Authors:
Jiang Bian
;
Umit Topaloglu
;
Remzi Seker
and
Coskun Bayrak
Affiliation:
University of Arkansas at Little Rock, United States
Keyword(s):
Off-the-Record, Chat room, Instant Messaging, Security, Group Diffie-Hellman.
Related
Ontology
Subjects/Areas/Topics:
Access Control
;
Data Engineering
;
Databases and Data Security
;
Information and Systems Security
;
Internet Technology
;
Web Information Systems and Technologies
;
Web Security and Privacy
Abstract:
Group Off-the-Record (GOTR) (Bian et al., 2007) was proposed to address the privacy protection concerns in online chat room systems. It extended the original two-party OTR protocol to support more users while preserving the same security properties. A literature survey of different Diffie-Hellman (D-H) conference key implementations will be given to justify that in an application like a chat room, the virtual server approach is truly the most efficient way to establish a private communication environment among a group of people. However, GOTR’s virtual server approach raises a trustworthiness concern of the chosen chair member. Since the chair member has full control over all encryption keys, there is no constraint to prevent him / her from altering the messages while relaying them. In this paper, we present a study of the GOTR protocol and a solution to the virtual server’s trustworthiness problem via employing an additional MD5 integrity check mechanism. Having such an algorithm, m
akes the GOTR protocol more secure, in that, it gives the other chat members an opportunity to be aware of any potential changes made by the chair member.
(More)