Security at an Instant Messaging Service

Verified

Added on  2023/03/23

|15
|3178
|96
AI Summary
This report provides an overview of the technology used in instant messaging services and discusses the security risks and controls associated with them.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: SECURITY AT AN INSTANT MESSAGING SERVICE
Security at an Instant Messaging Service
Name of the student:
Name of the university:
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1SECURITY AT AN INSTANT MESSAGING SERVICE
Table of Contents
1. Introduction............................................................................................................................2
2. Detailed working procedure of secure messaging.................................................................2
3. Assets at risk..........................................................................................................................5
4. Threats of the instant messaging service................................................................................6
5. Controls of Instant Messaging...............................................................................................6
6. Security objectives of instant messaging...............................................................................7
7. Risk evolution of IM service..................................................................................................8
8. Testing with a specific instant messaging service..................................................................9
9. Conclusion............................................................................................................................11
10. References..........................................................................................................................12
Document Page
2SECURITY AT AN INSTANT MESSAGING SERVICE
1. Introduction
This report deals with the overview of the technology that is incorporated with the
current instant messaging services. The security of the present day data is at high risk as there
are many vulnerabilities associated with the applications that are developed for the transfer of
data from one node of network to the other. The applications that provide secure messaging
services mostly uses the data encryption methodology thus providing the data security
(Oghuma et al., 2016). The possible threats regarding this technology are well stated in the
below report that will be dealing with the vulnerabilities as well as threats in an overall
environment of a secure messaging service.
2. Detailed working procedure of secure messaging
The secure messaging service provided by any type of the messaging application
follows the cryptographic algorithms for the encryption as well as decryption of the message
that are send or received by the users within the nodes of the network. The unknown users
present within the network may state these algorithms as the procedure of scrambling the
plain text into some other form that is not understandable. This plain text will be shown to the
specified user that has the key, which will decrypt the unscrambled text. Many algorithms are
present that performs encryption as well as decryption (Cohn-Gordon et al., 2017). The key-
based algorithms that are used for the cryptography of the messages may be divided mainly
into two classes that are said to be symmetric key cryptography and public key cryptography.
The common methodology of the data security working process is provided in the foilowing
figure.
Document Page
3SECURITY AT AN INSTANT MESSAGING SERVICE
(Image: Data Security Working Procedure)
(Source: Del Pozo and Iturralde, 2015)
The symmetric key cryptography uses a single key for the encryption as well as
decryption of the data that is send form one node in a network to another. This may be
represented in the following figure below.
(Image: Symmetric key cryptography)
(Source: Unger et al., 2015)
Moreover, the asymmetric key cryptography (also known as public-key cryptography)
uses two different keys for carrying out the encryption as well as decryption procedure. This
is represented in the following figure
(Image: Asymmetric key cryptography)
(Source: Unger et al., 2015)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4SECURITY AT AN INSTANT MESSAGING SERVICE
There are mainly two types of cipher that are present in the environment of
cryptography and these are used by the secure messaging application developers to initiate as
well as keep a secure communication among the different stages of the network. This are
briefly explained as follows:
Encryption is defined as the process which is related to the transformation of the plain
text into a random as well as meaningless text known as the cipher text. Decryption is defined as the process regarding the conversion of the ciphered text to
the back plain text.
The above said ciphers are generally used by the secure messaging services for the secure
transmission of the data from one end note to another one that are present within the network
environment. The Secure Transmission of the data within a messaging system is carried by
the multiple stages that follows transposition, substitution as well as polyalphabetic
substitution methodologies for the data transfer (Unger and Goldberg, 2015). Moreover,
secure messaging is said to be a server-based approach for carrying out messaging services
with the enhanced cryptographic algorithms. The approach that a secure messaging service
adapts can be stated with the help of this diagram.
(Image: Approach of secure messaging)
(Source: Bauer et al., 2017)
Document Page
5SECURITY AT AN INSTANT MESSAGING SERVICE
From the above stated diagram, it can be depicted that the secure messaging service
has three main modules that are sender, the internet based platform and the receiver. The
data, which a sender send via a text message is firstly encrypted after selecting the key
available at the sender end and then it is, send to the internet server (Chen et al., 2016). Then
this encrypted message is send from the server to the receiver after being decrypted to the
original message. This decryption is performed by the key present at the receiver end. This
approach is mostly used by the secure messaging applications present in the market.
3. Assets at risk
There might be many assets that are identified to be at risk in an environment of the
secure messaging service. The three most significant assets that are said to be at utmost risk
are stated as follows:
Information: This is the main aspect for which the messaging application is developed. This
incorporates in the overall structure of the messaging application (Dragomir et al., 2016). The
information or data is said to be the most important asset in regards to the messaging
application as this is the main thing, which is being transferred or received, by the sender and
receiver present in the environment of the messaging application.
Server: This is the place where each of the data is safely processed that are received for the
server after encryption (Rana, Wei and Hoornaert, 2015). If proper security is not maintained
then the overall data present within the server is placed at risk.
Keys: This is the primary factor by which the encryption as well as decryption is carried out
of a data or information when the process of securing the data is carried out. The key of a
cryptographic model is an important asset that must be secured regarding the secure
messaging service prevailing at the network environment of the data transmission.
Document Page
6SECURITY AT AN INSTANT MESSAGING SERVICE
4. Threats of the instant messaging service
There are many potential threats associated with the instant messaging service. Some
of the significant threats that can provide possible drawbacks to the overall messaging
infrastructure. The three most significantly identified potential threats regarding a messaging
service are stated below.
Spreading of malicious code: The organizations that uses Instant Messaging services may
achieve great benefits with the enhanced decision making procedure. Moreovver there are
certain important threats related with it. This can be stated as the fact regarding the spread of
spams within the IM enabled devices. This will lead the overall devices to be affected within
the network environment of the instant messaging.
Leakage of Information: The most significant threat associated with the instant messaging
service is that the confidentiality of the information that is being shared within a network.
This happens mostly because the exchange of the messages often happens via the message
servers present within the network environment. Thus, any issue occurring in the servers may
hamper the data present within it, which can lead to the misuse of the information by the
unwanted persons present within the network.
Accountability: The instant messaging service for the public network does not possess the
ability to identify the senders as well as the receivers, present within the network. Hence, it is
quite easy for the system hackers or spoofs to intervene within a network environment and
affect the present data.
5. Controls of Instant Messaging
The four main security objectives regarding the procedure of instant messaging are
said to be as follows:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7SECURITY AT AN INSTANT MESSAGING SERVICE
Authentication Controls: The enterprise using the IM solution must integrate the present
authentication mechanisms of a company such that it creates an interaction with the provided
security protocols.
Confidentiality Controls: As the network contains sensitive information regarding the
messaging services as initiated within the environment. The intervention of the unwanted
persons may hamper the loss of data as well as the entire messaging network.
Antivirus Controls: This can be depicted as one of the important security measure that can be
implied within the server of the organization that runs with the instant messaging services
(Florez et al., 2016). This antivirus must be installed within the server for the prevention of
any type of security breaches.
Logging Controls: The current communication devices present within the organization that
uses IM services should enable a separate login idea that will be secured by the firewall to
prevent any type of intervention within this environment.
6. Security objectives of instant messaging
The primary security objectives that are being observed for the restriction of the
threats or the vulnerabilities in the instant messaging service are stated as follows:
Observation of overall procedures regarding security: This includes the observation of all
the security procedures such as the regulations regarding security, the security policy of
baseline IT services, the guidelines regarding the security (Hsieh and Tseng, 2017). This all
procedures should be critically observed in terms of maintaining security to the instant
messaging services.
Development of usage polity of IM users: The usage policy of the instant message services
within the organization must be clearly stated regarding the restrictions as well as the
Document Page
8SECURITY AT AN INSTANT MESSAGING SERVICE
acceptance of the IM services. The message that are generated in an IM service must be
formal as must be regarded to be used for keeping the business records.
Maintaining the IM Hygiene: The solutions for maintaining the IM usage policies within an
organization is done by following the processes of monitoring the usage, managing the traffic
of IM, the maintenance of viruses as well as offensive materials regarding the audit process.
Educating users for the best usage of technology: the viruses that are probable to attack the
IM service are transmitted in the form of malicious codes as well as attachment of files via
different modes (Morris, Scott and Mars, 2018). In most of the cases, the viruses are executed
by tapping on the files or just executing the codes within the system environment.
Client protection: The network services that are provided by the IM services should be
disabled by the users for restriction of the issues that emerges within the environment of IM
services. The user must enable the incoming notifications regarding the messages or the calls
and highly restrict resource sharing within the environment of IM services.
7. Risk evolution of IM service
The risks associated with the IM services can be depicted as the issue that might occur
in an organization with the implemented instant messaging services (Yusoff, Dehghantanha
and Mahmod, 2017). The four most occurred risks are as follows:
Viruses and worms: The instant messaging services allows the services like file transfer,
message transfer and through this transfer, most of the worms and viruses are transferred
which can cause a serious negative aspect within the environment of organization like data
integrity (McCarthy et al., 2017). This data integrity may cause serious effects to the
organization.
Document Page
9SECURITY AT AN INSTANT MESSAGING SERVICE
Theft of Identity: The IDs made by the users of IM can create anonymous identities if the
assets of the IM within an organization is hampered (Oseni, Dingley and Hart, 2018). The
spoofing of IM creates this risk at the environment of IM services.
Firewall tunnelling: With the potential threats in an IM environment firewalls are set to be
vulnerable for creating risks. The ports used for IM services can exploit the firewalls
associated with the IM message transfers.
Leak of security data: If the security checks get unmaintained for a long time then the data
security is hampered and this leads to the leak of this data to the hackers that are breaching
the IM policies.
8. Testing with a specific instant messaging service
In this case we have taken “Whatsapp” as the instant messaging service that uses end
to end encryption methodologies for the transfer of data.
The above figure depicts the page within the application of Whatsapp that shows the
security feature of the end-to-end encryption that is used for the transfer of messages.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10SECURITY AT AN INSTANT MESSAGING SERVICE
The above figure shows the two-step verification procedure that verifies the
authenticity of the user that tends to gain access to the application.
The above figure states that the message transmission is being done with the end to
end encryption security feature.
Document Page
11SECURITY AT AN INSTANT MESSAGING SERVICE
The above figure depicts the overall procedure that is being used for providing the
security feature of the application.
9. Conclusion
Thus from the above report it can be deduced that the instant messaging service is one
of the most widely used messaging services at any level in an organization. There are some
chief assets associated with his technology that might get affected due to the vulnerabilities in
the IM services. The risks that are incorporated by organizations is well explained in the
above report. Thus, it can be concluded that the various aspects of the IM services must be
incorporated while this type of service persists in an organization. The messaging service
provides a great variety of opportunities until the overall security aspects are maintained.
Document Page
12SECURITY AT AN INSTANT MESSAGING SERVICE
10. References
Bauer, A.A., Loy, L.S., Masur, P.K. and Schneider, F.M., 2017. Mindful instant messaging.
Journal of Media Psychology.
Chen, H.C., Wijayanto, H., Chang, C.H., Leu, F.Y. and Yim, K., 2016, April. Secure mobile
instant messaging key exchanging protocol with one-time-pad substitution
transposition cryptosystem. In 2016 IEEE Conference on Computer Communications
Workshops (INFOCOM WKSHPS) (pp. 980-984). IEEE.
Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L. and Stebila, D., 2017, April. A
formal security analysis of the signal messaging protocol. In 2017 IEEE European
Symposium on Security and Privacy (EuroS&P) (pp. 451-466). IEEE.
Del Pozo, I. and Iturralde, M., 2015. CI: A new encryption mechanism for instant messaging
in mobile devices. Procedia Computer Science, 63, pp.533-538.
Dragomir, D., Gheorghe, L., Costea, S. and Radovici, A., 2016, September. A survey on
secure communication protocols for IoT systems. In 2016 International Workshop on
Secure Internet of Things (SIoT) (pp. 47-62). IEEE.
Florez, Z.J., Logreira, R.C., Muñoz, M. and Vargas, J.F., 2016, October. Architecture of
instant messaging systems for secure data transmision. In 2016 IEEE International
Carnahan Conference On Security Technology (ICCST) (pp. 1-7). IEEE.
Hsieh, S.H. and Tseng, T.H., 2017. Playfulness in mobile instant messaging: Examining the
influence of emoticons and text messaging on social interaction. Computers in
Human Behavior, 69, pp.405-414.
McCarthy, O., Leurent, B., Edwards, P., Tokhirov, R. and Free, C., 2017. A randomised
controlled trial of an intervention delivered by app instant messaging to increase the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
13SECURITY AT AN INSTANT MESSAGING SERVICE
acceptability of effective contraception among young people in Tajikistan: study
protocol. BMJ open, 7(9), p.e017606.
Morris, C., Scott, R.E. and Mars, M., 2018. Security and Other Ethical Concerns of Instant
Messaging in Healthcare. Studies in health technology and informatics, 254, pp.77-
85.
Oghuma, A.P., Libaque-Saenz, C.F., Wong, S.F. and Chang, Y., 2016. An expectation-
confirmation model of continuance intention to use mobile instant messaging.
Telematics and Informatics, 33(1), pp.34-47.
Oseni, K., Dingley, K. and Hart, P., 2018. Instant messaging and social networks: the
advantages in online research methodology. International Journal of Information and
Education Technology, 8(1), pp.56-62.
Rana, M.E., Wei, G. and Hoornaert, P., 2015, December. An enterprise instant messaging
(EIM) solution to cater issues associated with instant messaging (IM) in business. In
2015 IEEE Student Conference on Research and Development (SCOReD) (pp. 187-
192). IEEE.
Unger, N. and Goldberg, I., 2015, October. Deniable key exchanges for secure messaging. In
Proceedings of the 22Nd acm sigsac conference on computer and communications
security (pp. 1211-1223). ACM.
Unger, N., Dechand, S., Bonneau, J., Fahl, S., Perl, H., Goldberg, I. and Smith, M., 2015,
May. SoK: secure messaging. In 2015 IEEE Symposium on Security and Privacy (pp.
232-249). IEEE.
Yusoff, M.N., Dehghantanha, A. and Mahmod, R., 2017. Forensic investigation of social
media and instant messaging services in Firefox OS: Facebook, Twitter, Google+,
Document Page
14SECURITY AT AN INSTANT MESSAGING SERVICE
Telegram, OpenWapp, and Line as case studies. In Contemporary Digital Forensic
Investigations Of Cloud And Mobile Applications (pp. 41-62). Syngress.
1 out of 15
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]