IV. Trillian Encryption

Trillian version .74 and 1.0 both support Secure Instant Messaging for AOL and ICQ.

This is a key feature of Trillian that must be examined in order to validate whether

Trillian truly supports sending secure IM across the public Internet. Trillian uses a

combination of the Diffie-Hellman key exchange with 128-bit Blowfish Encryption in

order to secure AOL and ICQ forms of messaging. This combination provides Trillian

with a basis for sending and receiving Instant Messages securely from one Trillian user

to another. Both the source and destination user must use Trillian in order for a secure

link to be established.

A. Diffie-Hellman Key Exchange System

The Diffie-Hellman key exchange system was publicly introduced in 1976 by Whitfield

Diffie and Martin Hellman. It was the first system to use a “public key” or “asymmetrical”

key (Palmgren, 2003). An asymmetrical key is unique for each user, but mathematically

can be used to derive a common key. The procedures used in the Diffie-Hellman key

exchange are provided in Figures 2 - 6. The process is diagramed in the most basic

method with integration of how it is used in the Trillian application. The key exchange

uses modular mathematics to derive the shared secret key and is depicted by the

mathematical operator icon in the process flow in Figure 4. The six steps of the process

are as follows:

Step 1 – Generate Public and Private Keys

Both User A and User B create private keys. From their private key they create a public

key. At this point all keys are unique, but mathematically will be used to derive a shared

key, which is identical for both User A and User B.

Step 2 – Transfer Public Keys

User A transfers his public key to User B. User B transfers his public key to User A.

Each user now has their private key and the other user’s public key.

Step 3 – Derive Shared Secret

Each user derives the common shared secret key by running a mathematical operation

against their private Key and the other user’s public Key. The mathematical operation

results in an identical shared secret key which will be used by both users to transfer the

symmetrical key which is detailed in Step 4.

Step 4 – Transfer 128-bit Blowfish Symmetric Key

The symmetrical key is then used to pass data. Using a symmetrical key for the actual

data transfer allows for quicker encryption and decryption within the system. Trillian

uses 128-bit Blowfish encryption for its symmetrical keys. In this step, the symmetrical

key is passed from User A to User B. The shared secret key facilitates the secure

transmission of the 128-bit Blowfish symmetric key.

Step 5 – Encrypt Data Using Symmetric Key

At this point a secure 128-bit symmetric key has been passed between User A and User

B. The symmetric key is used to encrypt and decrypt all data transmissions between

User A and User B.

The Diffie-Hellman key exchange primary limitation is in a susceptibility to man-in-themiddle

attacks. This type of attack occurs in the following manner:

User A sends his public key to User B, User C intercepts the key and sends his

public key to User B instead.

Upon receiving the key, User B sends his public key back to User A. User C

intercepts the key and sends his key to User A.

User A and User C agree on one shared key, while User B and User C agree on

another shared key.

After this, User C decrypts any message sent out by User A or User B, reads

and modifies them, re-encrypts them with appropriate shared key and sends

them to the perspective user.

This traditional limitation can be resolved by incorporating digital certificates and the

station-to-station protocol. In the case of Trillian, users connect via authentication to

the IM vendor specific servers. A specific user is selected to start a Secure IM session

and an assumption is made that the individual logged in is that particular user. At this

time, the Diffie-Hellman process begins. Under these conditions a man-in-the-middle

attack is less likely. It would be more likely for someone to crack a user’s password

and attempt to impersonate a user, than to try to act as a middle man.

The Diffie-Hellman key exchange process has been in existence for over 25 years.

Outside the man-in-the-middle attack, this process has stood the test of time. It is

widely used and accepted in the industry as a leader in securely passing keys.

B. Trillian Encryption – 128-bit Blowfish Encryption

Trillian uses 128-bit Blowfish symmetrical keys for data transmission. Symmetrical keys

are used instead of asymmetrical keys, because they provide faster data transmission.

Also, encryption and decryption of data takes place more effectively than in a system

with asymmetrical keys.

Blowfish is a block cipher designed in 1993 by Bruce Schneier as a fast and free

alternative to existing encryption algorithms. Blowfish has been analyzed for the past

10 years and no significant weakness has been found in the algorithm. Because of its

strength it has been implemented in over 130 commercial applications. Blowfish uses a

64-bit block cipher which means it encrypts and decrypts data in chunks of 64-bits. The

key length varies from 32 to 448 bits. Trillian uses a 128-bit key length (“Blowfish

Encryption”, 2003).

A block cipher such as Blowfish can be explained in simple terms through Figure 7.

The block cipher uses a mathematical computation in order to transform the Plaintext

Block and the Key into a Ciphertext Block output (“Block Cipher”, 2003). The

mathematical process is significantly complex in nature. In general, the algorithm

consists of a data-encryption piece that converts the 128-bit key into several sub key

arrays. Data-encryption occurs via 16 passes through the complex set of key and datadependent

substitutions and permutations (Schneier, 2003).

Although effective in encrypting and decrypting the data, a larger key would prove more

valuable and secure. The larger the key, the more difficult it would be to crack, so it is

recommended that Trillian move to a larger key at some point.