ENGINEERING SECURE-REAL-TIME PROTOCOL WITH KEY MANAGEMENT TO SECURE CHATTING XABBER
<p align="justify"> Secure Real Time (SRT) is a cryptographic protocol that is created as an alternative solution to chat security that previously used the Off The Record (OTR) protocol. That's because OTR has weaknesses such as authentication failures, fraud, and denial, althou...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/26758 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:26758 |
|---|---|
| spelling |
id-itb.:267582018-06-29T09:52:20ZENGINEERING SECURE-REAL-TIME PROTOCOL WITH KEY MANAGEMENT TO SECURE CHATTING XABBER SEFTYANTO (NIM: 23216037), DONNY Indonesia Theses INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/26758 <p align="justify"> Secure Real Time (SRT) is a cryptographic protocol that is created as an alternative solution to chat security that previously used the Off The Record (OTR) protocol. That's because OTR has weaknesses such as authentication failures, fraud, and denial, although it's still used in many chat apps like Xabber. Compared to that, the SRT is able to ensure the confidentiality, integrity, authenticity, non-repudiation, and hold of replay attacks, end-to-end against important data not all provided by OTR. The SRT security guarantee is supported by the speed, algorithm strength, and ease of application higher than OTR in Xabber applications. <br /> <br /> Although SRT consists of Trusted Public Key Distribution, Key Exchange with Digital Signature, and Signed and Encrypted Message Transmission with Key Derivation Function, but the security is not optimal. This is evident from the absence of key maintenance mechanisms, such as public key updates and user password changes. Expired public keys and weak user passwords can not be replaced. Use of inefficient key sizes on the AES-256 and ECC-384 algorithms, so there are security strength gaps in SRT, 256 bit for AES-256 and 192 bit for ECC-384. In fact, SRT uses seven cryptographic key types with different algorithms and cryptoperiods, so the system is not secure enough without a key management that manages key security since its generation to destruction. <br /> <br /> This research efforts were made to improve the security of chats by designing and building the SRT protocol with key management on Xabber chat application. The method adopted refers to the Secure Software Development Life Cycle (SSDLC) for key management to be formed as required in the SRT protocol. SSDLC analysis performed include design and testing stages involving users of chat services. In conjunction with SSDLC design analysis, key management analysis is performed by identifying and defining the security policies of the key involved and key management cycle stages in the SRT protocol, until the SRT 2 protocol (SRTv2) protocol and its security policy are established. The SRTv2 protocol and its security policies are analyzed into the object-oriented system design to be implemented. The system design results can be implemented on Android-based applications for client chatting (Xabber) and web-based for key managers (XAMPP). Then it is tested and analyzed based on the functionality, security, and performance it provides. <br /> <br /> Based on the test analysis results, SRT protocol with key management on Xabber chat application able to guarantee its security and performance. The system is able to guarantee an important message of confidentiality, integrity, authenticity, non-repudiation, and holds a replay attack with a power level of 192 bit at its seven stages (user and key registration, session key exchange, chat message transmission, login/ key recovery, key update, password change, and password reset), and hold the intrusion of access rights as a series of chat security. App performance is acceptable for most users, with the slowest speed of 3,3 seconds a process, maximum server capacity processing messages from 12,484 users a second and accommodating 9,113,001 active users, and user-friendly applications that users can accept. <p align="justify"> <br /> <br /> text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
<p align="justify"> Secure Real Time (SRT) is a cryptographic protocol that is created as an alternative solution to chat security that previously used the Off The Record (OTR) protocol. That's because OTR has weaknesses such as authentication failures, fraud, and denial, although it's still used in many chat apps like Xabber. Compared to that, the SRT is able to ensure the confidentiality, integrity, authenticity, non-repudiation, and hold of replay attacks, end-to-end against important data not all provided by OTR. The SRT security guarantee is supported by the speed, algorithm strength, and ease of application higher than OTR in Xabber applications. <br />
<br />
Although SRT consists of Trusted Public Key Distribution, Key Exchange with Digital Signature, and Signed and Encrypted Message Transmission with Key Derivation Function, but the security is not optimal. This is evident from the absence of key maintenance mechanisms, such as public key updates and user password changes. Expired public keys and weak user passwords can not be replaced. Use of inefficient key sizes on the AES-256 and ECC-384 algorithms, so there are security strength gaps in SRT, 256 bit for AES-256 and 192 bit for ECC-384. In fact, SRT uses seven cryptographic key types with different algorithms and cryptoperiods, so the system is not secure enough without a key management that manages key security since its generation to destruction. <br />
<br />
This research efforts were made to improve the security of chats by designing and building the SRT protocol with key management on Xabber chat application. The method adopted refers to the Secure Software Development Life Cycle (SSDLC) for key management to be formed as required in the SRT protocol. SSDLC analysis performed include design and testing stages involving users of chat services. In conjunction with SSDLC design analysis, key management analysis is performed by identifying and defining the security policies of the key involved and key management cycle stages in the SRT protocol, until the SRT 2 protocol (SRTv2) protocol and its security policy are established. The SRTv2 protocol and its security policies are analyzed into the object-oriented system design to be implemented. The system design results can be implemented on Android-based applications for client chatting (Xabber) and web-based for key managers (XAMPP). Then it is tested and analyzed based on the functionality, security, and performance it provides. <br />
<br />
Based on the test analysis results, SRT protocol with key management on Xabber chat application able to guarantee its security and performance. The system is able to guarantee an important message of confidentiality, integrity, authenticity, non-repudiation, and holds a replay attack with a power level of 192 bit at its seven stages (user and key registration, session key exchange, chat message transmission, login/ key recovery, key update, password change, and password reset), and hold the intrusion of access rights as a series of chat security. App performance is acceptable for most users, with the slowest speed of 3,3 seconds a process, maximum server capacity processing messages from 12,484 users a second and accommodating 9,113,001 active users, and user-friendly applications that users can accept. <p align="justify"> <br />
<br />
|
| format |
Theses |
| author |
SEFTYANTO (NIM: 23216037), DONNY |
| spellingShingle |
SEFTYANTO (NIM: 23216037), DONNY ENGINEERING SECURE-REAL-TIME PROTOCOL WITH KEY MANAGEMENT TO SECURE CHATTING XABBER |
| author_facet |
SEFTYANTO (NIM: 23216037), DONNY |
| author_sort |
SEFTYANTO (NIM: 23216037), DONNY |
| title |
ENGINEERING SECURE-REAL-TIME PROTOCOL WITH KEY MANAGEMENT TO SECURE CHATTING XABBER |
| title_short |
ENGINEERING SECURE-REAL-TIME PROTOCOL WITH KEY MANAGEMENT TO SECURE CHATTING XABBER |
| title_full |
ENGINEERING SECURE-REAL-TIME PROTOCOL WITH KEY MANAGEMENT TO SECURE CHATTING XABBER |
| title_fullStr |
ENGINEERING SECURE-REAL-TIME PROTOCOL WITH KEY MANAGEMENT TO SECURE CHATTING XABBER |
| title_full_unstemmed |
ENGINEERING SECURE-REAL-TIME PROTOCOL WITH KEY MANAGEMENT TO SECURE CHATTING XABBER |
| title_sort |
engineering secure-real-time protocol with key management to secure chatting xabber |
| url |
https://digilib.itb.ac.id/gdl/view/26758 |
| _version_ |
1822922028130238464 |