SILC (protocol)

SILC (Secure Internet Live Conferencing protocol) is a protocol that provides secure synchronous conferencing services (very much like IRC) over the Internet.[1]

Components

The SILC protocol can be divided in three main parts: SILC Key Exchange (SKE) protocol, SILC Authentication protocol and SILC Packet protocol. SILC protocol additionally defines SILC Commands that are used to manage the SILC session. SILC provides channels (groups), nicknames, private messages, and other common features. However, SILC nicknames, in contrast to many other protocols (e.g. IRC), are not unique; a user is able to use any nickname, even if one is already in use. The real identification in the protocol is performed by unique Client ID.[2] The SILC protocol uses this to overcome nickname collision, a problem present in many other protocols. All messages sent in a SILC network are binary, allowing them to contain any type of data, including text, video, audio, and other multimedia data. The SKE protocol is used to establish session key and other security parameters for protecting the SILC Packet protocol. The SKE itself is based on the Diffie-Hellman key exchange algorithm (a form of asymmetric cryptography) and the exchange is protected with digital signatures. The SILC Authentication protocol is performed after successful SKE protocol execution to authenticate a client and/or a server. The authentication may be based on passphrase or on digital signatures, and if successful gives access to the relevant SILC network. The SILC Packet protocol is intended to be a secure binary packet protocol, assuring that the content of each packet (consisting of a packet header and packet payload) is secured and authenticated. The packets are secured using algorithms based on symmetric cryptography and authenticated by using Message Authentication Code algorithm, HMAC.

SILC channels (groups) are protected by using symmetric channel keys. It is optionally possible to digitally sign all channel messages. It is also possible to protect messages with a privately generated channel key that has been previously agreed upon by channel members. Private messages between users in a SILC network are protected with session keys. It is, however, possible to execute SKE protocol between two users and use the generated key to protect private messages. Private messages may be optionally digitally signed. When messages are secured with key material generated with the SKE protocol or previously agreed upon key material (for example, passphrases) SILC provides security even when the SILC server may be compromised.

History

SILC was designed by Pekka Riikonen between 1996 and 1999 and first released in public in summer 2000.[3] A client and a server were written. Protocol specifications were proposed, but ultimately request for publication was denied in June 2004 by IESG[4] and no RFC has been published to date.

At present time, there are several clients, the most advanced being the official SILC client and an irssi plugin. SILC protocol is also integrated to the popular Pidgin instant messaging client. Other GUI clients are Silky and Colloquy. The Silky client was put on hold and abandoned on the 18th of July 2007, due to inactivity for several years.[5] The latest news on the Silky website was that the client was to be completely rewritten.

As of 2008, three SILC protocol implementations have been written.[6] Most SILC clients use libsilc, part of the SILC Toolkit. The SILC Toolkit is dual-licensed and distributed under both the GNU General Public License (GPL) and the revised BSD license.[7]

Security

As described in the SILC FAQ, chats are secured through the generation of symmetric encryption keys. These keys have to be generated somewhere, and this occurs on the server. This means that chats might be compromised, if the server itself is compromised. This is just a version of the man-in-the-middle attack. The solution offered is that chat members generate their own public-private keypair for asymmetric encryption. The private key is shared only by the chat members, and this is done out of band. The public key is used to encrypt messages into the channel. This approach is still open to compromise, if one of the members of the chat should have their private key compromised, or if they should share the key with another, without agreement of the group.

Networks

SILC uses a similar pattern to IRC, in that there is no global "SILC network" but many small independent networks consisting of one or several servers each, although it is claimed that SILC can scale better with many servers in a single network.

The "original" network is called SILCNet, at the silc.silcnet.org round-robin. However, as of May 2014, it has only one active (though unstable) server out of four.

Several other public networks are known, as in the "External links" section below. Most of them, however, have also shut down due to declining popularity of SILC.[8]

See also

References

External links