安全語音即時通訊系統的設計與實作

 

Design and Implementation of a Secure Voice Chat of Instant Messaging

 

蔡金龍

高雄師範大學資訊教育研究所

和平一路116

高雄市802苓雅區

goadragonason@gmail.com

 

楊中皇

高雄師範大學資訊教育研究所

和平一路116

高雄市802苓雅區

chyang@nknucc.nknu.edu.tw

 

 

摘要

現在的即時通訊,不只有文字通訊的功能,更具有語音通話的功能。提供使用者更快速的溝通方式。然而在2007年英國VoIP專家Peter Cox,發布了SIPtap,一種用來監聽VoIP的軟體,向大家證明現在多數的網路語音是可以被監聽的。現今主流的即時通訊軟體的安全機制,只有在用戶端登入主機時,針對其使用者帳號和密碼進行加密傳送,而身份確認後,之後的資料傳送都是明文型式。有鑑於此,Kikuchi, Tada Nakanishi 提出了採用Diffie-Hellman Key Agreement Protocol以確保用戶端之間訊息的保密性。而M. Mannan,  P. C. van Oorschot 提出名為IMKE (Instant Messaging Key Exchange) 的安全即時通訊協定,而郭宗益 改進 MannanIMKE協定,採用質數體橢圓曲線密碼學為基礎,提出安全即時通訊與展現協定 (Secure Instant Messaging & Presence Protocol, SIMPP)

本研究以SIMPP為基礎,進一步實做出安全的即時通訊語音功能。我們利用Winmm函式庫取得使用者的語音數據資料,引用開放原始碼OpenSSL密碼學函式庫,使用SIMPP產生的短期共同金,以AES128進行語音加密後才將語音資料送出,受話方取得語音資料後進行解密,再將語音資料轉成聲波。若有心人士從中取得語音網路封包,也只能聽到噪音,無從得知其談話內容,可確保談話的安全性。

 

關鍵詞: 即時通訊、語音安全、橢圓曲線、JabberECDHAES

 

Abstract

The current instant messaging (IM) has more and more functions. It not only has the text chat, but also voice chat. Voice chat provides users with a more rapid means of communication. However, the voice chat of IM is not secure. Voice data is easily monitored and recorded over network.

In order to protect the voice chat of IM from monitor, we designed and implemented secure voice chat of IM based on Secure Instant Messaging and Presence Protocol (SIMPP). Firstly, we use winmm library to get digital voice data. Secondly, voice data is encrypted with a key generated by SIMPP. This study uses open source OpenSSL cryptographic library for security. The encrypted voice data is send to another user. When being received, the encrypted voice data will be decrypted to original voice data with the key. After been decrypting, the voice data will be transformed to voice by winmm library. If cracker got the voice packets from network, he will hear noise and does not know the content of the voice talk when playing the encrypted voice data. Thus, this study makes voice calls of IM secure.

 

Keywords: Instant Messaging (IM), Voice Security, Elliptic Curve, JabberECDHAES