Proceedings of ISP RAS


Constructing Private Service with CRYP2CHAT Application

A. Kiryantsev (PSUTII, Samara), Irina Stefanova (PSUTII, Samara)

Abstract

The article contains the description of a private service with the client-side data encryption and data decryption. Owing to the Onion Router (TOR) technology, anonymous network connection protected from interception becomes possible. Users in TOR network may remain anonymous while visiting websites, uploading materials, sending messages and working with other applications that use TCP protocol.  Traffic security is ensured by the distributed network of onion routers. The focus of the article is on the direct client-to-client connection. Nowadays messengers – programs for on-line messages exchange – place metadata on the central server without encryption, which provides an opportunity to learn (if required) the information about the common users, time of their communication, the number of messages they send within a session. To solve the problem the authors offer CRYP2CHAT program for client-side encryption. Sending messages through TOR network is performed by asymmetric encryption, e.g. by RSA method that enables other encryption algorithms as well. The article provides the algorithm for work of the programs. The authors describe the methods of protection from some network attacks, such as MITM and the experiment of prototype work. They check clean access server and use self-destruction of messages after the session end. Additionally, the authors consider some potential dangers of an external character that can violate confidential communication data, for instance, change of the application code, password attack or private key theft. The article illustrates the way the Onion Router technology works. It allows to protect from MITM attacks, to remain anonymous and to proxy. Moreover, there is a comparative analysis of Cryp2Chat qualitative characteristics and its analog.

Keywords

cryptography; encryption; encoding; MITM-attack; end2end encryption; node.js; cryprico; java script

Edition

Proceedings of the Institute for System Programming, vol. 27, issue 3, 2015, pp. 279-290.

ISSN 2220-6426 (Online), ISSN 2079-8156 (Print).

DOI: 10.15514/ISPRAS-2015-27(3)-19

Full text of the paper in pdf Back to the contents of the volume