Crypho Security Whitepaper



Similar documents
Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Usable Crypto: Introducing minilock. Nadim Kobeissi HOPE X, NYC, 2014

Bit Chat: A Peer-to-Peer Instant Messenger

Analyzing the Security Schemes of Various Cloud Storage Services

White Paper: Multi-Factor Authentication Platform

Our Key Security Features Are:

True Key by Intel Security

The Security Behind Sticky Password

Security Architecture Whitepaper

High Security Online Backup. A Cyphertite White Paper February, Cloud-Based Backup Storage Threat Models

Dashlane Security Whitepaper

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

CrashPlan Security SECURITY CONTEXT TECHNOLOGY

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Complying with PCI Data Security

Hushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications

How to Send Stealth Text From Your Cell Phone

SENSE Security overview 2014

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Ciphire Mail. Abstract

Compliance and Security Challenges with Remote Administration

SECURITY IN NETWORKS

LBSEC.

Apache Milagro (incubating) An Introduction ApacheCon North America

Crypton: Zero-Knowledge Application Framework

SecureCom Mobile s mission is to help people keep their private communication private.

Application Layer Encryption: Protecting against Application Logic and Session Theft Attacks. Whitepaper

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

SSL BEST PRACTICES OVERVIEW

JVA-122. Secure Java Web Development

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

SecureAge SecureDs Data Breach Prevention Solution

SEC100 Secure Authentication and Data Transfer with SAP Single Sign-On. Public

HIPAA Privacy & Security White Paper

Sync Security and Privacy Brief

Sectra Communications ensuring security with flexibility

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

Criteria for web application security check. Version

Applying Cryptography as a Service to Mobile Applications

Security Controls for the Autodesk 360 Managed Services

Credit Card Security

Packet Level Authentication Overview

Security in Android apps

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Internet Programming. Security

Network Security. HIT Shimrit Tzur-David

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

efolder White Paper: The Truth about Data Integrity: 5 Questions to ask your Online Backup Provider

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

FileRunner Security Overview. An overview of the security protocols associated with the FileRunner file delivery application

IT Networks & Security CERT Luncheon Series: Cryptography

Chapter 6 Electronic Mail Security

Keeper Password Manager & Digital Vault

SAP Single Sign-On 2.0 Overview Presentation

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

Michael Seltzer COMP 116: Security Final Paper. Client Side Encryption in the Web Browser Mentor: Ming Chow

CS 758: Cryptography / Network Security

WHITE PAPER AUGUST Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Network Security Protocols

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

Hack Proof Your Webapps

Key & Data Storage on Mobile Devices

Introduction to Computer Security

FileCloud Security FAQ

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Improving Online Security with Strong, Personalized User Authentication

Multi Factor Authentication API

Two Factor Zero Knowledge Proof Authentication System

Is Your SSL Website and Mobile App Really Secure?

Manual for Android 1.5

Two Factor Authentication - USER GUIDE

Chapter 10. Network Security

WEBSITE PRIVACY POLICY. Last modified 10/20/11

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

Is your data safe out there? -A white Paper on Online Security

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

Authentication Types. Password-based Authentication. Off-Line Password Guessing

How Secure is Authentication?

Device-Centric Authentication and WebCrypto

Transport Layer Security Protocols

Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...

Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1

STRONGER AUTHENTICATION for CA SiteMinder

WHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW

DRAFT Standard Statement Encryption

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University

How To Encrypt Data With Encryption

RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide

WIRELESS LAN SECURITY FUNDAMENTALS

Transcription:

Crypho Security Whitepaper Crypho AS Crypho is an end-to-end encrypted enterprise messenger and file-sharing application. It achieves strong privacy and security using well-known, battle-tested encryption methods. This whitepaper describes key concepts and algorithms used in Crypho. 1 Overview Crypho uses several layers of protection to provide privacy and security. All data is end-to-end encrypted without Crypho or anyone else having access to the encryption keys. There is no way for Crypho or a third party to gain access to any of the data. Even if the data is intercepted, stolen or seized, it is worthless without access to the members keys. Page 1 of 7

2 Generating and storing user encryption keys Every member of Crypho has the following keys that are used to protect her communications: A 256-bit key, K s A public/private El-Gamal key-pair P encryption,pub /P encryption,pr A public/private ECDSA key-pair P signing,pub /P signing,pr When a member registers with Crypho, she creates a passphrase. This passphrase is never communicated to the server or stored on the member s device. The passphrase is further strengthened using the Scrypt[1] key-derivation algorithm to generate a 512-bit long key K which is then split into two such that: K = scrypt(passphrase, salt), K = K s K p (1) where salt is derived from the user s email address. The client also automatically creates an Elliptic-Curve-Cryptography (ECC) El-Gamal key-pair as well as an Elliptic-Curve-Digital-Signature-Algorithm (ECDSA) key-pair. The private parts (P encryption,pr, P signingpr) of the key-pairs are then encrypted with AES-256, using keys derived from K s thus giving the user encrypted versions that only she can decrypt: k encryption = HMAC(K s, S encryption ), k signing = HMAC(K s, S signing ), P encryption,pr = AES(P encryption,pr, k encryption ) P signing,pr = AES(P signing,pr, k signing ) (2) The public keys P encryption,pub, P signing,pub and the encrypted P encryption,pr, P signing,pr are sent to the server and stored. The server never gets to know the passphrase of the user or has any way of deriving it from what it knows. Only the member (using her passphrase) can re-generate K s and decrypt her P encryption,pr, P signing,pr. The second part of K, K p is hashed and stored on the server. It is used for one-step two-factor authentication see section 3 Page 2 of 7

3 Authentication Crypho uses the Time-based One-time Password Algorithm(TOTP)[2] for twofactor authentication. Upon registration the server generates a TOTP secret. The member can then choose to use SMS/text messages to receive TOTP tokens, or to generate them through Crypho s mobile app. To authenticate, the member needs to enter her passphrase, TOTP token and email address. From the passphrase and using Eq. 1 the user obtains K p which is hashed again and sent to the server together with the TOTP token. Hence, the server can verify that the user knows both the passphrase and a valid token and return P encryption,pub, P encryption,pr, P signing,pub, P signing,pr to the user. The user having computed K s can then use Eq. 2 to decrypt her private keys. Crypho limits the number of attempts and will notify the user and staff in case of multiple failed attempts. 4 Instant messaging & file end-to-end encryption When a member initiates a conversation (by accepting an invitation or by creating a group conversation) she generates a random 256bit long conversationspecific key P c. This key is then further encrypted with the public keys of all conversation participants P encryption,pub and stored on the server. Thus, only authenticated users who have access to their private key P encryption,pr can successfully decrypt P c and consecutively decrypt the messages and files of the conversation. In addition P c is hashed and signed by its creator using her P signing,pr. This allows the rest of the members of the conversation to verify its authenticity. In case a user is removed from a conversation, a new key is automatically generated by the user who removed the member and shared through the remaining members public keys. In case a user leaves the conversation, resets her passphrase, or deletes her account, the conversation is tainted, and the next time another member is online she will create a new key and share it. 5 User verification and signing Each user has a fingerprint F u calculated as F u = SHA256(P encryption,pub P signing,pub ), (3) of which the first 64 bits are used. Users can sign each other s fingerprint in an out-of-band fashion verifying thus that the person behind the keys is who Page 3 of 7

they claim they are. To facilitate communication of the keys, Crypho encodes the fingerprint as a QRCode that can be scanned by mobile apps as well as a sequence of words using the algorithm described in mnemonic.js[3]. For example, Alice has the fingerprint 1fa635e9a299cc6e in hexadecimal format. The fingerprint encodes to the sequence [rebel, praise, flirt, truck, park, yet], which Alice can communicate to Bob in a real-life meeting or over the phone. Bob can then input the sequence in Crypho, verify Alice s public keys and sign the fingerprint with his own P signing,pr. Later he can always be assured that a key signed by Alice in one of his conversations has been indeed generated by Alice. 6 Web app security Regardless of the encryption mechanisms described above, all communications between the Crypho servers and web browsers or mobile applications are encrypted using HTTPS/TLS (Transport Layer Security). While this makes no difference to the privacy of the data transmitted (since they are end-toend encrypted) it helps further safeguarding client-server communications and mitigate man-in-the-middle attacks. Crypho pays close attention to security announcements on new vulnerabilities on the HTTPS/TLS protocols and adapts if necessary in a timely fashion. To protect users from cross-site scripting attacks (XSS), Crypho s web app uses Content Security Policies to declare approved sources of content that are allowed to run in the Crypho web application. 7 Mobile app security User interactions such as entering a long passphrase can be a challenge on mobile devices given their small form factor. To solve this problem Crypho developed a secure storage mechanism that uses native device security when available and complements it with strong cryptography when necessary. Thus we allow the member to authenticate without entering her passphrase every time, by cryptographically storing her key-pairs on the device. The member can opt-out of this feature, in which case her passphrase will be required every time she uses the app. This is recommended in hostile environments. To enhance security and transparency, Crypho has released the secure storage plugin as open-source software on Github[4, 5]. Page 4 of 7

8 Privacy, anonymity and metadata Crypho protects the contents of your conversations and files you share by end-to-end encrypting them with keys that are only under your control. Crypho is not anonymous. It aims to keep your data private, while providing all of the features expected by a communication service. For example, Crypho s server is aware of when a new message is posted in a conversation and notifies users via the web or mobile notification system. Since Crypho does not have access to the contents of the conversations, it is impossible to include the content of the message in the notifications (which would in itself pose a security risk). Our servers have no knowledge of your message contents, but store things like your email address, your telephone number, your contacts in Crypho, the IP addresses you use. Crypho also stores additional data such as the time you logged-in, or when a message was sent and by whom. Crypho does not disclose any of this information or share it with third parties, except when needed in order to fulfill its operations, for example sending you an SMS/text message. 9 Operational security/hosting Crypho maintains strict policies on operational security. All our code is peerreviewed for security before deployment and we maintain a large number of automatic tests that target security specifically. No cloud services are used for hosting or storing of the user data. Crypho is hosted on dedicated servers in Norway in order to keep our infrastructure under strict control. All your data is protected by Norwegian law. 10 Responsible vulnerability disclosure We perform regular security audits internally and communicate regularly with security experts globally. Our engineering team has strong security-related background and experience. However, no software is without bugs. If a security vulnerability is found, Crypho will alert users immediately and disclose all information relating to the vulnerability after it is fixed. We strive for transparency and trust. Page 5 of 7

ECC Encryption The ElGamal Elliptic Curve 384bit prime curve is used. AES Authenticated AES with 256bit keys in CCM mode. Scrypt Scrypt algorithm with N = 16384, r = 8, p = 1. Randomness All random numbers/ivs/keys are generated by a derivative of the Fortuna algorithm found in the Stanford Javascript Crypto Library. The entropy generators are initialized with random numbers coming from the builtin strong cryptographic RNG of the browsers. Crypto primitives All crypto primitives used by Crypho are based on the Stanford Javascript Crypto Library [?]. Table 1: Cryptography primitives 11 Data ownership All information exchanged using Crypho s service is owned by the members participating in the conversation. Crypho does not not claim any ownership of this data. Our architecture additionally makes it impossible for us to decrypt and access it. 12 Cryptography details Crypho uses well known and battle-proven encryption algorithms and libraries to ensure privacy as shown in Table 1. Additionally the following Crypho open-source libraries are used on mobile for native fast cryptographic operations: SecureStorage plugin for ios & Android https://github.com/crypho/cordova-plugin-secure-s Scrypt plugin for ios & Android https://github.com/crypho/cordova-plugin-scrypt Page 6 of 7

References [1] The scrypt key derivation function http://www.tarsnap.com/scrypt. html [2] Time-based One-time Password Algorithm https://en.wikipedia.org/ wiki/time-based_one-time_password_algorithm [3] mnemonic.js https://github.com/ggozad/mnemonic.js [4] SecureStorage plugin for ios & Android https://github.com/crypho/ cordova-plugin-secure-storage [5] Scrypt plugin for ios & Android https://github.com/crypho/ cordova-plugin-scrypt [6] Stanford Javascript Crypto Library https://github.com/ bitwiseshiftleft/sjcl Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information