<![CDATA[In the past, web-based chat application didn’t consider security as part of must-have requirement, thus many insecure examples were broken in short time after it was released. Data sniffing is one common attack that could be used to attack insecure applications because the data was transferred using an insecure medium, which is HTTP. We propose a new web-based chat application that is built based on HTML5 WebSocket technology using Socket.IO library to improve confidentiality of the messages sent between two or multiple parties. We combine it with NodeJS and Express to facilitate real-time discussion between client and server and vice versa. We also use Rijndael (known as AES - Advanced Encryption Standard) to make sure that the message stays confidential and only known by sender and receiver. To satisfy the integrity property, we apply SHA-3 hash function. By combining SSL/TLS, AES, and SHA-3 hash function, we have added multiple layer of security inside this application and no additional effort needed by the user. Based on conducted experiments, we can conclude that this application could satisfy security requirements (confidentiality and integrity), either on the client or server side.]]>
Copyrights © 2015
