Instant Messaging Security (10): Communication Connection Layer Encryption Technology of IM Chat System Security Means

This article is shared by the Rongyun technical team. The original title is "End-to-end encryption technology for Internet communication security", and the content has been revised and changed.

1 Introduction

With the popularization of the mobile Internet, IM instant messaging applications have almost replaced the functions of traditional operators such as phone calls and text messages. Thanks to the real-time advantage of instant messaging technology, communication and exchanges between people have broken through the limitations of space, time, etc., and the transmission of information has become ubiquitous.

However, while the Internet brings great convenience to our lives, users' privacy and communication security issues also follow. For IM application developers, the openness of information communication also means risks, and users' high dependence on the network and mobile devices also provides opportunities for criminals. Therefore, it is particularly important to improve the security of instant messaging applications.

This article will focus on the security issues and implementation solutions of the IM communication connection layer, focusing on the "link security" of the IM network, hoping to bring you inspiration.

study Exchange:

• Introductory article on mobile IM development: "One entry is enough for beginners: developing mobile IM from scratch"
• Open source IM framework source code: https://github.com/JackJiang2011/MobileIMSDK (click here for alternate address)

(This article has been published simultaneously at: http://www.52im.net/thread-4015-1-1.html )

2. Series of articles

This article is the 10th article in a series of articles on IM communication security knowledge. The general catalogue of this series is as follows:
"Instant Messaging Security (1): Correctly Understand and Use Android-side Encryption Algorithms"
"Instant Messaging Security (2): Discussing the Application of Combined Encryption Algorithms in IM"
"Instant Messaging Security (3): Explanation of Common Encryption and Decryption Algorithms and Communication Security"
"Instant Messaging Security (4): Case Analysis of the Risk of Hard-coding Keys in Android"
"Instant Messaging Security (V): Application Practice of Symmetric Encryption Technology on Android Platform"
"Instant Messaging Security (6): Principles and Application Practices of Asymmetric Encryption Technology"
"Instant Messaging Security (7): If you understand the principle of HTTPS in this way, one article is enough"
"Instant Messaging Security (8): Do you know whether HTTPS uses symmetric encryption or asymmetric encryption? 》
"Instant Messaging Security (9): Why Use HTTPS? Explain in simple language, explore the security of short connections"
"Instant Messaging Security (10): Communication Connection Layer Encryption Technology of IM Chat System Security Means" (* this article)
"Instant Messaging Security (11): End-to-End Encryption Technology for Transmission Content of IM Chat System Security Means" (to be released later...)

3. Security issues faced by instant messaging

1) Stealing content: If the data content is unencrypted or weakly encrypted during the entire instant messaging communication process, the information can be read directly after being intercepted. Then, this will lead to the leakage of user data (including personal privacy data), and may even endanger the user's property security (for example, in IMs such as WeChat, red envelopes and wallets will involve property security). If in an office scenario, the company's trade secrets may also be stolen, which will inevitably cause greater economic losses.

2) Tampering with content: If the communication content is intercepted and then modified and then sent, the correctness and integrity of the information will be destroyed (this message is no longer the other message).

3) Forged content: If the user's communication credentials (such as token) are stolen or other information is interspersed in the communication process, it may create the possibility for fraudulently using the user's identity to defraud the trust of the correspondent, burying a greater security risk.

4) Dissemination of illegal content: Based on the message push capability of the instant messaging system, in addition to disseminating information related to pornography, gambling, violence and terrorism or endangering national security, criminals may also disseminate computer Trojan viruses, etc., the scope of possible harm will be further expanded.

4. Common Internet Attack Methods

Common attack methods during network communication:

1) Transplanting Trojans: Transplanting Trojans in the terminal, intercepting or tampering with information.

2) Forged applications: By forging APPs or adding backdoors to APPs, end users mistakenly believe that they are normal applications to use, so as to achieve their illegal purposes.

3) Network packet capture: Obtain user communication content by capturing packets on network devices.

4) Man-in-the-middle attack: By hijacking DNS and other means, the user's communication connection passes through the attacker's device, so as to achieve the purpose of stealing and tampering.

5) Vulnerability mining: In addition to its own programs, the server or terminal also includes various third-party components or middleware. By mining the loopholes on it, illegal purposes can be achieved. As can be seen from the above figure and methods, chat information reaches the server from the application through the network, and any link during this period may be used by people. Therefore, in the "crisis-riddled" Internet communication, "security" must be taken seriously.

5. The application of cryptography in instant messaging system

5.1 Basic common sense In view of the aforementioned security problems and attack methods, it becomes particularly important to encrypt communication data by applying cryptography to the connection of instant messaging systems.

Cryptography addresses the three elements of information security (CIA) namely:
1) Confidentiality: To ensure that information is not disclosed to unauthorized users;
2) Integrity: To ensure that the information is transmitted from the real sender to the real recipient, and is not added, deleted, or replaced by illegal users during the transmission process;
3) Availability: Ensure that authorized users can access data in a timely and reliable manner.

The above statement seems to be a bit convoluted, so let's change it to a more simple statement. . .

The three functions of cryptography in network communication are:
1) Encryption: prevent bad guys from getting your data;
2) Authentication: Prevent bad guys from modifying your data without you finding out;
3) Authentication: Prevent bad guys from impersonating your identity.

In addition to CIA, some attributes are also required, such as controllability and non-repudiation (Non-Repudiation).

5.2 Application in instant messaging As a key component of instant messaging, in order to achieve fast and real-time delivery of messages, IM instant messaging system generally requires the client and the server to establish a long socket connection to quickly deliver messages to client. Usually, the instant messaging client will establish a connection with the server in the form of TCP or UDP, and in some scenarios, it will also use HTTP to obtain or submit some information from the server. All data in the whole process needs to be encrypted. The simple data encryption and decryption process can be summarized as: sender input plaintext -> encryption -> generate ciphertext -> transmit ciphertext -> receiver decrypt -> get plaintext.

This will involve:
1) Symmetric encryption algorithm (see "Application Practice of Symmetric Encryption Technology on Android Platform" for details)
2) Asymmetric encryption algorithm (see "Principle and Application Practice of Asymmetric Encryption Technology");
3) Information digest algorithm (see "Commonly used encryption and decryption algorithms and communication security explanation").

Among them, my country also has its own set of cryptographic algorithms (national cryptographic algorithms): national cryptographic algorithms, namely national commercial cryptographic algorithms, are cryptographic algorithm standards and application specifications identified and published by the State Cryptography Administration. has become an international standard. Such as SM commercial series of passwords: symmetric encryption algorithm SM4, asymmetric encryption algorithm SM2, message digest algorithm SM3.

6. Session encryption at the communication connection layer

For the encryption at the connection level (link level), the first consideration should be to perform link encryption based on the SSL/TLS protocol (such as WeChat's approach: "WeChat Next-Generation Communication Security Solution: Detailed Explanation of MMTLS Based on TLS1.3" ), which is the cornerstone of modern network communication security. Many people think that the SSL/TLS protocol is attached to the HTTP protocol and is a part of HTTPS (see "Why use HTTPS? Explain in simple terms, explore the security of short connections"). In fact, this understanding is not completely correct. SSL/TLS is independent of the application layer protocol, and the high-level protocol can be transparently distributed on the SSL/TLS protocol. Therefore, the IM instant messaging protocol based on socket long connection can also be built on the SSL/TLS protocol.

SSL/TLS is an application layer protocol independent:

SSL/TLS can be simply summarized as: using the asymmetric encryption algorithm based on the public-private key system, transmitting the key of the symmetric encryption and decryption algorithm, and encrypting the data packets of the subsequent communication based on the same symmetric encryption and decryption algorithm and key of both parties And transmission, so as to achieve the purpose of ensuring data security communication. The public and private keys in an asymmetric encryption algorithm are mathematically related so that one can encrypt and the other can decrypt. However, although related, with existing mathematical algorithms, there is no way to calculate one key from another. It is also important to emphasize that: do not use self-signed certificates in the system, but use certificates with CA certification, which can effectively prevent man-in-the-middle attacks.

7. How does the communication connection layer based on SSL/TLS realize the rapid recovery of the session

7.1 Overview When the client and the server establish an SSL/TLS handshake, many steps need to be completed: key negotiation to obtain a session key, digital signature authentication, message verification code MAC, etc. The most time-consuming part of the entire handshake phase is key negotiation, which requires intensive CPU processing. When the client and server disconnect from this session, the session key they negotiated when they connected before disappears. The next time the client connects to the server, a new complete handshake phase is required. This seems to be no problem, but when a large number of connection requests are submitted in a certain period of time in the system, it will consume a lot of server resources, resulting in increased network latency. In order to solve the above problems, the TLS/SSL protocol provides a session recovery method, which allows the client and the server to restore the previous session connection when the client accesses the next time after closing the connection for a certain time.

There are two types of session resumption:
1) One is recovery based on Session ID;
2) One is to use the Session Ticket TLS extension. Let's take a look at the advantages and disadvantages of the two methods.

7.2 Session ID-based SSL/TLS long-connection session recovery After a complete handshake phase ends, both the client and the server save the Session ID. When the session is closed and the next connection is made again: the client attaches the Session ID value to the Client Hello sub-message, and after the server receives the request, it matches the Session ID with the Session ID saved in the Server Cache. If the match is successful: the server will resume the last TLS connection, use the key negotiated before, without re-key negotiation, the server will directly send the ChangeCipherSpec sub-protocol after receiving the Client Hello with the Session ID and the match is successful. Tell the TLS record layer to switch the connection state to readable and writable, and the session is resumed.

Session recovery principle based on Session ID:

Although the use of Session ID for session recovery can reduce the time-consuming steps, since the Session ID is mainly stored in the server Server Cache, if the request is relocated to another server due to the load balancing setting when connecting the request again, the new server will The Server Cache does not cache the Session ID that matches the client, which will cause the session to be unrecoverable. Therefore, it is not recommended to use the Session ID method for session recovery.

7.3 After the SSL/TLS long connection session based on SessionTicket resumes a complete handshake process, the server encrypts the session data (session identifier, certificate, cipher suite and master key, etc.), and generates a ticket after encryption. The ticket is sent to the client through the NewSessionTicket sub-message, and the client saves it. The client sends the ticket to the server at the next connection. After the server decrypts and verifies that it is correct, the last session can be restored.

Based on the SessionTicket session recovery principle:

Since encryption and decryption are performed in a closed loop on the server side, multiple services only need to share the key to complete this process. Compared with the Session ID method, the server cache can not be relied on. Therefore, the SessionTicket session recovery method is more conducive to large-scale distributed systems. use.

8. Summary of this article

This article shares the security knowledge and encryption technology of the communication connection layer of IM instant messaging. And emphasized two aspects. First of all, the use of SSL/TLS certificates with CA certification in the IM instant messaging system can ensure transmission security, prevent the transmission process from being monitored, prevent data from being stolen, and confirm the authenticity of the connection. Second, using SessionTicket for fast session recovery can improve overall system performance and reduce connection latency. The next part of this article, "Instant Messaging Security (11): End-to-End Encryption Technology for Content Transmission in IM Chat System Security Means", will continue to share the end-to-end encryption technology based on IM transmission content, so stay tuned.

9. References

[1] Detailed TCP/IP - Chapter 11 UDP: User Datagram Protocol
[2] Detailed TCP/IP - Chapter 17 TCP: Transmission Control Protocol
[3] Introduction to Lazy Network Programming (3): A quick understanding of the TCP protocol is enough
[4] Introduction to Lazy Network Programming (4): Quickly Understand the Difference Between TCP and UDP
[5] Introduction to Zero-Based IM Development (2): What is the real-time nature of IM systems?
[6] Application practice of symmetric encryption technology on Android platform
[7] The principle and application practice of asymmetric encryption technology
[8] Commonly used encryption and decryption algorithms and communication security explanation
[9] WeChat new generation communication security solution: detailed explanation of MMTLS based on TLS1.3
[10] Why use HTTPS? Explain in simple terms, explore the security of short connections
[11] Discuss the application of combined encryption algorithm in IM (this article has been published simultaneously at: http://www.52im.net/thread-4015-1-1.html )