Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Team Qwerty Analysis

advertisement 
CMPE 208
Spring 2006
Homework 2
Submitted on
March 21, 2006
Team : Qwerty
Atmaram, Aparna
mailapr@yahoo.com
Venkatesh Babu
mpvbabu@yahoo.com
TABLE OF CONTENTS
Scenario 1: Send web-based Yahoo Mail ...............................................................................................3
Screenshot 1 .......................................................................................................................................... 3
Screenshot 2 .......................................................................................................................................... 4
Analysis ................................................................................................................................................. 5
How to secure Yahoo Mail?.................................................................................................................. 5
Scenario 2: Send and receive Yahoo Messenger Text IM ....................................................................6
Screenshot 1 .......................................................................................................................................... 6
Screenshot 2 .......................................................................................................................................... 7
Analysis ................................................................................................................................................. 7
Screenshot 3 .......................................................................................................................................... 8
Screenshot 4 .......................................................................................................................................... 9
Analysis ................................................................................................................................................. 9
How to secure Yahoo Messenger Text IM?........................................................................................ 10
Scenario 3: Send and receive Yahoo Messenger PC-to-PC voice call ...............................................11
Screenshot 1 ........................................................................................................................................ 11
Screenshot 2 ........................................................................................................................................ 12
Analysis ............................................................................................................................................... 12
How to secure Yahoo Messenger PC-to-PC voice call? ..................................................................... 13
Scenario 1: Send web-based Yahoo Mail
Screenshot 1
Figure 1: Sending Mail
Screenshot 2
Figure 2: TCP Stream for sending mail
Analysis
1. The Screen shot shows that the first packet is sent from the localhost (192.168.1.100) to the
DNS server (68.87.66.196) to resolve the IP address for host mail.yahoo.com. The resolved IP
address of yahoo mail is 206.190.37.249. This is seen in No. 1 & 2 in the figure1.
2. The connection is then established between the localhost and yahoo mail host. This is taken care
of by the control flow protocol TCP, which can be seen from No. 3 -5 in figure1.
3. In No.8, HTTP is seen to be carrying the email information. The No.20 is the response that says
200 OK which means that the mail has been sent.
4. No.37 in figure1 is the smiley face that is either yellow to indicate the user to be online or grey
if user is offline.
5. No.71 and 74 seem to be ads. There are so many packet transfers that are related to the ads on
the webpage.
6. The contents of the mail transmitted are not encrypted. So, there is a possibility of
eavesdropping.
How to secure Yahoo Mail?
Currently Digital signatures and message encryption are not supported by Yahoo Mail. Using one of
the methods yahoo mail can be secured:
1. For web based email it is more convenient to setup shared secret key generated using strong Crypto
random safe algorithms between yahoo mail server and Client when user logs on. Encrypt all email
related information using shared secret key on Sender’s client side. Mail server side decrypts all email
related information using same shared secret key. When Receiver’s accesses email, email information
is encrypted by yahoo mail server using shared secret key and Receiver’s client side decrypts the email
message before display.
2. When user uses same workstation/laptop for email. Digital Signature and message encryption can be
supported using public and private keys pair issued from CA. Both Sender and Receiver need to have
certificates. Sender can create digital signature using cryptographic hash function and also encrypt
email information using his private key. Receiver can decrypt email information using sender’s public
key and also verify signature by computing hash value using same hash function.
Scenario 2: Send and receive Yahoo Messenger Text IM
Screenshot 1
Figure 3: Send and Receive Text IM between hosts that are not behind a firewall
Screenshot 2
Figure 4: TCP Stream of text IM
Analysis
1. YMSG protocol is connected to the port 5050 by default
2. The communication through the entire time takes place using TCP at the default port 5050
3. The contents through the text IM are also plain text similar to the mail message that
encourages eavesdropping. The above screenshot shows that.
Screenshot 3
Figure 5: Send and Receive Text IM between hosts that are behind a firewall
Screenshot 4
Figure 6: TCP Stream of text IM
Analysis
1. Figure 5 shows the usage of STUN protocol. This protocol allows clients behind NAT to
find out its public addresses
2. The UDP protocols appears because the other host is connected to VPN
3. Figure 6 clearly shows the plaintext content of the text IM
How to secure Yahoo Messenger Text IM?
Currently Message text is not encrypted. Yahoo Messenger IM text can be secured using one of the
following methods:
1. Sender and Receiver Yahoo Messenger can setup unique secure secret key generated using strong
Crypto random safe algorithms when they start connection. Secret key generated should be unique for a
given session. IM text can be encrypted on sender side and decrypted on receiver side using symmetric
secure secret key.
2. Use Digital Certificate including both the public and the private keys issued from CA. Sender side
messenger need to encrypt the Yahoo Messenger IM text using his private key. Receiver side
messenger need to decrypt the message using senders public key.
Scenario 3: Send and receive Yahoo Messenger PC-to-PC voice
call
Screenshot 1
Figure 7: Send and Receive PC-to-PC voice call between hosts that are not behind firewall
Screenshot 2
Figure 8: TCP Stream of voice IM
Analysis
1. The connection establishment is carried by SSL
2. SIP is used over TCP to setup and teardown the voice call
How to secure Yahoo Messenger PC-to-PC voice call?
Since PK cryptography is generally slower. It is also very important that encryption/decryption should
be very fast for good voice quality. Sender and Receiver’s Yahoo Messenger can setup unique secure
secret key generated using strong Crypto random safe algorithms. Secret key generated should be
unique for given session. Voice data can be encrypted on sender side and decrypted on receiver side
using symmetric secure secret key.
Related documents
leadership
leadership
CL – Customer Service Kristy Sample
CL – Customer Service Kristy Sample
Email Basics
Email Basics
wassFinalProject
wassFinalProject
AER Louisiana
AER Louisiana
List of UNESCO National Commission New Member 2014.doc
List of UNESCO National Commission New Member 2014.doc
Julie Baker - Institute of Fundraising
Julie Baker - Institute of Fundraising
Retired Unit Representatives
Retired Unit Representatives
Download
advertisement