Building community in your area? Check out the Community Organizers Handbook. Includes everything you need to start and grow a NetSquared Local group or any other community-powered program.
NetSquared is an initiative ofTechSoup
NetSquared enables social benefit organizations to leverage the tools of the social web.
Encrypted Instant Messaging for Java Phones
Challenges Entered:
What?
- A low-footprint, secure client for mobile instant messaging (IM), using the open Off-the-record (OTR) messaging protocol
- Support for an open-access owner community of users and developers.
On desktop PCs, the off-the-record messaging protocol (OTR) is the de facto standard for secure IM. Our mobile instant messaging client will provide a limited implementation of OTR, targeted at basic Java phones, with limited memory and storage requirements. It will be freely available to download, and licensed under an open source license so that it can be freely modified, extended and translated. We hope also hope that, by developing a tool to fill a need not met in commercial systems, this project will contribute to linking the technical and activist communities.
Why?
Voice and text messages on mobile networks are not secure, and interception of communication is technically fairly straightforward. In the case of an authoritarian regime that can reasonably be expected to secure the co-operation of a network operator, encryption of sensitive information is vital.
While encrypted SMS clients exist, and these still encrypt the message but do not provide verification of the identity of the sender/receiver. Additionally, many are not open source, opening the way for hidden security holes and back doors in their source code.
Secure instant messaging provides:
1. Encryption - no one else can read your messages
2. Authentication - you are assured your correspondent is who you think it is
3. Deniability - messages cannot be linked back to you
An open source solution allows independent verification of the integrity of the the code, without in any way compromising the security of the encryption and authentication algorithms.
How?
The OTR (Off-the-record) messaging protocol works as follows
1. Parties who wish to correspond (for example, Alice and Bob) open up the application on their mobile devices.
2. Alice signals to Bob that she wishes to start a private conversation, via the application.
3. Bob's application initiates the authentication procedure that will verify both Alice's and his identity.
4. Once completed, both mobile devices are "paired" and are able to communicate privately.
Our mobile implementation of OTR will work within the limitations of Java-enabled mobile phones, aiming to be usable even on low-end devices. We'll also prioritise low-cost international communication by using packet data (GPRS) as the bearer service.
Subscribe
NetSquared Newsletters:
>>Subscribe to NetSquared News and other email updates.
NetSquared Community Blog:
>> Subscribe to the Community Blog RSS feed.
>> Subscribe to the Community Blog comments RSS feed.
