| In recent years,with the development of mobile Internet technology and the popularity of mobile devices,instant messaging application has become an important tool for people's daily social interaction due to its flexibility and convenience,and the security issues have increasingly become the focus.However,the security protocols used in the current mainstream applications are mainly privatized,and can not be truly open and transparent.while designing the application system architecture,its security is mainly depended on server,which can not guarantee the message security transmission between client and client.Meanwhile,due to the open source of Android system and the fragmentation of Android terminals,the secure storage of local data on Android is not guaranteed effectively.Based on the above reasons,this thesis mainly solved the security problems in instant messaging application from three aspects: http request security between server and client,communication security between client and client,and client local data storage security.For the above security issues,the thesis first analyzed the HTTP security vulnerabilities,and realized the secure communication in HTTP requests based on the SSL/TLS protocol.Secondly,WebSocket protocol was analyzed in detail,based on this protocol,this thesis designed and implemented a real-time communication message.At the same time,the thesis analyzed the design principle and details of SCIMP protocol in key negotiation and symmetric encryption by end to end,then realized the SCIMP protocol by Java,to complete the end to end key negotiation and symmetric chat data encryption,solved the security problem between client and client.Finally,based on SQLCipher open source technology,the local secure storage of user data on the Android devices was realized.Based on the analysis of above protocols,the thesis designed and implemented an end-to-end security instant messaging application system,which can carry out effective information transmission,and encrypt the transmitted information to ensure its security.At the same time,the system realized the safe storage of local data and effectively solved the security problems in the instant communication application system.At present,the security of the mainstream instant messaging application system is mainly depended on the server.The innovation of this paper is independent on the server,the client implemented key management and consultation,guaranteed security message by end-to-end,and solved the local safe storage of data on the Android client,which may be used for reference for the future design of the system.The instant messaging application system designed in this paper is applicable to the scenario where the server resources are limited,and it can not rely on the server side,but also solve the problem of the secure transmission of the end-to-end message and the secure storage of message data in Android.Through system testing,the system meets the end-to-end security requirements.Under the condition of good network environment,the key negotiation time is controlled at about 350 milliseconds,which enables fast key agreement.At the same time,the key agreement protocol adopted in this paper can not only be applied to the field of instant messaging,but also play a role in the application of self-organizing network,providing a solution for end-to-end message security transmission. |
PDF Full Text Request