Instant messaging (IM) is an increasingly popular mode of communication on the Internet. Although it is used for personal and private conversations, it is not at all a private medium. Not only are all of the messages unencrypted and unauthenticated, but they are all routed through a central server, forming a convenient interception point for an attacker. Users would benefit from being able to have truly private conversations over IM, combining the features of encryption, authentication, deniability, and forward secrecy, while working within their existing IM infrastructure.
In this talk, I will discuss "Off-the-Record Messaging" (OTR), a widely used software tool for secure and private instant messaging. I will outline the properties of Useful Security and Privacy Technologies that motivated OTR's design, compare it to other IM security mechanisms, and talk about its ongoing development directions.
About the speaker:
Ian Goldberg is an Assistant Professor of Computer Science at the University of Waterloo, where he is part of the Cryptography, Security, and Privacy (CrySP) research group. He holds a Ph.D. from the University of California, Berkeley, where he co-founded that university's Internet Security, Applications, Authentication and Cryptography group. From 1999 to 2006, he was Chief Scientist of Radialpoint (formerly known as Zero-Knowledge Systems), a company offering security and privacy technologies for Internet users.
David R. Cheriton School of Computer Science
University of Waterloo
200 University Ave W, Waterloo, ON N2L 3G1 Canada