Moderne Instant-Messaging-Systeme als Plattform für sicherheitskritische kollaborative Anwendungen
(2010)
Many Instant Messaging (IM) systems like Skype or Spark offer extended services, e.g., file sharing, VoIP, or shared whiteboard functionality. IM applications are predominantly used for a spontaneous text-based communication for private purposes. In addition, there is a potential to use such applications in a business context. In particular, the discussion in this dissertation shows that IM systems can serve as platforms for secure collaborative applications (e.g., electronic contract negotiation, e-payment or electronic voting). On the one hand, such applications have to deal with many challenges, e.g., time constraints (an "instant" communication is desired), the integration of multiple media channels and the absence of one unifying "sphere of control" covering all participants. On the other hand, instant messaging systems provide many advantages, e.g., (i) a spontaneous and flexible usage, (ii) easy distribution of information to many participants and (iii) the availability of different channels for the tasks at hand. The original intention of these systems (spontaneous free-flowing information exchange), their modular construction, the unsupervised installation and the ability to easily transmit information over a multitude of channels raise many questions and challenges for IT security. For example, one needs to consider how to contain confidential information, how to verify the authenticity of a communication partner, or how to ensure the non-repudiation of statements. This thesis aims to design security mechanisms that allow to use IM systems as a platform for a collaboration that is both (i) spontaneous and flexible as well as (ii) secure, authentic and non-repudiable. Example applications where such collaboration platforms could be used are the electronic negotiation of contracts, electronic payments or electronic voting.