October 13, 2005

How to keep instant messaging off the record

Author: Mayank Sharma

Sometimes encryption isn't enough to keep your conversations private. With standard encryption, it's theoretically possible for someone to steal your secret encryption keys and decipher the conversation. For conversations that need to be kept confidential, the Off-the-Record (OTR) plugin for Gaim saves the day. It leaves no trace of a conversation ever having taken place.

OTR was developed by two security researchers, Ian Goldberg and Nikita Borisov, at the University of California at Berkeley. The software provides standard security features like authentication, to ensure you are talking to the person you think you are, and encryption, so no one can tap into your conversation. In addition, OTR introduces two new security concepts to instant messaging -- deniable authentication and perfect forward secrecy.

Deniable authentication means that, while Bob is talking to Alice, he's assured that he really is talking to Alice, and not an imposter. However, Bob cannot turn around and prove to Charlie that he's talking to Alice. The key here is that all the messages between Alice and Bob come with proof that they were written by either Alice or Bob, but you can't tell which. When Bob gets such a message, he knows that he didn't write it, so it must have been written by Alice. But if Bob shows this message to Charlie, Charlie has no reason to believe Alice wrote it, since Bob could have written it himself.

Perfect forward secrecy is a method to prevent third parties from decrypting a conversation. To see how this works, consider the case where Alice and Bob were using GnuPG to communicate, and Victor stole Bob's secret keys and passphrase from his computer, Victor could then read all the messages Alice sent to Bob. To prevent this from happening, Alice and Bob's OTR messaging client does not store encryption keys on their computers at all; it only stores signature keys. At the beginning of every conversation, Alice's client creates a brand-new encryption key (and never writes it to disk), and sends Bob a signed message saying "this is my current encryption key: ..., signed, Alice." Bob then uses that encryption key to send messages to Alice. The signature proves that Alice is an OTR user, but it can't be traced to a specific message. This allows an OTR user to maintain deniability.

Gaim OTR Preferences - click to enlarge

Also, as frequently as possible, Alice's OTR messaging client generates new encryption keys, and sends them to Bob. When Bob's client confirms he's received a new key, Alice's client erases the old one from memory. Once Alice's client has erased the secret part of her encryption key, no one can read the old messages, even if Alice's and Bob's computers are compromised later.

Using OTR

The OTR project has three downloads -- the OTR library (libotr), the Gaim OTR plugin (gaim-otr), and the OTR localhost proxy (otrproxy). Linux, Windows, and Mac OS X users can OTR-enable Gaim using the library and the plugin. Mac users can use Adium X with built-in OTR support, or use otrproxy with another AIM client, such as iChat. Both parties involved in the chat need to have the OTR plugin installed.

The proxy only works with the AIM network at this time, whereas gaim-otr and Adium X are network-agnostic -- they work with any IM protocol that you can run on Gaim, including Yahoo, MSN, and Jabber. The developers say that any IM client that supports AIM proxies should work with the OTR localhost proxy. The proxy has a graphical interface, though, so text-based clients like CenterICQ may have trouble if you're accessing them over a non-graphical connection.

OTR on Gaim

To use OTR with Gaim, download and install the OTR library and the Gaim plugin. The plugin puts the gaimotr.so library under /usr/local/lib/gaim/. If Gaim's lib directory is elsewhere (for example, /usr/lib/gaim under Ubuntu), copy the plugin to that directory. This plugin depends upon the libotr.so.1 library, which it looks for under /usr/lib/ -- although it resides in /usr/local/lib/. You need to create a symbolic link to run the plug-in:

ln -s /usr/local/lib/libotr.so.1 /usr/lib/libotr.so.1

Once the installation is done, open Gaim and go to Tools -> Preferences and select the Plugins option in the left panel of the window. Scroll to the Off-the-Record Messaging option and select the check box. This enables the plugin, and an Off-the-Record Messaging option appears under Plugins. Select it to bring up the OTR interface.

To generate private keys, select the Config tab, choose one of your accounts from the pull-down menu, and click Generate. The sequence of numbers and letters that appears above the Generate button is your fingerprint. Generate separate fingerprints for all your accounts.

OTR with Gaim using otrproxy

OTR Proxy preferences

If you have installed the plugin, make sure it's disabled. If you are already using a proxy to connect to the Internet, the OTR proxy will not work.

Download and install OTR proxy. You will also need wxWidgets. After installation run otrproxy from the terminal. This will open a window and on the terminal you'll see:

Off-the-Record Messaging Proxy
Copyright (C) 2004-2005  Nikita Borisov, Ian Goldberg, Katrina Hanna
Proxy version 0.3.0, using OTR library version 2.0.2

This program is free software.  See the file COPYING for details.

OTR Proxy starting.
Starting HTTP/HTTPS proxy on port 8080
Starting SOCKS5 proxy on port 1080

Next, start Gaim and create a new account for the AIM/ICQ protocol (or modify an existing account) and enter the login details. Click on Show More Options, and under Proxy Options choose SOCKS 5 as the proxy type, type localhost as Host, and 1080 as the Port. Leave the Username and Password fields blank. Save the settings and sign on.

Secure connection established

Now head back to the OTR Proxy Windows. Go to Edit -> Preferences, and under the OTRPreferences tab select an account and generate a key for it.

IMing through OTR

Open a chat window and you'll notice a new button at the bottom right of the window that reads "OTR: Not private." Clicking this will activate the OTR protocol and start a new private session. The button will then read "OTR: private."

The first time you have a private conversation, a dialog box appears with your friend's fingerprint, which you must verify and accept. This is then stored on your computer. If you go back to the OTR preference interface, you'll see your buddy and his fingerprint listed there along with his status. On subsequent sessions, the plugin will automatically establish a secure connection with this buddy.

Once the private communication is established, both you and your buddy will see a popup that has the other person's screen name, his fingerprint, and a secure ID for the session. The ID is in two parts; you see one part as bold and your buddy gets the other part as bold.

You can now use Gaim to chat as you would normally, but all your messages are transmitted encrypted. To confirm this, use your favorite packet analysis program (such as Ettercap) to capture the conversation. The data flowing across is totally incomprehensible. Even the fingerprint is sent encrypted when the connection is being established.

That's all there is to it. OTR messaging is easy to set up and provides a level of security not found with simple IM encryption.

Click Here!