If I say that for everyone – it’s true. However, there are professional groups or industries for which security is key – they include lawyers, people associated with private banking, key managers responsible for transactions involving millions, brokers, business managers, people responsible for company finances … you can continue naming for a long time. Just think what would happen if the information we send went to the competition or the other side in a lawsuit. Bank statements, research and development projects, offers and commercial contracts should be particularly protected. This certainly applies to people for whom the way of life or privacy of contacts are an important element of existence.
There are quite a few solutions on the market that allow for data encryption or mobile communication. What are their ills? When using an SMS or email to confirm the recipient’s identity or when recovering a forgotten password. The SMS comes from the teleoperator, and its security can also be cracked – and here often I do not think about technical, and breaking procedures, even in obtaining a duplicate SIM card. And email? This is one of the easiest communication systems to circumvent.
What else hurts? It hurts that when you launch the communication application, it gains access to our contact book, and then sends it to the application server!
The problem is also that it is not known how popular communication applications work. Source code is not shared. Have you ever wondered why these applications are free? Their maintenance costs money, they are hosted somewhere, someone supports the solution. And these are not the amounts of the household budget. You can assume that someone just has an interest in it. Interest in analyzing data that is sent or allows profiling. Even one of our parliament’s speakers suggested that some things are done for the idea 😉
Do you trust Facebook Messenger? I haven’t – dozens of times I’ve seen my friends’ accounts taken over, where someone posted various things on their wall. He can have access to the messenger in exactly the same way. You’ve probably heard about scams “on the grandson” – when someone impersonated our contact, he asked for the transfer of PLN 200 to the account, after which it turned out that we were talking not with the right person but someone who “stole” her identity. Do you know what the Facebook API looks like? The more you pay as a cooperator, the more information about users you get. Interestingly, they agree to it.
You probably had to send the file to your contractor, partner, co-worker, customer, supplier. What you do – usually you use e-mail and send such a file. Of course, you can compress the file using ZIP and password protect it, then send the password SMS. But … breaking such a security is as easy as opening a VW Golf II lock, and texting is also not a secure form of communication.
How big is it? You probably use super-dangerous solutions in the form of wetransfer or Google Drive and send a link to the resource by email to your partner. However, we never know if only he has access to the inbox and whether he is him. And the file itself can be accessed by anyone with a link to it. There are also tools available on the market with a shared private key, supposedly guaranteeing 100% security – but unfortunately after capturing the link we are able to read the encrypted.
Cypherdog is the answer to all these problems – it contains four functionalities – it allows you to send encrypted files of any size, local encryption of files and folders, encrypted synchronized cloud storage and a secure text and voice messenger.
What does this solution consist of? From the FX application to send and receive files working on a personal computer (notebook or desctop) connected to a communicator working under Windows, Linux or iOS. In addition, we have a mobile messenger that is available in both Android and iOS.
How data is secured against interception – of course, end-to-end encryption, 3072 asymmetrical bits, AES-256 symmetrical. The US NSA believes that by 2030 no supercomputer will be able to crack the 3072-bit public key encryption. One of the most important security guarantees of the solution is the lack of a “trusted third party” (Google, Microsoft, Facebook or teleoperator, or a security certificate issuer).
Of course, Cypherdog itself does not have access to the data that is being transferred. There is no sending of the phone book and users’ personal data to the server. An interesting fact is the use of blockchain technology to store public keys, so they are not stored in the “traditional” database structure but the public keys are encrypted and are located in distributed data blocks. Identity authorization looks very interesting: key generation methodology and physical meeting – data exchange via Bluetooth or NFC.
Another issue is the lack of authorization by SMS or email, the lack of “remind” / “reset” password. Usually, thanks to this option, hackers take control of the application’s account. How to do it – using a “swapped” page, pretending to be the original. The unaware user then provides his identification data and no more is needed.
In the communicator, the history of conversations is deleted (after a specified time, after closing the session, after the screen is blank) and in case of no message reception. The content of conversations is not saved in the device’s memory, the content of conversations on server disks is only in the main memory.
The applied solution ensures that it is not possible to check the IP of conversation pages. Security is guaranteed by storing the private key only on the user’s workstation or telephone (and what is important – the private key is not shared, half of which becomes actually public as in the competition solution). The file reading function is only available by the private key holder (you can not share access, passwords, etc.).
Interestingly, decrypting and reading the sent message is completely free, the user receiving the information uses a free license. The license becomes payable only when we want to encrypt the file.
Where can Cypherdog be used? I will name a few applications. For example, as a tool for sending invoices in place of emails with an invoice attached in PDF to your customers. Certainly you have heard the history of even LOT or one of the defense companies in Poland, where payment (respectively 2.6 MLN PLN and over 4MLN) was made to the thief’s account on the basis of an e-mail with a changed account number, either in the post message itself or based on an invoice with a swapped account inside the document.
A tool for conducting correspondence related to the project offer, in which representatives of the company, law firm or bank participate. When it comes to millions of zlotys, information on the activities of competitors is very valuable and certainly getting to information about the details of the offer allows you to properly adapt to customer requirements.
Medicine – to date, most diagnostic stations forward test results in an electronic version as pdf attachments or as a link to a repository of documents located on the server of this institution. Data with research results, medical records, information about paternity are quite a valuable acquisition, for example, for journalists or political opponents who can compromise whether it is a politician or a celebrity.
Banking and finance – often a company is obliged to send financial documents related to its organization – whether to obtain a trade credit or as a public company is obliged to publish financial results on time. Such important data should not be in the wrong hands, in particular in the case of listed companies, where information about financial results that have appeared earlier can be the basis for imposing a penalty for a joint-stock company, not to mention the possibility of manipulating the exchange rate or “appropriate” investors’ involvement .
Author: Przemysław Kucharzewski