enhancements to connect terminals over a network, and later, to be able to connect more than 2 parties (Ytalk - 1990) ! Was popular amongst UNIX users since its existence, though no concrete usage statistics are available ! Has become marginalized by other IM systems that do not require people to be logged in on terminals Zephyr Developed at MIT under Project Athena Designed to run under Unix, there are few clients available, as well as few users outside universities Started in the 1980's, has not gained widespread acceptance. However it does provide various security enhancements, such as interoperability with Kerberos Protocol specifications available freely, open source clients ICQ (“I Seek You”) Created by Mirabilis, Inc., in 1996 First IM service to gain wide acceptance, mostly via member- driven advertising Used numbers to identify members (much like Compuserve) Allowed messages to be stored on server and delivered them when the target user would log on Overtaken in popularity by AIM, which allowed people to pick any username Currently accepts new users, but the service has become very similar to AIM, and uses the same servers AOL IM AOL bought up Mirabilis, and recreated ICQ as AIM Two protocols: OSCAR and TOC OSCAR included all the features of AIM, but was closed.
  • Unpermitted Resources

    Unpermitted Resources

    Process Check and Unpermitted Resources Common and Important Virtual Machines Parallels VMware VirtualBox CVMCompiler Windows Virtual PC Other Python Citrix Screen/File Sharing/Saving .exe File Name VNC, VPN, RFS, P2P and SSH Virtual Drives ● Dropbox.exe ● Dropbox ● OneDrive.exe ● OneDrive ● <name>.exe ● Google Drive ● etc. ● iCloud ● etc. Evernote / One Note ● Evernote_---.exe ● onenote.exe Go To Meeting ● gotomeeting launcher.exe / gotomeeting.exe TeamViewer ● TeamViewer.exe Chrome Remote ● remoting_host.exe www.ProctorU.com ● [email protected] ● 888­355­3043 ​ ​ ​ ​ ​ ​ ​ Messaging / Video (IM, IRC) / .exe File Name Audio Bonjour Google Hangouts (chrome.exe - shown as a tab) (Screen Sharing) Skype SkypeC2CPNRSvc.exe Music Streaming ● Spotify.exe (Spotify, Pandora, etc.) ● PandoraService.exe Steam Steam.exe ALL Processes Screen / File Sharing / Messaging / Video (IM, Virtual Machines (VM) Other Saving IRC) / Audio Virtual Box Splashtop Bonjour ● iChat ● iTunes ● iPhoto ● TiVo ● SubEthaEdit ● Contactizer, ● Things ● OmniFocuse phpVirtualBox TeamViewer MobileMe Parallels Sticky Notes Team Speak VMware One Note Ventrilo Windows Virtual PC Dropbox Sandboxd QEM (Linux only) Chrome Remote iStumbler HYPERBOX SkyDrive MSN Chat Boot Camp (dual boot) OneDrive Blackboard Chat CVMCompiler Google Drive Yahoo Messenger Office (Word, Excel, Skype etc.) www.ProctorU.com ● [email protected] ● 888­355­3043 ​ ​ ​ ​ ​ ​ ​ 2X Software Notepad Steam AerooAdmin Paint Origin AetherPal Go To Meeting Spotify Ammyy Admin Jing Facebook Messenger AnyDesk
  • Reading for Empathy, Reflecting for Awareness

    Reading for Empathy, Reflecting for Awareness

    READING FOR EMPATHY, REFLECTING FOR AWARENESS: A PILOT STUDY FOR IMPROVING SELF AND OTHER AWARENESS THROUGH WRITING A DISSERTATION SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY IN THE GRADUATE SCHOOL OF THE TEXAS WOMAN’S UNIVERSITY DEPARTMENT OF ENGLISH, SPEECH, AND FOREIGN LANGUAGES COLLEGE OF ARTS AND SCIENCES BY RACHAEL GRAY REYNOLDS B.A., M.A. DENTON, TEXAS MAY 2018 Copyright © 2018 by Rachael Gray Reynolds DEDICATION To my wife and daughter. For your patience, love, inspiration, and silliness. This may not change the world, but I hope it helps our understanding of it a bit better. ii ACKNOWLEDGEMENTS First, I want to thank my committee members: Dr. Gretchen Busl, Dr. Dundee Lackey, and Dr. Genevieve West. I appreciate all of your thoughtful comments, recommendations, and the discussions we have had throughout the dissertation process, as well as all of those that came before it. Without your brilliance, support, and patience, I do not know that this would have ever made it off the ground, much less become a completed project. I would like to extend a huge thank you to my fellow Graduate Teaching Assistants in the First-Year Composition program for allowing me to visit your classrooms for recruitment, as well as all of the encouragement throughout the process. I am also grateful to all of those who participated in the study and trusted me to get them through a semester long research project without taking too much time away from their own personal educational goals. It was definitely a huge learning process for me; I hope it was a positive learning one for all those involved.
  • Case No COMP/M.6281 - MICROSOFT/ SKYPE

    Case No COMP/M.6281 - MICROSOFT/ SKYPE

    EN Case No COMP/M.6281 - MICROSOFT/ SKYPE Only the English text is available and authentic. REGULATION (EC) No 139/2004 MERGER PROCEDURE Article 6(1)(b) NON-OPPOSITION Date: 07/10/2011 In electronic form on the EUR-Lex website under document number 32011M6281 Office for Publications of the European Union L-2985 Luxembourg EUROPEAN COMMISSION Brussels, 07/10/2011 C(2011)7279 In the published version of this decision, some information has been omitted pursuant to Article MERGER PROCEDURE 17(2) of Council Regulation (EC) No 139/2004 concerning non-disclosure of business secrets and other confidential information. The omissions are shown thus […]. Where possible the information omitted has been replaced by ranges of figures or a general description. PUBLIC VERSION To the notifying party: Dear Sir/Madam, Subject: Case No COMP/M.6281 - Microsoft/ Skype Commission decision pursuant to Article 6(1)(b) of Council Regulation No 139/20041 1. On 02.09.2011, the European Commission received notification of a proposed concentration pursuant to Article 4 of the Merger Regulation by which the undertaking Microsoft Corporation, USA (hereinafter "Microsoft"), acquires within the meaning of Article 3(1)(b) of the Merger Regulation control of the whole of the undertaking Skype Global S.a.r.l, Luxembourg (hereinafter "Skype"), by way of purchase of shares2. Microsoft and Skype are designated hereinafter as "parties to the notified operation" or "the parties". I. THE PARTIES 2. Microsoft is active in the design, development and supply of computer software and the supply of related services. The transaction concerns Microsoft's communication services, in particular the services offered under the brands "Windows Live Messenger" (hereinafter "WLM") for consumers and "Lync" for enterprises.
  • Omnisense™ Analysis Help

    Omnisense™ Analysis Help

    Zephyr Technology OmniSense Analysis Help © 2016 Zephyr Technology OmniSense Help This is the printed version of the OmniSense Help file. Content has been optimised for screen display. In the printed version, page breaks may interrupt continuity. © 2016 Zephyr Technology All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval systems - without the written permission of the publisher. Products that are referred to in this document may be either trademarks and/or registered trademarks of the respective owners. The publisher and the author make no claim to these trademarks. While every precaution has been taken in the preparation of this document, the publisher and the author assume no responsibility for errors or omissions, or for damages resulting from the use of information contained in this document or from the use of programs and source code that may accompany it. In no event shall the publisher and the author be liable for any loss of profit or any other commercial damage caused or alleged to have been caused directly or indirectly by this document. Printed: April 2016 4 Table of Contents Foreword 9 Section 1 Getting Started 10 1 Conta..c.t. .Z..e..p..h..y..r.................................................................................................................... 11 2 New F..e..a..t.u..r..e..s...................................................................................................................... 11 3 Using. .T..h..i.s.. .G..u..i.d..e.................................................................................................................. 16 Section 2 Overview 18 1 Toolb.a..r.. .B..u..t.t.o..n..s................................................................................................................... 20 2 Prefe.r.e..n..c..e..s........................................................................................................................
  • A User Study of Off-The-Record Messaging

    A User Study of Off-The-Record Messaging

    A User Study of Off-the-Record Messaging Ryan Stedman Kayo Yoshida Ian Goldberg University of Waterloo 200 University Avenue West Waterloo, Ontario, Canada N2L 3G1 {rstedman@cs, k2yoshid@math, iang@cs}.uwaterloo.ca ABSTRACT Keywords Instant messaging is a prevalent form of communication ac- OTR, Usable Security, Instant Messaging, Think Aloud ross the Internet, yet most instant messaging services pro- vide little security against eavesdroppers or impersonators. 1. INTRODUCTION There are a variety of existing systems that aim to solve There has been much research into creating privacy-en- this problem, but the one that provides the highest level hancing technologies, especially since the Internet has started of privacy is Off-the-Record Messaging (OTR), which aims to play an essential role in everyday life. However, not many to give instant messaging conversations the level of privacy of these technologies have seen widespread adoption. One available in a face-to-face conversation. In the most recent of the reasons for this is that many of these technologies redesign of OTR, as well as increasing the security of the provide insufficient usability [8]. protocol, one of the goals of the designers was to make OTR The process of evaluating and enhancing usability is im- easier to use, without users needing to understand details of portant in order for a privacy-enhancing technology to pro- computer security such as keys or fingerprints. vide benefits to ordinary users. Since privacy is not just To determine if this design goal has been met, we con- intended for computer scientists or cryptographers, but for ducted a user study of the OTR plugin for the Pidgin in- everyone, these technologies should be accessible to the gen- stant messaging client using the think aloud method.
  • Modern End-To-End Encrypted Messaging for the Desktop

    Modern End-To-End Encrypted Messaging for the Desktop

    Die approbierte Originalversion dieser Diplom-/ Masterarbeit ist in der Hauptbibliothek der Tech- nischen Universität Wien aufgestellt und zugänglich. http://www.ub.tuwien.ac.at The approved original version of this diploma or master thesis is available at the main library of the Vienna University of Technology. http://www.ub.tuwien.ac.at/eng Modern End-to-End Encrypted Messaging for the Desktop DIPLOMARBEIT zur Erlangung des akademischen Grades Diplom-Ingenieur im Rahmen des Studiums Software Engineering and Internet Computing eingereicht von Richard Bayerle Matrikelnummer 1025259 an der Fakultät für Informatik der Technischen Universität Wien Betreuung: Privatdozent Dipl.Ing. Mag. Dr. Edgar Weippl Mitwirkung: Dr. Martin Schmiedecker Wien, 2. Oktober 2017 Richard Bayerle Edgar Weippl Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Modern End-to-End Encrypted Messaging for the Desktop DIPLOMA THESIS submitted in partial fulfillment of the requirements for the degree of Diplom-Ingenieur in Software Engineering and Internet Computing by Richard Bayerle Registration Number 1025259 to the Faculty of Informatics at the TU Wien Advisor: Privatdozent Dipl.Ing. Mag. Dr. Edgar Weippl Assistance: Dr. Martin Schmiedecker Vienna, 2nd October, 2017 Richard Bayerle Edgar Weippl Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Erklärung zur Verfassung der Arbeit Richard Bayerle Seestraße 67 78315 Radolfzell am Bodensee Deutschland Hiermit erkläre ich, dass ich diese Arbeit selbständig verfasst habe, dass ich die verwen- deten Quellen und Hilfsmittel vollständig angegeben habe und dass ich die Stellen der Arbeit – einschließlich Tabellen, Karten und Abbildungen –, die anderen Werken oder dem Internet im Wortlaut oder dem Sinn nach entnommen sind, auf jeden Fall unter Angabe der Quelle als Entlehnung kenntlich gemacht habe.