Inlämning av Examensarbete / Submission of Thesis

Martin Kling MCS-2003-04, pp. 28. Inst. för programvaruteknik och datavetenskap/Dept. of Software Engineering and Computer Science, 2003.

The work

Författare / Author: Martin Kling
rune.gustavsson@bth.se
Titel / Title: Unsecured sessions with ICQ - applying forensic computing
Abstrakt Abstract:

Digital evidence is becoming more and more frequent and important in investigations carried out by the police. To make the correct judgements, the police force needs to know what one can do with ICQ and in what ways it can be exploited.

This thesis aims to point out weaknesses in ICQ that can aid the police in their work. But these weaknesses can not only be used by the police, also crackers can perform malicious acts with them. Therefore, I investigated if the use of ICQ resulted in non-secure sessions.

To investigate ICQ’s security, I divided a session into an authentication phase, sending of messages, and the protection of stored messages in a history file. While investigating ICQ, I sniffed its Internet traffic and monitored files on the computer’s hard drive with MD5 checksums. I have investigated the following three ICQ applications: ICQ Pro 2003a, ICQ2Go and the Linux clone Licq.

The result of the entire investigation showed that ICQ had a non-secured authentication phase, non-secured messages and no protection for stored messages. From these results the main conclusion was derived: The use of ICQ resulted in non-secure instant messaging sessions.

Your ICQ account can be hijacked and another person can impersonate you and send messages that you dislike. Also, your messages can be intercepted on the Internet and their content can be read. If your computer is compromised, all your previous messages on ICQ Pro 2003a and Licq can be read.

Ämnesord / Subject: Datavetenskap - Computer Science\Networks and Communications
Datavetenskap - Computer Science\Computersystems
Nyckelord / Keywords: ICQ, Instant Messaging, Forensic computing, Digital evidence

Publication info

Dokument id / Document id:
Program:/ Programme Magisterprogram Datavetenskap, 40 poäng/Master programme Computer Science
Registreringsdatum / Date of registration: 09/16/2004
Uppsatstyp / Type of thesis: D-Uppsats/Magister/Master

Context

Handledare / Supervisor: Ph.D. Bengt Carlsson
bca@bth.se
Examinator / Examiner: Rune Gustavsson
Organisation / Organisation: Blekinge Institute of Technology
Institution / School: Inst. för programvaruteknik och datavetenskap/Dept. of Software Engineering and Computer Science
Inst. för Programvaruteknik och Datavetenskap S-372 25 Ronneby
+46 455 38 50 00
http://www.ipd.bth.se/
I samarbete med / In co-operation with: Rikskriminalpolisen
Anmärkningar / Comments:

Martin Kling
Fältv 17
SE-291 39 Kristianstad
martinkling@hotmail.com
0733691999

Files & Access

Bifogad uppsats fil(er) / Files attached: master.thesis.icq.pdf (1033 kB, öppnas i nytt fönster)