Top 3 Products & Services
Dated: Aug. 13, 2004
Related CategoriesNetwork Security
Have you been looking for a secure place to chat on the net? A place where you can be sure that the messages you send reach desired destination only, and stay safe from unauthorized prying eyes?
"Yes," answers an increasing number of people who realize the importance of this issue. But the next obvious question is where to find such medium. The answer comes in the form of a new generation of chat protocol, called SILP (Secure Internet Live Conferencing).
SILC was released to the public in the summer of 2000, butthe idea and the protocol itself is old. Pekka Riikonen started designing SILC in the year 1996. SILC has been rewritten thrice since its first version in 1997. Its current version is developed in C language.
Security is the key
It is a very well known fact that chat protocols have been vulnerable to many security problems. In the contemporary network environment, which is both demanding and full of potential security risks, developing a secure chat protocol is important.
Security has been the primary goal in the development ofthe SILC protocol, where messages are always encrypted and authenticated, using session keys, channel keys or other private message keys. In fact sending unencrypted messages and packets is impossible over the SILC network.
Many chat protocols that provide message encryption are notsecure by default, but attempt to provide the security by applying external security protocols, such as PGP or SSL network.
While PGP and SSL have proved to be secure, the result is often something other than the author expected. These protocols often encrypt only the data of the messages, and leave out message authentication, packet authentication, key management and other security issues. They also often secure only part of the network, that is, the part where the security protocols. Such as SSL is used, leaving the rest of network open.
Some Old, Some New
SILC chat protocol provides all the features that will be familiar to those who have been chatting to quite some. It provides nicknames, channels, private messaging, user retrieval and other tools a chatter might need to have theultimate chatting experience. For those who have been using IRC, chances are they would feel at home with SILC becausemost of the commands that are found in the IRC are availablein SILC. Also the appearance resembles that of IRC. The protocol, however, is not based on IRC and does not support it.
In addition to providing all the old features as secure ones, there are many new commands that control the various security features of a SILC client. Channel and private messages are always encrypted. It is possible to encrypt anymessage end to end, so that only the sender and receiver are able to encrypt and decrypt it.
All channels have their own channel keys, which the userson that channel can use for encryption or decryption. Sometimes servers create default keys, so that the network always remains encrypted even if other secret keys are notused or negotiated by an end user. Users can negotiate secret keys with other users, and use them to secure. For example private messages or perhaps a file transfer stream.
Of course no chat protocol now a days is complete without file transfer support. SILC uses the SFTP protocol by defaultto do its file transfers. The file transfer stream is always sent peer to peer between the users and is encrypted using negotiated secret keys. The support for file transfer is actually developed so that any file transfer protocol can beused with SILC. The SFTP is the default protocol but other scan also be used.
Keys, keys and keys
Managing all these keys to perform different functions might seem difficult. Not to worry, for the user interface greatly facilitates their use.
Negotiating the keys for file transfer, for example, can bet ransparent and done automatically when a file transfer request is sent. During the negotiation, the user may be prompted to accept the remote user's public key before continuing. Verifying the public keys before accepting them is important of course.
The same procedure is used for the server public key when the user connects for the very first time to the server.
The SILC protocol has its own SILC public key, but it also supports SSH2 public keys. Open PGP certificates and X.509 certificates.
'Give Me Back My Nickname !'
This is something we have all heard a few times on IRC. The IRC rule that nicknames have to be unique makes it difficultto select a nickname of your choice without stepping in to someone else's territory. This usually leads to nickname wars. The DALnet and IRC network and some others resolve the problem by providing nickname registering services, so you can register the nickname you want and no one else can have it.
SILC takes an entirely different approach to the problem: nicknames do not have to be unique. People on the SILC networkcan have the same nickname and it is always guaranteed thatyou will get the one you want.
Conversely new user on the SILC network will face a problem when they use the "WHOIS" command to a nickname and get multiple copies of it in return. A user can be uniquely identified by his real name, username, host name, and even bythe finger print of his public key. So giving the"WHOIS" command before sending a private message to"Joe" might be a good idea.
Deploying the SILC
SILC is meant for internet-wide use and the protocol attempts to scale better than IRC. The design of SILC allows for a more scalable network because it does not require that all servers keep global data in sync. Normal SILC servers are connected to SILC routers, and the routers are the only entities in the network that know global data and are responsible for keeping it in sync. This dramatically reduces the number of entities in the network that need to be in sync.
SILC also plays the role of a company's internal chatserver quite well. Many companies have already reported that they have replaced their IRC servers with SILC servers. Even though the software is still in beta phase, and more client implementations are needed, SILC is also distributed as atoolkit to make SILC application development easy and fast for programmers.
Users can log onto http://www.silcnet.org and have a look at the SILC white paper, FAQ and other useful documentation. The ultimate resources for those who would like to know how the protocol ticks are the protocol specification drafts. These are also available from the IETF. The JSLI Cnetwork is really a nice place to find help as well as talkabout SILC. Joining the #silc channel is a good start.
Now that you've gotten free know-how on this topic, try to grow your skills even faster with online video training. Then finally, put these skills to the test and make a name for yourself by offering these skills to others by becoming a freelancer. There are literally 2000+ new projects that are posted every single freakin' day, no lie!