Proceedings of ICCT20I 5

Solution to Secure Instant Messaging Based

On Hardware Encryption

Hong-Bao Qin, Xin Xu

Hangzhou Dianzi University, Hangzhou310018, China

[email protected], [email protected]

Abstract: For a verity of security issues such as pair is used in the agreement. The security of the
privacy breaches in Instant Messaging (1M) ,this paper agreement is based on credible servers, so that
proposes a security solution based on hardware non-repudiation of messages cannot be ensured.
encryption. The solution applies symmetric encryption
In modem cryptography technology, cryptography and
to ensure data security, asymmetric encryption to ensure
cryptographic algorithm are published, while the key is
the safety of the session key transmission, and the
the real secret in cryptographic system. The security of
security of both kinds of key is ensured by hardware
data is entirely dependent on the security of key
encryption, which enables secure key management. The
management [10]. Therefore, key management becomes
performance analysis showed that the solution proposed
the most critical and difficult part of cryptography.
in this paper was more efficient and security.
A secure instant messaging solution based on hardware
Keywords: Hardware encryption; Key management;
encryption [11] is proposed in this paper. In the solution,
Asymmetric encryption; Symmetric encryption; Instant
the symmetric encryption method is introduced for
Messaging
communication data security, the asymmetric encryption
method is introduced for the session key transmission
1 Introduction security, and the hardware encryption method is
proposed to solve the problem of key management. The
Instant messaging (1M) is a real-time Internet
solution presented in this paper shows high execution
communication [1]. By 1M, users on the network can
and effectiveness, to ensure the safe and reliable 1M.
transfer text, voice, video and other information in real
time, and exchange data in the way of peer to peer [2].
With the development of mobile Internet technology,
2 Relatedtechnologies
instant messaging has been increasingly applied to work
Cryptography is the core of information security
communication and government office, in the process of
technology [12]. The modern cryptography system is
communication transmission, chat content and sensitive
divided into two types: symmetric cryptosystem and
data can be easily intercepted [3]and that would reveal
public key cryptosystems. In the symmetric
important information of users. Security issues have
cryptosystem, the encryption and decryption use the
been taken more seriously [4].
same key or can derive each other, there is simple
The current studies of instant messaging more focus on calculation of the relationship between the encryption
the realization of the communication function, the and decryption key. Symmetric encryption algorithm is
security mostly is based on the protocol of the based on the popular DES, AES algorithm. Asymmetric
communications protocols. In the security scheme of cryptography is also called public key cryptosystem. It
instant communication system, it is mostly assumed that refers to the encryption and decryption keys are not the
the servers are totally credible [5], however they are same, or that cannot be deduced from one another. The
actually not. Plug-in units or software encryption are most widely used asymmetric algorithm is RSA
applied for existing instant messaging systems in other algorithm. In the Symmetric encryption algorithm
studies[6].In the existing encryption methods for instant encryption and decryption use the same key, resulting in
messaging, keys are often visible to servers. As a result, the need to transfer key in the encryption and decryption
user personal information would be exposed when a process. Once key intercepted, data will be deciphered.
server provider was not dependable [7] or servers were Although there is a key management problem in
attacked[8]. On the other hand, it is easier to be cracked symmetric encryption algorithm, but its encryption
when software encryption is used. In order to solve the speed, suitable for large amount of data encryption, has
security problem in communication among 1M users, the been widely applied to data encryption. Unlike
agreement of Instant Messaging Key Exchange (lMKE) symmetric encryption algorithms, asymmetric
[9] was designed by Mannan and Van Oorschot at 2006, encryption algorithm requires two keys: public key and
which was easy to integrate into existing 1M systems. private key. Public key and private key are a pair, if the
However, a temporary pair of public key and private key public key used to encrypt the data, only using the

978-1-4673-7005-9 /15/$31.00 ©2015 IEEE

811
Proceedings of ICCT20I 5

corresponding private key can decrypt; if the private key without outside interference. The message is transmitted
used to encrypt the data, then only the corresponding in the form of cipher text and is not visible to the server.
public key can be used decryption. Because encryption The message cannot be cracked even if the cipher text is
and decryption using two different keys, so this intercepted because the key is stored in the hardware
algorithm is called asymmetric encryption algorithm. throughout and cannot be extracted. With respect to
The public key can be made public, while private key is software encryption, hardware encryption is faster and
saved personally. Non-symmetric encryption algorithm more secure.
is the basic process of exchange of confidential
information is that: 3 Design of schemes
1. Party A will generate a pair of keys which a public
key to the other side as the public; The security solution based on hardware encryption
2. Get the public key of B using the key pair to encrypt proposed by this paper is implemented thought end to
sensitive information sent to the owner; end encryption. The sender sends message in the form of
3. Party then the other to save their own private key pair encrypt text and the receiver decrypts the cipher text.
to decrypt the encrypted information. The information of the message remains cipher text in
the entire procedure and cannot be cracked, that makes
Party only with their private key decrypts the encrypted
the security of chat content and sensitive data. Even if
public key by any of the information. Even if the
the node is destroyed, the personal information is not
public key is intercepted, the corresponding private key
exposed.
cannot be derived to decrypt. Non-symmetric encryption
algorithm is good at confidentiality, it eliminates the The structure of hardware encryption module is shown
need for end-users share a secret, but the encryption and in Figure l. It is responsible for key generation and key
decryption takes a long time, slowly, it is not suitable for preservation. And it receives the data sent by
file encryption and is only applicable to encrypt data on communication terminal, encrypts data and sends them
a small amount. by communication terminal. Hardware generates keys
including public/private key pairs and symmetric session
In fact, the safety and reliability of the information
key, and then submits his own public key to the server.
encryption system relies on the key and the key is the
The private key is used for signature, while public and
key information of encryption and decryption algorithm,
private keys are used for symmetric session key
so the key management is very important. Key is a
exchanging management. The key which has proof of
life-cycle, which includes the effective time of the key
identity is stored in hardware and server beforehand and
and certificate, and the withdrawal of key and certificate
is used for verifying the legitimacy of the hardware. To
maintenance time. Since the secret key requirements,
ensure safety, the hardware cannot be disassembled and
which relate to key management issues, poor
automatically will be destroyed when under attack[13],
management, the key may be unintentionally leaked the
which making encryption circuit cannot be copied and
same, not have the key to peace of mind, any password
cracked[14]. At the same time the hardware would send
is only relative, is a prescription. Key management
a notification to the server to replace and update the key.
mainly refers to the key of the security management,
This makes the security of key management .AII the
including key generation, key backup, key recovery and
keys includes asymmetric keys and symmetric keys are
key updates... Key management not only affects the
persisted in hardware.
security of system, and relates to the reliability,
effectiveness and efficiency of the system.

In the hardware encryption system, encryption

...

Receive Send

Key generation Hardware Communication

------. Mi croprocessor r-----
area encr yption engine terminal

1 & 1r
I I I I
Key store Data store
area area
technology is solidified in the hardware control chip.
Encryption is accomplished independently by hardware
Figurel Handware Encryption Module Structure

The server is involved in the exchange of public key, cooperates with the user's public key exchange, cancels
while there is mutual verification between the sever and or abandoned user and his public keys and certificates.
communication parties A and B. Server issues digital Figure 2 shows the process of the public key exchange
certificates, receives and maintains the user's public key, in asymmetric encryption.

815
Proceedings of ICCT20I 5

The pubic
key ofA
the termianal _ _ the termianal
l-- _ _-+I 1-----"---.1
server
ofA ofB
The pubic The pubic

key ofB key ofB

The pubic The pubic
The pubic The pubic
key ofB key ofA
key ofA key ofB
the hardware
the hardware
module ofA module ofB

Figure 2 Key Exchange in Asymmetric Encryption

After the transmission of the session key as shown in the key,decrypt thought the intercepted cipher text;The three
Figure 3, we can communication absolutely securely. is to obtainthe private key which is used for transferring
the session keys.

The session key encrypted For the first method, its difficulty depends on the
by the publ"IC key 0 fB strength of the symmetrical encryption algorithm in the
The terminal The terminal scheme adopts, using one-time encryption strategy, it is

of A ofB difficult to achieve the known cipher text attack; For the
second method, the difficulty is the equivalent of
Chat content encrypted by the
cracking the solution of non symmetric cryptography.
public key of the session key
Because of the essence of asymmetric cryptography, it is
Figure 3 Transmission of the Session Key and the Cipher
difficult or not the impractical in the calculation; For the
third method, interception is not possible because the
Encryption and decryption process: data encryption used private key cannot be derived from the hardware. For the
symmetric algorithm, which is implemented by
hardware attack, that depends on the encryption
hardware. After the process startup, the system hardware itself. Using the strategyproposed inthis
automatically sends the hardware instructions to encrypt scheme, the security of the key can be ensured.
data, and the hardware receives this instruction. Firstly
the hardware receives plaintext data from the host, data 4.2 Analysis of performance
encryption, and then calculates the encrypted hash value,
When users communicate, the speed mainly lies in the
and sign with his own private key. In the decryption time,
key generation and the encryption of the symmetric
the system send decryption instruction to the hardware,
encryption algorithm. The symmetric encryption
the hardware received this instruction. Firstly the
algorithm is well known for its encryption speed and has
hardware receives cipher text from the host, decrypts the
been widely applied to data encryption.Compared to
information of the other party with his public key and
software encryption, hardware encryption speed has
gets the hash value; and then calculates the hash based
obvious advantages.
on the cipher text data, and compares with the received
hash value. If the two values are equal, then use the From the result of analysis: this scheme not only has
appropriate corresponding key to decrypt the data to get high safety, and high efficiency.
the plaintext.
5 Conclusions
4 Analysis of security and performance
Although the instant messaging is more and more
We have symmetric encryption for chat content and important, the existing communication system cannot
asymmetric encryption for the transmission of session meet the needs of the user security and privacy. We have
key. The hardware module is responsible for encryption present a new instant messaging scheme based on
and decryption process as well as key generation and hardware encryption. The scheme makes full use of the
key preservation. well effect and speed of hardware encryption and
decryption as well as the security and reliability of key
4.1 Analysis of security generation and key preservation. We can achieve the
If the current communications between the two sides, security of key management and keep its usabilitY,ensure
there is an attacker to obtain the communication content, the privacy and securitywhile not affecting the efficiency.
there are two main ways: one is based on the intercepted The message in the transmission process remains in the
cipher text information and the communication form of cipher text and there is no risk of cracking. The
characteristics of symmetric encryption algorithm, result of analysis shows that the scheme we propose can
analyze out plaintext;The two is to intercept the session further Increase the reliability and security of

816
Proceedings of ICCT20I 5

communication. [8] Zhi-QuanLv, Cheng Hong, Min Zhang, et al.

Privacy-preserving scheme for social networks. Journal
References on Communications, 2014, 35(8):23-32.
[9] Mannan M, Van Oorschot P C. A protocol for secure
[1] Si-li Chen. The characteristics and developing trend of
public instant messaging [M]/!Financial Cryptography
1M instant communication technology. Wireless Internet
and Data Security. Springer Berlin Heidelberg, 2006:
Technology, 2014, (12).
20-35.
[2] Schoen I, Boberski M. Secure PKI proxy and method for
[!O] Barker E, Barker W, Burr W, et al. Recommendation for
instant messaging clients: U.S. Patent Application
key management-part I: General (revised[C]//NIST
101133,202[P]. 2002-4-26.
special publication. 2006.
[3] Jiang-Min Chen. Research and implementation of the
[11] Harper S, Athanas P. A security policy based upon
protocol analysis technology for instant communication.
hardware encryption[C]/ /System Sciences, 2004.
University of Electronic Science and Technology of
Proceedings of the 37th Annual Hawaii International
China, 2014.
Conference on. IEEE, 2004: 8 pp.
[4] William S, Stallings W. Cryptography and Network
[12] Venter H S, Eloff J H P. A taxonomy for information
Security, 41E [M]. Pearson Education India, 2006.
security technologies [J]. Computers & Security, 2003,
[5] Hai Yang, Wen-tao,et al.Design and implementationof
22(4): 299-307.
independent controllableinstant messagecommunication
[13] Hong Shen, Shu Chen, Bi-Hai Tan. Key Protection
system based on Android. Electronic Design Engineering,
Technology of Wireless POS Machinewith
2015, (6).
Self-destruction Function. Communication & Audio and
[6] Shao-Lei Wang. The design and implementation of the
Video, 2014, (2).
Android client for"Mixun"- a secure communication
[14] Yu-Hao Zhang, Zhi-PengXu, Xin-RuiXu, et al. Design of
software. Beijing Jiaotong University, 2014.
Copy Prevention Circuit and SystemBased on AES
[7] Tong Vi, Xue-Bao Li, Hong-Chao Chen.A novel key
Encryption Circuit. Chinese Journal of Electron Devices,
exchange protocol for frequent communication.
2015, (1).
Computer Engineering &Science, 2014, 36(7).

817