Instant Messaging (IM) is a new set of communication applications and protocols that have widely spread all over Internet. Acceptable delay and jitter of the applications allows users to establish one-to-one or one-to-many written conversations, which complement classical e-mail and phone communication mechanisms.
The speed of this deployment is not only due to the fact that it is a useful application, but that it was from the beginning freely available and simple to use. A regular user can download and install an IM client and set it up. IM clients are designed to require almost no configuration and they can adjust their communication mechanism to bypass firewalls or HTTP proxies.
This facts inverted the way applications are deployed in organizations. Network administrators found themselves with a new application already deployed, and being used not only by employees but managers.
The general misconception is that text messages are harmless: it is only text. Thus, the most common security scenario for IM deployment within organizations is to allow only text messages and block other exchanges.
With this in mind a proof of concept prototype was developed: IPoIM. The IPoIM is a modified IM client that allows IP traffic tunneling through publicly available IM servers. When a IM connection is established between two IPoIM clients, the IM channel is turned into an IP tunnel. Moreover, TLS is used to provide end-to-end encryption and privacy. The IP tunnel allows to route IP traffic between connected sites.
IPoIM client is based on Open/Free projects and is available for Windows and Linux.
Architectural and implementation characteristics, together with the initial results of this experiment are presented in this paper. Ongoing work regarding security implications and countermeasures is also suggested.
Ariel Sabiguero is a Software Engineer since 1997, who has a MSc degree since 2003. He is actually a PhD student in a cotutelle program between the IRISA Labs in Rennes,
France and PEDECIBA in Montevideo, Uruguay.
He works at the Engineering's Faculty, Universidad de la República, Uruguay since 1996 and he is actually an Assistant Professor at the Operations Research Department of the Computer Science Institute.
He has published and presented different articles, mainly in the field of Network Protocol Testing.
His research interests include protocol testing, IPV6, computer security, computer based simulation, amongst others.
He has directed several thesis grade projects.
On the industry field he has experience as a Consultant in Information Systems Security and Networking.