New Secure IM Client from NTT Due this Year

An anonymous reader writes "NTT in Japan has developed a new TLS-based secure instant messaging system that it says will comply with corporate compliance regulations, such as the post-Enron Sarbanes-Oxley Act. There's a PC version, as well as a Java one for i-Mode cell phones."

Gaim and OTR

[ChazeFroy]

OTR doesn't use TLS, but it does a great job encrypting conversations. Much better approach than SecureIM by Trillian or gaim-encryption.

Re:Gaim and OTR

[Council]

Oh, sweet, this is exactly what I was looking for. I've been using encryption plug-ins for security. What I always felt was missing, though, was a server that "can archive copies of all messages to satisfy provisions of compliance regulations, such as the Sarbanes-Oxley Act." I like secure communication, but I don't like it to be TOO secure. I like encrypting things, but knowing that someone might still be able to read them.

Of course, this is entirely reasonable -- it's not that they're debuting a service that does do that on their central servers. Their package includes a server, so you could turn on these operations if you wanted. Not useful to me, but useful to companies and the like. So no real privacy problems here, and we shouldn't have any real arguments. Corporate systems that log messages are the norm, and no one'll be made to use this for their personal stuff.

Re:Gaim and OTR

[revscat]

For OS X users, the multi-protocol IM client Adium comes with OTR encryption built in by default.

It's a very nice client.

Re:Gaim and OTR

dont forget jabber.org

Re:Gaim and OTR

Your post is technically off-topic because it has nothing to do with the response to which you replied. Learn some manners, asshat.

Re:Gaim and OTR

[brunson]

Nothing like reinventing the wheel.

Jabber can use TLS, it can also use PGP encryption over TLS or an unencrypted TCP connection, it's an open protocol documented in IETF standards track RFCs 3920-3923 and Jabber servers can communicate with each other just like SMTP servers. I installed my Jabber server in an afternoon and I can talk from my server to any other Jabber user, including GoogleTalk users.

Re:Gaim and OTR

[fossa]

Um... OTR is not PGP for a reason. I'm no crypto expert, but with PGP, Alice and Bob know each others public keys. They encrypt messages to each other, and anyone with the secret key, hopefully only Alice or Bob, can decrypt or forge a message. If these messages are stored, any breach due to a trojan, subpoena, etc. will be able to recover the messages.

OTR uses PGP to create a "shared secret" which is used to generate temporary encryption keys for each conversation. During the conversation, the security is the same as in the PGP case. After the conversation, the temporary encryption keys are discarded, so that no one may now decrypt the conversation (at least, they should be discarded). I'm a bit confused on the final step, but I think the shared secret is then published which allows anyone to create new temporary encryption keys which may be used to generate messages that belong to the conversation. This fact may be used to deny the validity of any claimed transcript of the conversation (and this way you don't need to trust that Bob has really discarded the temporary keys).

Re:Gaim and OTR

I think I'll stick with SILC. ;-)

Re:Gaim and OTR

I like how you're calling the person you're trying to teach manners asshat, asshat. ;)

Re:Gaim and OTR

[brunson]

I'm no crypto expert
Clearly.

If someone is able to record the conversation and replay it with a compromised PGP key, then they could capture the key exchange and use that with the compromised PGP key to come up with the "shared secret" (or "session key" as it's referred to in the crypto world). Either you're explaining it badly, or I don't see the benefit. If the keys are compromised, you're fuqued.

The only advantage I see would be added resistance to some sort of attack that leveraged a large quantity of cyphertext to reverse engineer the key pair. Since each session has it's own keypair, it limits the amount of cyphertext that can be captured.

Someone may argue a *slight* advantage when it comes to adding people to the conversation, but PGP allows for encrypting to multiple recipients with different keys. Admittedly, it is more computationally intensive to encrypt to multiple recipients, but how many people are on this conference call?

Re:Gaim and OTR

[brunson]

After reading the FAQ on OTR, I see the other "feature" is deniability, whatever that's worth. If you can't trust the person on the other end of the wire, you shouldn't be saying anything you don't want disclosed. A transcript of the conversation and the other person's statement under oath, or that of the NSA agent that recorded the conversation, is enough for a jury to convict. Everything I said about capturing the key exchange and a compromised PGP key still stands.

Going back to my previous post, i.e. why reinvent the wheel, if OTM can be implemented as a plugin in Gaim, then it could be added to any client. So why invent yet *another* messaging protocol when a perfectly acceptable and interoperable one exists? Oh, right, because they want to lock the users into their network, silly me.

Re:Gaim and OTR

OTR also has identity verification, thereby making it rather difficult for a man to exist in the middle. Eavesdroppers would need to have the keys in order to read the conversation, and even then, the keys are traded and discarded at the end, enabling anyone to forge message logs. It's a really fun technique.

Good for when you want to secretly suggest a direction of inquiry without implicating yourself, among other things.

Re:Gaim and OTR

[fossa]

It's not that a compromised PGP key isn't a problem; it is. During the conversation, you've got the same security as PGP: if your keys are secure, the conversation is secure. The advantage comes *after* the conversation. With PGP, a compromised key will reveal past conversations. With OTR, a compromised PGP key will not reveal past OTR conversations because they were encrypted with a temporary key. A compromised temporary key (which is normally destroyed) will reveal the conversation, but there is no guarantee that what you've got is the actual conversation due to the publishing of something (the shared secret I believe) which allows any third party to create a message "belonging" to the conversation.

Yes, I explain it poorly due to my lack of understanding. But it is different from PGP, having certain features that PGP lacks ("forward security" as the OTR folks call it; past conversations are not compromised by future PGP key compromises). Read the OTR website for more info.

This is just one more attempt ....

[zappepcs]

This is just one more attempt, IMO, to realign privacy and security values to where they were before new technologies. Where IM is replacing conversations around the water cooler in the workplace, securing it from snooping is an okay thing. Logging it as official corporate communications is getting into, perhaps, dangerous territory. There is the part where it is a company resource, but when it comes close to being thought police, it is dangerous.

I think that modern society is still trying to find a place of 'normalcy' in the midst of new technology. I don't believe that there is an equivelant of IM prior to the advent of IM, other than private conversations. Recording private conversations is still not an okay thing to do. Comparing this to text based conversations that deaf/mute people have with text based phones, it all gets a bit confusing as to what is okay to record and what isn't.

Until it is clearly understood what is okay to snoop and record and what is not, people will make mistakes in what they allow to be recorded, and why, and how those recordings are used. No manner of encryption will fix the real issues. It seems that the only secure mannner to communicate is whispering so that no one can hear what is being said.... very low tech!

Re:This is just one more attempt ....

[Theatetus]

It seems that the only secure mannner to communicate is whispering so that no one can hear what is being said.

*shrug*. Nothing in this system stops you from exchanging public keys with your friend and sending each other encrypted messages on top of this layer. It's a bit cumbersome, but privacy has a price.

Re:This is just one more attempt ....

I don't believe that there is an equivelant of IM prior to the advent of IM, other than private conversations.

Well, there was UNIX talk in the 90s: http://en.wikipedia.org/wiki/Talk_(Unix).

Re:This is just one more attempt ....

[Tezkah]

It seems that the only secure mannner to communicate is whispering so that no one can hear what is being said.... very low tech!

As usual, there is a high tech solution for this, and it has been around for some time, but this solution is really only popular amongst secret agents. I like to keep secrets safe from prying ears, that is why i refuse to speak to anyone about anything important unless we are under a cone of silence.

Source?

[xtal]

If I can't look at the source.. it ain't secure.

Re:Source?

then learn to reverse engineer, duh

Re:Source?

Even if you can look at the source, it ain't secure.

Re:Source?

[ninja_assault_kitten]

Yeah, a lot of good it's done for Firefox and Linux.

Re:Source?

If I can't look at the source.. it ain't secure.

Just because you can't see the source doesn't necessarily make it insecure. It just makes it harder for you to verify that it's secure.

You can't see the source code for the computer in your car. Does that make it unsafe to drive?

Re:Source?

What kind of comparison is that? I can't find a green hat in my wardrobe either but I still feel secure.

There is some network code in there that may be subject to public attacks. If I have the source and want to sleep well at night I can go through that code. If I don't have the source, I can't. See?

Re:Source?

[m_frankie_h]

http://www.acm.org/classics/sep95/

You have to look at the compiler, the OS, the microcode and the hardware, too.

Re:Source?

What about one-time pads, or (more useful) public key encryption? Everyone knows how they work, but they are still secure.

Re:Source?

[cHiphead]

actually yes, it does, and thats precisely one of the situations in which the source should be available.

Re:Source?

[lems1]

My car is not connected to a public network. And if it were, I'd make sure I use my own firewall to protect that connection (a hardware based one outside of the control of the manufacturer).

Why do we have to trust anything at all, especially computer-related stuff? This is the reason why open source makes perfect sense for the rest of us. The rest of the population (you included), can keep using closed source code connected to public networks... if that's fine with you that's fine with me. For as long as I have a choice.

Re:Source?

[lasindi]

If I can't look at the source.. it ain't secure.

No ... if you can't look at the source, you can't know that it's secure. Open source is great, and IMHO it produces more secure products in general; but open source isn't some magic spell that makes programs secure. Firefox, Linux, KDE, etc. all have security problems now and then. Whether or not they aren't as bad as their proprietary counterparts is debatable, but nothing is 100% secure, FOSS or not.

Encryption is pointless here

[timeOday]

The "compliance" they refer to is that this encrypted IM will have a logging capability. What this means is that outsiders won't be able to snoop (without a court order), which is fine. But your words can still be dug up out of context months or years later if somebody high enough on the ladder decides they want to get rid of you.

Whether email or IM, writing anything controversial is a really bad idea. Say it face to face or on the phone instead.

Of course the question arises of what to do when you receive a verbal order to do something against company policy. You could comply, and take a small chance of later reprecussions, or else refuse or demand the order in writing, and face smaller but almost guaranteed reprecussions over time.

Re:Encryption is pointless here

[Ph33r+th3+g(O)at]

Why not confirm the verbal order in writing? This avoids the awkward "Sir, I'll need the order in writing to release those childrens' browsing history to our tobacco advertising partners" and replaces it with "Sir, in accordance with your {IM, phone call, verbal instructions} today, I am sending the childrens' browsing history to our tobacco advertising partners." It avoids the confrontation and still creates a document which your counsel could subpoena showing you were following orders. Keep a printed, dated copy if you think they'd conveniently "lose" the email or that it'd be past its "retention period" on the day of reckoning.

Re:Encryption is pointless here

[arivanov]

Say it face to face or on the phone instead.

Even a mediocre company PBX can record any call nowdays. And if it is VOIP recording all traffic is so trivial that it is not even funny. So on your expectation of privacy in a corporate phone call I can say only one thing. Bwahahahaha...

There are loads of Secure IM Clients

SEarch on freshmeat and you'll be overwhelmed, then look on google and find things like Akeni, imeem, Silc and secure jabber.

Re:There are loads of Secure IM Clients

Yes but this one should be termed a 'somewhat' secure IM client. In this case security comes with the caveat that it must 'decryped' when required.

Jabber?

[Midnight+Thunder]

Does Jabber specify any encryption methods that could be implemented by clients? At the moment different clients are adding encryption but they all seem to be incompatible with the other clients.

Re:Jabber?

[Midnight+Thunder]

Just should add that there are two levels of encryption:
    - Connection based encryption, which I believe Jabber already provides.
    - Content encryption, requiring users to provide a public and private key, which I don't believe has been standardised. GPG would be my favourite solution, but I don't see many clients using it, and when they do it seems inconsistent.

BTW Can someone tell me whether the connection between the two people chatting with Jabber is P2P or whether it is routed via the server?

Re:Jabber?

[Randle_Revar]

The XMPP RFC describes the useage of SASL and TLS:
http://www.ietf.org/rfc/rfc3920.txt
TLS can be used on client-sever connections and on sever-server connections.

JEP 27 describes the useage of OpenPGP for encryption:
http://www.jabber.org/jeps/jep-0027.html

RFC 3923 describes S/MIME useage:
http://www.ietf.org/rfc/rfc3923.txt

JEP 116 describes Encrypted Sessions, which seems to be somewhat reminiscent of SSH:
http://www.jabber.org/jeps/jep-0116.html
I don't know that anyone implements this yet.

BTW Can someone tell me whether the connection between the two people chatting with Jabber is P2P or whether it is routed via the server?

Normal chatting at least is all client-server. File transfer can be p2p (normal case) or client-server, while Jingle Audio is p2p.

Re:Jabber?

[Sloppy]

Jabber can integrate beautifully with pgp/gpg and there are at least two different (but compatible) implementations that do so.

Re:Jabber?

[daverabbitz]

Standard Chat and Messages are Client->Server->Client. File Transfer (and presumably voice and video) are Client ->Client.

Re:Jabber?

[Randle_Revar]

That's basically what I am saying, except that I think file transfer can also be done with a proxy (which would likely be the Jabber server). Maybe I am wrong, but that's how I interpret the JEP. Also maybe the spec says that, but nobody implements it. If I am reading the JEP wrong, or nobody implements it, please let me know.

File transfer (http://www.jabber.org/jeps/jep-0096.html) uses "SOCKS5 Bytestreams and In-Band Bytestreams, to be preferred in that order."

From JEP 65 - SOCKS5 Bytestreams (http://www.jabber.org/jeps/jep-0065.html):

Sockets may be direct (peer-to-peer) or mediated (established through a bytestreaming service)
...
Proxy - A Jabber entity which is not NAT/Firewalled and is willing to be a middleman for the bytestream between the Initiator and the Target

Re:Jabber?

[JThundley]

Yes, Jabber has had TLS/SSL support for a while. My connection to the server is encrypted via TLS/SSL and my actual chat to my woman is encrypted with gpg.

Jabber

[AceJohnny]

Been Jabber, done that...

Seriously, why wouldn't a company want a secure flexible internal IM system, for free, instead of an expensive proprietary system?

Re:Jabber

[panth0r]

Because if a company spends money on it, they know it has to be good, plus tech support and such, and don't give me that crap about forums. Part sarcastic, part serious, but some companies think this way.

Re:Jabber

[DrXym]

Seriously, why wouldn't a company want a secure flexible internal IM system, for free, instead of an expensive proprietary system?

Our company uses something called Lotus Sametime. Ever heard of it? Me neither until I joined. I've heard of Lotus of course, but not Sametime. Basically it's an AIM-a-like for corporate environments. Now you ask why they use it... because (and this are the only reasons as far as I can see) it has some screensharing / whiteboarding capabilities, its authentication can be tied into your corporate id & password and the directory hooks into LDAP. If there were something available in open source which was comparable, as robust and included a web-based UI for screenshare meetings, I am pretty certain they would consider switching. As there probably isn't, that's your answer.

I don't particularly like Sametime but it does do what it's meant to do, more or less. It's certainly not flashy, is Windows-only and more insidiously requires IE Java to do the screen sharing but it works. I expect that site licences also plays a part in its continuing favour in our org. IMHO a site licence is a great way to chain a company to your tech - once they bought it, they're scared to switch away for fear of losing "value" on the deal.

There is another unwritten advantage of a proprietary IM system. It stops your employees wasting time chatting to all their buddies on AIM, jabber etc. instead of doing work.

Re:Jabber

[growse]

A few reasons. Reuters brought out Reuters Messaging a while back, and the main focus there was to rival Bloomberg's offering of their lightning quick Bloomberg Mail. Essentially, if you're a financial institution (and if you want financial regulation complience, then you probably are), you don't want to have all your employees part of a directory that is also full of the general public. Then you have cases where you don't know who someone is, people might have multiple accounts etc. The model preferred is that of a closed directory, where if you're talking to joe.blogs@db.com, you can be pretty sure that that really is him, and the administrators of the IM system won't grant him infinitely many accounts. Similarly, if Joe Bloggs decides to misbehave and hack in to the system, his single corporate email address can be banned. That's one of the few reasons why companies looking to comply don't want some consumer based IM system with everyone on.

Re:Jabber

[Randle_Revar]

I have heard of Sametime, although I have never used it. As far as proprietary IM systems stopping people from chatting with friends, that is true but you could do the same thing by running your own Jabber server. Just disallow server to server connections and stop client to server connection at the firewall.

Re:Jabber

[m_frankie_h]

You can do whiteboarding over Jabber using Coccinella.

jabberd2 can use your LDAP for authentication, data storage and maybe as a directory. I don't know about a web-based UI.

Already been done...

Simp-Lite encrypts your traffic and is free if you only need to secure one type of messaging service at a time. If you want to secure several types the pro version is well worth it at only $30.

Bitwise IM

[johnnysokko]

Bitwise is a rather nice IM network/client that's already available for Windows/Mac/Linux. It uses 128 bit Blowfish encrpytion for the free version, 256 for the Plus version and 448 bit encryption for it's enterprise solution (Bitwise Professional). Apparently the Professional version also provides the logging capabilities required for compliance regulations too. Closed source though :\

Wildfire

[Shawn+is+an+Asshole]

You should take a look at Wildfire. It has a GPL'd version and commercial version (extra features and support). At work I use the GPL'd Wildfire and it is excellent. It's also very easy to install, basically all you have to do is install the RPM and open a web brower to configure it.

Heh

that it says will comply with corporate compliance regulations, such as the post-Enron Sarbanes-Oxley Act.

Which I would have to wager, based on what we've come to expect from our friends at big business, means that the "secure" part of the client has built-in facilities for N third parties to snoop on your conversation.

ChatPatrol

ChatPatrol is a system level plugin that provides 256 bit AES encrypted communications for almost any client that can chat on AOL, Yahoo and MSN. Beta support for GoogleTalk has been added in the latest version.

Resources on Jabber encryption?

[CRCulver]

Some here have mentioned Jabber encryption standards, which seem very interesting, but how old are they? Is there any mention of them in O'Reilly's Programming Jabber , or should I wait for a second edition?

Re:Resources on Jabber encryption?

[Randle_Revar]

Programming Jabber
Publisher: O'Reilly Media, Inc.; 1st edition (January 1, 2002)

RFC 3923 (s/mime) is dated october 2004 (http://www.ietf.org/rfc/rfc3923.txt)
version 0.1 (current=0.9) of JEP 116 (Encrypted Sessions) is dated 2003-09-09 (http://www.jabber.org/jeps/jep-0116.html)

JEP 27 (current openPGP usage) version 0.1 is dated 2002-03-12 (http://www.jabber.org/jeps/jep-0027.html)
The basic XMPP RFC (3920) (inc. TLS) says the XMPP WG was founded in 2002. (http://www.ietf.org/rfc/rfc3920.txt)

So the book might include some info on OpenPGP and TLS, but not on S/MIME or Encrypted Sessions.
It also would not include a lot of other good stuff like Personal Eventing Protocol (PEP, AKA Simplified PubSub), anti-SPIM methods, Jingle Audio, the current method of File Transfer, etc.

So yeah, you might want to wait for a new edition or just use online resources

http://planet.jabber.org/
http://www.jabber.org/developer/
http://wiki.jabber.org/index.php/Main_Page
http://www.jabber.org/jeps/

This is an INsecure system

[Jamesday]

This system has a backdoor built in which allows logging of the discussions by those not participating in them.

Secure = nobody has access to the conversation but the two people involved in it.

What about SILC?

[hrbrmstr]

Secure Internet Live Conferencing :: It's a snap to install, has support in GAIM but also has a very decent client of it's own...not sure why this wheel needs to be re-invented.

Re:What about SILC?

[Wizarth]

Exactly! SILC already has an existing public network, no need to set up your own server (but its easy to do so, if you feel the want).

At work, we're currently developing the multi-user layer of our flagship program, and we're using SILC because it's an existing, tested, standards approved (they get a 1024 port) system.

Not

[mikehunt]

So...it's Sarbanes-Oxley compliant *and* "secure"...

I don't think so...

iMode won't be worth it

[MidnightBrewer]

Since Docomo has a bad habit of charging users for their connect time, this is going to have almost no take-off in the Japanese cell phone market. The Japanese are so used to just emailing and calling it good. The only time you might want to do a live chat by cell phone is if you're getting ready to meet somebody, and at that point, why not just call?

iChat

[good+soldier+svejk]

I have been testing jabber servers at work. So far OS X Server's Collaboration Services, A.K.A iChat Server is my favorite. I simply started up the machine, added it to our AD domain, and named and started the service. Users were immediately able to authenticate against the domain and chat. Macintosh users immediately had audio, and with a Firewire camera, H.264 video chat capability. I am waiting for a USB camera so I can try video on Windows. The app comes with the hardware, our cost figures to be about $4,000-$4500 with spare parts, a service contract and three years of OS maintenance (still waiting on a final discount offer). Really, the only downside for me is the heterogeneous hardware. If it grows into an enterprise wide solution, I'll need to work around the low end hardware (probably HA clustering), but for my current departmental build it really fits the bill as is.

I do have to remember to check that the audio is jingle compliant though.

Sametime

[dominux]

Sametime was 5 years ahead of it's time about 7 years ago. It had been neglected somewhat in terms of development since then, and is 2 years behind the times so it needs to be brought up-to-date. Fortunately that is exactly what IBM has done. At Lotusphere in Orlando last month they showed Sametime 7.5 which will be out later this year, it is a complete rewrite of the client end (which needed it) it is now based on the Eclipse framework and is extensible and cross platform, it supports graphical emoticons etc and looks slick. Take a glance here: http://www.edbrill.com/ebrill/edbrill.nsf/dx/st75s hots.html also worth noting is that the meanwhile plugin for Gaim which supports Sametime servers will be part of the core Gaim distribution, so Gaim will work out of the box with Sametime servers including encryption. Encryption in Sametime is client-server, so basically connection encryption, but client-client encryption should be quite easy to implement as a third party extension if it isn't included in 7.5 (I don't know if it is), but then you would not get server-side logging, which depending on requirements could be good or bad.

Diffie-Hellman Ephemeral Keys for Forward Secrecy

[billstewart]

So here's the main difference - OTR uses Diffie-Hellman key exchange to create an ephemeral session key, and when the session's over both ends can discard the key. DH is an older technique than RSA, and works differently.

In RSA-based systems, like PGP and most implementations of SSL, etc., Alice creates a secret session key, encrypts it with Bob's public key, Bob decrypts it with his private key, and then they can talk, but if Bob's private key is compromised in the future, an attacker can decrypt the encrypted session key.

In Diffie-Hellman, Alice and Bob each create a secret half-key, send a hash to the other side, and combine their secret half-key with the hashed half-key they received from the other side. Because the hash is exponentiation in a prime field with an appropriate generator, each side recovers the same combined session key, and they can delete the secret material once they've got the session key. (There aren't many functions that are reversable this way - elliptic curves have some similiar functions.) To prevent man-in-the-middle attacks, one standard approach is to use a digital signature public-key system to sign the hashed key-parts, but in many environments you can use other methods, such as comparing the session key (or a hash of it) to make sure you're both using the same session key with each other instead of using different session keys with the man in the middle. There are a variety of ways to make this more complex - it's not uncommon to have a publicly known modulus and generator that's used to set up an initial session, which is then used to negotiate crypto parameters, identities, etc. for a second DH session that carries the real traffic.