Secure instant messaging means the message which is secured from hacking or Data tempering from the outside users. It’s an informal means for the users to exchange messages highly known as “chats”. It can be regarded as the shorter version of emailing. It replaces calling over the phone by sending a text message. The most important feature of instant messaging is that it is very much short full of jargons or implied words, to which both the receiver and senders are familiar with.
Instant messaging has been practiced in different forms over the decades. The main benefit for which it has replaced Email is that it’s much shorter and fast to use. Each user is logged in to a piece of software that connects it to the common server during the chat sessions. Over the times, two types of use of instant messaging have evolved.
Importance of security issue of instant messaging system has been accelerated in relation to its popularity. Day by day people are using more and more instant messages, exposing them to higher level risk of hacking their PC, mobile phone set and stealing their sensitive data including vital personal and credit card information.
The risk is unimaginable in situation like the online shoppers are buying products from online stores by inputting their secret credit card information and in the middle of the transaction process it has been hacked. This result in the vital information relating to credit card has fallen into the hands of a rogue who use it for unauthorized credit card transactions, making the card user, issuer and the merchant vulnerable to fraud forgery. To make the instant messaging system more secured, its service providers and corporate bodies like financial institution incurs a sizable amount of money each year.
The first one is by institutional user who belongs to the same organization.
And the second type is the individual users who are casual in intention of chatting and chat during their leisure period. They are more likely to be family and friends.
Security risks are more threatening in the corporate setting than individual settings. An employee with ill motive can message some vital company data to an outsider, who may use it for any malicious purpose. The opposite may also happen like a rogue employee can download software with the intention of hacking the username and password in addition to sophisticated data stored in the server of the office. Typically, the organization itself allocates each of its employees with a login ID and authority justifiable to use the messaging system. Thus the organization can identify, track and record all use of any particular user system on their servers.
The specialized requirements of the organizational messaging system, however, run almost completely contrary to what an individual user may need. Typically non-organizational use instant messengers advertise their availability to the Internet at large so that others may know if that person is online. The trend has been too that manufacturers of instant messaging clients offer interoperability with other manufacturer’s clients.
To ensure the security of instant messaging system messenger service providers follow these security measures:
i. Data are encrypted in transit throughout the whole communication path.
ii. End-to-end encryptions are made with keys, to which the provider does not have any access.
iii. Enabling the options for users to independently verify the identity of their counterparts such as by comparing key fingerprints.
iv. Ensuring the security of the encryption keys which data are stolen.
v. Making the source code open for independent review.
vi. Security designs of the software’s are made well-documented.
vii. Having a recent independent security audit.