Friday, March 28, 2008

Building chat protocols with security and privacy in mind

Many creators of chat programs just sit fown and write the chat protocols without considering much of security and privacy protocols to be implemented within their chat protocols. MSN, Yahoo Messenger ... they are not really designed to handle security and privacy of messages.

A solution is to simply create a protocol from the very start, to handle privacy and security like encryption of messages , in the native protocol itself, and also leaving space for the expansion of future encryption protocols and security protocols in the chat protocols.

In all softwares and protocols, we MUST always consider security and privacy while designning softwares and protocols while the Information Technology age is filled with uncertainty... hackings... malwares , sniffing of network packets...etc.

Another way to implement security and privacy of the current protocols (including those not designed to handle security and privacy), is to create a software where you can allow it to sit on selected ports (according to which chat protocols you are using), with a friendly GUI interface with full user controls over the actions of this software without any backdoors or hacks and what this software does is to receive packets sending out of the network ports and encrypt the packets and on the receiving end, receive the packets and check if it's encrypted. If the packet is encrypted, it would decrypt it according to what kind of encryption is used.

In simple terms, a software would sit on the required ports with the user's full permission to intercept packets the user is sending out and encrypt it if the order is given and to decrypt received encrypted packets, all done without any hassle and trustworthy to the users without betraying the user.

Afterall, the best way is to create a protocol with security and privacy in mind from the beginning so that it would be more secure.

No comments: