即时通信安全研究

doi:10.3969/j.issn.1000-0801.2006.04.003

摘要/Abstract

摘要：

即时通信（instant messaging,IM）的迅速发展正在急剧地改变人们通信、协作和娱乐的方式。即时通信研究涉及到网络安全、P2P、普适计算、Web Service等诸多技术领域。在技术和应用取得巨大成就的同时，即时通信要确立未来的主流信息应用和技术的地位，还必须解决自身所存在的一系列安全问题。本文从应用和协议两方面分析了即时通信所面临的安全问题。文中首先综述了即时通信的发展状况，提出了一种即时通信的安全模型，并据此模型较为全面地总结并归类了即时通信面临的各种安全威胁，分析了其背后的缺陷原因；随后介绍分析了当前各种即时通信安全解决方案及其特点；最后指出了IM安全的一些研究方向，并介绍了用于即时通信的TLS端到端安全、即时通信中的PKI证书管理等几个课题的研究思路。

关键词: 即时通信, 网络安全, P2P

Abstract:

The rapid development of instant messaging (IM) changes the people's communication, collaboration and entertainment manner radically. IM should solve its inherit security weakness before it build up its position as Internet killer application. This paper try to summarize and categorize the security threatens face to IM and analyze and the root factors behind. Based on the analysis, a security model of IM will be proposed. Here current security solutions and their advantages and drawbacks will also be introduced. Finally this paper will try to point out several development directions for IM security enhancement.

Key words: instant messaging, network security, P2P

代印唐,张世永. 即时通信安全研究[J]. 电信科学, 2006, 22(4): 10-16.

Yintang Dai,Shiyong Zhang. Analysis and Prospect of Instant Messaging Security[J]. Telecommunications Science, 2006, 22(4): 10-16.

图/表 2

参考文献 31

1	Steven J . Presence technology: more than just instant messaging. IEEE Internet Computing, 2003,7(5)
2	Cherry S M . IM means business. IEEE Spectrum, 2002,39(11)
3	Licari Joe . Best practices for instant messaging in business. Network Security, 2005(5):4～7
4	Carvey Harlan . Instant messaging investigations on a live Windows XP system. Digital Investigation, 2004,1(4)
5	Instant messaging vulnerability. Network Security, 2002
6	McClea M , Yen D C , Huang A . An analytical study towards the devel-opment of a standardized IM application. Computer Standards ＆ Inter-faces, 2004,26(4)
7	Mourad Debbabi , Mahfuzur Rahman . The war of presence and instant messaging: right protocols and APIs.In: Proceedings of Consumer Communications and Networking Conference(CCNC), Las Vegas,Neva-da, January 2004
8	Ericsson, Motorola, Nokia. Wireless village system architecture model version 1.1,
9	RFC2778.A model for presence and instant messaging. IETF, Feb 2000
10	RFC2779.Instant messaging/presence protocol. IETF, Feb 2000
11	司端锋，汉新华，龙琴等． SIP标准中的核心技术与研究进展．软件学报， 2005,16(2)
12	RFC3329. Security mechanism agreement for the session initiation pro-tocol(SIP). IETF, Jan 2003
13	Summary of XMPP,
14	RFC3920.Extensible messaging and presence protocol(XMPP)core. IETF, Oct 2004
15	RFC 3921. XMPP extensions for basic instant messaging and presence. IETF
16	RFC 3923. End-to-end signing and object encryption for the extensible messaging and presence protocol(XMPP). Jabber/IETF, Oct 2004
17	Reuters IM service shut down by worm. Computer Fraud ＆ Security, 2005(4)
18	Horst Joepen . Instant messaging-enabler or threat? Info Security Today, 2004,2(1)
19	John Stone Sarah Merrion . Symantec instant messaging or instant head-ache?Enterprise Search, 2004,2(2)
20	Semantic. Securing Instant Messaging,
21	Leavitt Neal . Instant messaging: a new target for hackers. Leavitt Com-munications, 2005
22	卿斯汉．安全协议20年研究进展．软件学报， 2003,14（10）
23	Lina Zhou . An empirical investigation of deception behaviorin instant messaging. IEEE Transaction on professional communication, 2005,48(2)
24	RFC 2222. Simple authentication and security layer (SASL). IETF, Oct 1997
25	Liberty alliance identity architecture,
26	Bob Atkinson . Specification: web services security (WS-Security),
27	Kurt Seifried . The end of SSL and SSH,
28	Ali Aydin Selcuk , Ersin Uzun , Mark Resat Pariente . A reputation-based trust management system for P2P networks.In: Proceedings of 2004 IEEE International Symposium on Cluster Computing and the Grid, Chicago, USA, April 2004
29	Fong A C M , Hui S C , Lau C T . Towards an open protocol for secure online presence notification A C M. Computer Standards ＆ Interfaces, 2001,23(4)
30	William Yeager , Joseph Williams . Secure peer-to-peer networking: the JXTA example.In: IEEE IT Pro, March 2002
31	Hiroaki Kikuchi , Minako Tada , Shohachiro Nakanishi . Secure instant messaging protocol preserving confidentiality against administrator.In: Proceedings of the AINA'04, Fukuoka,Japan, March 2004

[1]	周胜利, 蒋可怡, 徐博, 徐睿, 张熙康, 赵泉喆, 徐阳东. 面向电信网络诈骗治理的网络安全课程构建效能评估研究[J]. 电信科学, 2023, 39(6): 122-128.
[2]	张乐, 马洪源. 运营商网络边缘云安全实践[J]. 电信科学, 2023, 39(4): 165-172.
[3]	陈伟雄, 杨晓晨, 春增军, 李若兰, 张华. 电力企业网络安全威胁情报管理体系的研究与实践[J]. 电信科学, 2022, 38(7): 184-189.
[4]	房新彦, 张艳霞, 崔瑞琳, 罗思维. P2P网络视频监控技术机制解析[J]. 电信科学, 2022, 38(12): 152-162.
[5]	刘亚天, 呼博文, 陈茂飞, 刘东鑫. 5GC安全态势感知系统研究[J]. 电信科学, 2022, 38(11): 73-85.
[6]	顾玥, 李丹, 高凯辉. 基于机器学习和深度学习的网络流量分类研究[J]. 电信科学, 2021, 37(3): 105-113.
[7]	高明,罗锦,周慧颖,焦海,应丽莉. 一种基于拟态防御的差异化反馈调度判决算法[J]. 电信科学, 2020, 36(5): 73-82.
[8]	李玉峰,陆肖元,曹晨红,李江涛,朱泓艺,孟楠. 智能网联汽车网络安全浅析[J]. 电信科学, 2020, 36(4): 36-45.
[9]	肖芫莹,游耀东,向黎希. 代码审计系统的误报率成因和优化[J]. 电信科学, 2020, 36(12): 155-162.
[10]	杨志强,粟栗,齐旻鹏,杨波. 5G安全技术与标准[J]. 电信科学, 2020, 36(12): 1-19.
[11]	何国锋. 零信任架构在5G云网中应用防护的研究[J]. 电信科学, 2020, 36(12): 123-132.
[12]	谢萍,刘孝颂. 基于区块链的SDN物联网部署安全[J]. 电信科学, 2020, 36(12): 139-146.
[13]	余航,王帅,金华敏. 基于RASP的Web安全检测方法[J]. 电信科学, 2020, 36(11): 113-120.
[14]	王俊文. 未来工业互联网发展的技术需求[J]. 电信科学, 2019, 35(8): 26-38.
[15]	李聪, 雷波, 解冲锋, 李云鹤. 基于区块链技术的可信网络[J]. 电信科学, 2019, 35(10): 60-68.