-
Notifications
You must be signed in to change notification settings - Fork 3
Home
Secure messaging is a chatting application developed for the Foundations of Cybersecurity course of the MSc AIDE at the University of Pisa.
Users are already registered on the server through public keys. Users authenticate themselves through the said public key. When the client application starts, the server and the client must authenticate. The server must authenticate with a public key certified by a certification authority, while the client must authenticate with the public key pre-installed on the server. The corresponding private key is protected with a password on the client. After the log-in, a user can see other available users logged to the server.
A user can send a "request to talk" message to another user. The user who receives the "request to talk" can either accept or refuse. If the request is accepted, the users chat through the server using an end-to-end encrypted and authenticated communication. After authentication, a symmetric session key must be negotiated. The negotiation must provide Perfect Forward Secrecy. All session messages must be encrypted and authenticated and must be protected against replay attacks. After a "request to talk" is accepted, the server sends both clients the public key of the other client. Before starting the chat, a symmetric session key must be negotiated. When a chat starts, the clients cannot start another chat (1 chat active at a time). When a client wants to stop chatting, it shall log off from the server.