SILC (protocol)
Encyclopedia
SILC is a protocol that provides secure synchronous conferencing
Synchronous conferencing
Synchronous conferencing is the formal term used in science, in particular in computer-mediated communication, collaboration and learning, to describe online chat technologies. It has arisen at a time when the term chat had a negative connotation...
services (very much like IRC) over the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
.
Components
The SILC protocol can be divided in three main parts: SILC Key Exchange (SKE) protocol, SILC Authentication protocol and SILC Packet protocol. SILC protocol additionally defines SILC Commands that are used to manage the SILC session. SILC provides channels (groups), nicknames, private messages, and other common features. However, SILC nicknames, in contrast to many other protocols (e.g. IRC), are not unique; a user is able to use any nickname, even if one is already in use. The real identification in the protocol is performed by unique Client ID . The SILC protocol uses this to overcome nickname collision, a problem present in many other protocols. All messages sent in a SILC network are binary, allowing them to contain any type of data, including text, video, audio, and other multimediaMultimedia
Multimedia is media and content that uses a combination of different content forms. The term can be used as a noun or as an adjective describing a medium as having multiple content forms. The term is used in contrast to media which use only rudimentary computer display such as text-only, or...
data.
The SKE protocol is used to establish session key
Session key
A session key is a single-use symmetric key used for encrypting all messages in one communication session. A closely related term is traffic encryption key or TEK, which refers to any key used to encrypt messages, as opposed to other uses, like encrypting other keys .Session keys can introduce...
and other security parameters for protecting the SILC Packet protocol. The SKE itself is based on the Diffie-Hellman key exchange algorithm (a form of asymmetric cryptography) and the exchange is protected with digital signatures. The SILC Authentication protocol is performed after successful SKE protocol execution to authenticate a client and/or a server. The authentication may be based on passphrase
Passphrase
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs...
or on digital signatures, and if successful gives access to the relevant SILC network. The SILC Packet protocol is intended to be a secure binary packet protocol, assuring that the content of each packet (consisting of a packet header and packet payload) is secured and authenticated. The packets are secured using algorithms based on symmetric cryptography and authenticated by using Message Authentication Code
Message authentication code
In cryptography, a message authentication code is a short piece of information used to authenticate a message.A MAC algorithm, sometimes called a keyed hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC...
algorithm, HMAC
HMAC
In cryptography, HMAC is a specific construction for calculating a message authentication code involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message...
.
SILC channels (groups) are protected by using symmetric channel keys. It is optionally possible to digitally sign all channel messages. It is also possible to protect messages with a privately-generated channel key that has been previously agreed upon by channel members. Private messages between users in a SILC network are protected with session keys. It is, however, possible to execute SKE protocol between two users and use the generated key to protect private messages. Private messages may be optionally digitally signed. When messages are secured with key material generated with the SKE protocol or previously agreed upon key material (for example, passphrase
Passphrase
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs...
s) SILC provides security even when the SILC server may be compromised.
History
SILC was designed by Pekka Riikonen between 1996 and 1999 and first released in public in summer 2000 . A clientClient (computing)
A client is an application or system that accesses a service made available by a server. The server is often on another computer system, in which case the client accesses the service by way of a network....
and a server
Server (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
were written. Protocol specifications were proposed and iterated through the IETF in 2004 but ultimately request for publication was denied and SILC is not an IETF agreed protocol.
At present time, there are several clients, the most advanced being the official SILC client and an irssi
Irssi
Irssi is an IRC client program for Linux, Microsoft Windows, and Mac OS X. It was originally written by Timo Sirainen, and released under the terms of the GNU General Public License in January 1999.-Features:...
plugin. SILC protocol is also integrated to the popular Pidgin instant messaging client. Other GUI
Gui
Gui or guee is a generic term to refer to grilled dishes in Korean cuisine. These most commonly have meat or fish as their primary ingredient, but may in some cases also comprise grilled vegetables or other vegetarian ingredients. The term derives from the verb, "gupda" in Korean, which literally...
clients are Silky and Colloquy
Colloquy (IRC client)
Colloquy is an open-source IRC, SILC, ICB and XMPP client for Mac OS X. Colloquy uses its own core, known as Chat Core, although in the past it used Irssi as its IRC protocol engine. One of the primary goals behind Colloquy was to create an IRC, SILC and ICB client with Mac OS X visuals...
.
The Silky client was put on hold and abandoned on the 18th of July 2007, due to inactivity for several years . The latest news on the Silky website was that the client was to be completely rewritten.
As of 2008, three SILC protocol implementations have been written http://silcnet.org/community/links/.
Most SILC clients use libsilc, part of the SILC Toolkit.
The SILC Toolkit is dual-licensed and distributed under both the GNU General Public License (GPL) and the revised BSD licensehttp://silcnet.org/software/developers/toolkit/licensing.php.
Security
As described in the SILC FAQ, chats are secured through the generation of symmetric encryption keys. These keys have to be generated somewhere, and this occurs on the server. This means that chats might be compromised, if the server itself is compromised. This is just a version of the Man in the MiddleMan in the middle
Man in the middle may refer to:* Man-in-the-middle attack, a form of cryptographic attack* Man in the Middle , a 1963 movie* Man In The Middle , a memoir of basketballer John Amaechi-In music:...
attack. The solution offered is that chat members generate their own public-private keypair for asymmetric encryption. The private key is shared only by the chat members, and this is done out of band. The public key is used to encrypt messages into the channel. This approach is still open to compromise, if one of the members of the chat should have their private key compromised, or if they should share the key with another, without agreement of the group.
See also
- Synchronous conferencingSynchronous conferencingSynchronous conferencing is the formal term used in science, in particular in computer-mediated communication, collaboration and learning, to describe online chat technologies. It has arisen at a time when the term chat had a negative connotation...
- Comparison of instant messaging protocols
- Multiprotocol instant messaging applicationMultiprotocol instant messaging applicationA multiprotocol instant messaging application is client software composed of an IM application which may connect to multiple IM networks. The networks supported include: AOL Instant Messenger, ICQ, XMPP , MSN Messenger, QQ, Yahoo! Messenger, as well as specialized networks such as Novell GroupWise...
- Public-key cryptographyPublic-key cryptographyPublic-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...
External links
- The SILC Project
- Silky, GUI SILC client
- Silc Improved, minimalistic SILC client using FIFOs
- Kopete SILC Plugin
- Silsa, GUI SILC Client, part of Equinox Desktop Environment (EDE)