Thursday, August 29, 2013

Off-The-Record (OTR) Security Protocol

Introduction

I needed an OTR library in C# that I could use for instant messaging clients that run on the Windows, Linux and Android platforms but I couldn't find any. As a result, I decided to roll my own. The attached compressed files are the library and a console application that demonstrates the use of the Library. The OTR protocol and the Library's interface and event functions are described below.    The Library is compatible with OTR clients that implement versions 2 and 3 of the protocol [1], [2].  A client implementing this library successfully established OTR sessions with the Pidgin [3] and Spark IM clients [4]. Note that this Library uses the BouncyCastle library for most of its cryptographic functions.

Background

Off-The-Record (OTR) [5] is a protocol that provides security around real-time instant messaging (IM) communications.   It assures the following;

Confidentiality: Messages are encrypted.
   
Authentication:  You are who you say you are. And messages sent by you can be verified by your chat partner (buddy) and vice versa. 
 
Perfect Forward Secrecy: Each instant message sent is encrypted using a different encryption key which is discarded after use. Compromising a single encryption key does not impact on the     confidentiality of other messages sent or those to be sent in the future. In addition, each message is authenticated using a different Message Authentication Code (MAC) key. 
 
Deniability: The MAC keys that have already been used and will not be used again are included in outgoing messages. The idea is that since these keys are in the public domain any one could have created these keys (including your chat partner) and therefore forged a message. 
 
 In addition to the above, the OTR also defines a Socialist Millionaire Protocol (SMP) that could be used to detect a man-in-the-middle situation during an ongoing conversation.   For the SMP process to successfully complete, you and your chat buddy must have a secret that is known to just you and him/her.  The failure of the SMP process is an indication that the encrypted session between you and our client has been hijacked by a third party.    

Using the code

Let's assume that Alice wants to establish an OTR session with her friend, Bob.  In order to do this she has to request an OTR session from Bob and on receipt of this request Bob starts the OTR session proper.  The code below shows how Alice goes about requesting an OTR session.


/* Declare OTR variables*/
OTRSessionManager _alice_otr_session_manager = null;

string _my_unique_id = "alice";
string _my_buddy_unique_id = "bob";


/* Create OTR session and Request OTR session */
_alice_otr_session_manager = new OTRSessionManager(_my_unique_id);
_alice_otr_session_manager.OnOTREvent += new OTREventHandler(OnAliceOTRMangerEventHandler); 
_alice_otr_session_manager.CreateOTRSession(_my_buddy_unique_id);
_alice_otr_session_manager.RequestOTRSession(_my_buddy_unique_id, 
  OTRSessionManager.GetSupportedOTRVersionList()[0]);


Observe that the OTR manager is initialized using your unique ID. As soon as the OTR manager is initialized,  it must be connected to the OTR event handler. See the OTR Event section for a description of these event types.

Read more: Codeproject
QR: Inline image 1