EncroChatSure.com . . . Better Sure than sorry! EncroChat® · EncroChat® Messaging Protocol vs...

EncroChatSure.com . . . Better Sure than sorry!

1


EncroChat® Reference & Features Guide

EncroChatSure.com


2


EncroChat® - Feature List


3


EncroChat® - The Basics

Question:

What are the problems associated with disposable phones which look like a cheap and perfect solution because of a number of free Instant Messaging (IM) apps with built-in encryption?

Answer: Let us point to the Shamir Law which states that the Crypto is not penetrated, but bypassed. At present, the applications available on play store and Apple App store for Instant Messaging (IM) crypto are decent if speaking cryptographically. The problem with these applications is that they run on a network platform which is quite vulnerable. The applications builders usually compromise on the security issues in order to make their application popular. All these applications are software solutions and the software’s usually work with other software’s. For instance, if one installs these applications then the installed software interfere with the hardware system, the network connected to and the operating system of the device. In order to protect the privacy of the individual, it is important to come up with a complete solution rather than a part solution. Generally, the IM applications security implementations are very devastating for the end user because the user usually ignores the surface attacks of the system and the security flaws. When the user looks in the account, they usually find that the product is nothing but a security flaw. Individuals need to remove all things in order to determine the actual expectation from the product. For instance, the hardware like GPS and microphones should be removed. Web browsers, internet explorer, blue tooth capabilities, and SMS platform usually affect the privacy and facilitate Trojans and malware in the device. Antivirus software could however be used to resist the attacks from the malware and protect the system and operating system both. Additional measures to protect the device include using encryption; USB debugging and using secure data wipe capabilities. The verification of the user is the most neglected area in the most of the application; however, it is a very important component in communication security. Through verification, it becomes easier to determine whom one is talking to and the chances of attacks become almost negligible. Additionally, this way the attacks severity also reduces manifold. Furthermore, the individuals who promote these products should also be trustworthy. In simple words, if the promoter is trustworthy, the likelihood that the application will be trustworthy becomes high automatically. Do you feel that your interests in privacy are being served when ex-Navy seals (hello, Silent Circle) or the former CEO of IN-Q-TEL an investment arm of CIA (hello, Wickr), and other prominent former members of US government have managed to secure seats on these corporate boards with large investments? Good cryptography is only a part of the security system and not just the whole game.


4


EncroChat® Messaging Protocol vs Off-The-Record Messaging Protocol

OTR Version 3.0 The term OTR stands for ‘’Off the Record Messaging’’. It is nothing but a protocol for cryptography that is used for encrypting instant messages. It comprises of AES symmetric key algorithm, SHA-1 has function and the Diffie Hellman key exchange. Key Exchange:

Diffie-Hellman Group 5 (1536 bit key) Through this method, both parties share a key through the channel of communication. These parties have no knowledge about each other. The key is used for encryptions. The key idea is here is that Bob and Alice indulge in key exchange and then the authentication is done in the communication channel.

Cipher:

AES 128 cipher in CTR mode symmetrical key cipher Public Key:

DSA 1024 This is the usual key for authentication only and not for encryption purpose.

MAC: SHA-1:

The message is authenticated via code which ensures integrity of the message. Verification:

This is done manually or via Socialist Millionaires' Protocol (SMP)

EncroChat® Messaging Protocol This protocol provides end to end encryption to users. It includes forward and future secrecy properties. It also has deniability guarantees. Through this protocol, we ensure that the end user does not face problems related to encryption. Key Exchange: Elliptical Curve Diffie-Hellman Ephemeral (ECDHE) 25519 (http://safecurves.cr.yp.to/) Cipher: AES 256 cipher in CTR mode MAC: HMAC-SHA256 Verification: Performed manually or through Notaries


5


EncroChat® - Welcome to the Evolution of Data Privacy

The term PGP stands for the ‘’Pretty Good Privacy’’. This is nothing but an encryption tool used for decades in order to protect data. The tool like its name is actually pretty good. However, there are certain drawbacks of the tool as well.

One key / Non-Reputability: For instance, is an encryption key but the limitation is that each user can have one key only. It becomes more problematic if the private key is hacked or exposed, then the attacker can retrieve all messages using that key. Hence, this is a huge limitation. In addition to that, the sender identity and ownership can be checked through the sent message because each message is signed with the user private key. The receiver holds the responsibility for the sender privacy. The receiver usually denies any conversation with the sender when they are having a private conversation so that both remain safe and sound.

It is the requirement of the system that the user should have one public key in order to communicate privately so that they remain safe. Through this public key, both parties can authenticate each other. In addition to that, this key is of no importance if two people are discussing encryption protocol like PGP. As per the developer view at EncroChat, the problem of encryption is in implementation and not in the development phase.

As per the Shamir Law, the attacker simply bypasses the cryptography. Additionally, the hackers of the modern day software usually penetrate the system through the cryptanalysis. However, there are other simpler ways to attack and break the system as well. Why users should use EncroChat®? The best thing EncroChat® is that it is equipped with all the security measures. It does not protect partial security rather it is an end to end security system. Being a software system, this software interacts with the other software applications, the network of the system and the operating system. The system is very much useful and the developers ensured that the system integrity is the primary responsibility. For this purpose, the developers ensured that the software is capable of securing the hardware, the operating system, the software applications, the data transit, and the servers. The developers also know that they must secure these aspects in order to satisfy the customers. The end-to-end encryption security mechanism is the unique selling preposition of the system.


6


EncroChat® protects conversations with the following four Tenets:

1. Perfect forward secrecy: a different set of keys is used to encrypt each message session. In addition to that, if there is a repetition of the key then the previous message is not replaced with the new message.

2. Repudiable authentication: there is no digital signature that can be misused by the third party but the party remains assured as to whom they are talking to. Therefore, it works two ways.

3. Deniability: once the conversation is over, it may be possible that the message may be forged by the third party but during conversation, it cannot happen. Everything is done in the real time.

4. Encryption strength: as compared to the algorithms employed by the PGP, the EncroChat® is stronger. Different families of mathematics are used to develop this strong algorithm so that there is no mismanagement and the encryption algorithm remains unsolved.


7


EncroChat® Features

There are different features of EncroChat®. The following are the main features

1. Advanced Off-The-Record (OTR) Protocol: This is equal to the conversation between two individuals. This protocol offered by us is very different and useful as compared to the competitors. We offer future secrecy to the client so that they remain satisfied.

2. Guarantee Anonymity: There is no method to associate any device or sim card to the customer account.

3. Virtual private network: When the data is transferred to offshore data-center, then the user traffic is verified and encrypted to protect the customer data.

4. Customized Android Platform: The data starts to be encrypted once the power is on. The focus is on user privacy. The settings are user friendly.

5. Industry Leading Hardware: The goal of the product is to maintain security. The product is customized in order to improve security. The camera, microphone, and GPS could be removed for better security.

6. Global service: The product is global and more than 120 countries Sims are protected. Additionally, Quad-band GSM, UMTS and CDMA are also supported.

7. Self-destructive message: The user has the option to delete their message from other user device due to our advance burn function. This is done by a timer count down.

8. Panic wipe: The device data can wipe off from a screen lock by typing in the secret PIN.

9. Password wipe: In case the password is entered wrongly several times, all data is wiped off.

10. Simple verification of contacts: The Notary verification process facilitates end user encryption


8


11. Tamper proofing: The product attached ADB connectivity

12. Secure Boot: When the device is booted, the system checks internally in case if there is a tampering in the device. If found any tampering, then the device becomes locked.

13. Updates: The system regularly updates itself from the EncroChat® site.

The goal of EncroChat® is to simplify the process of encryption for the end user. Once the power is on, the device starts to be encrypted. The clients have the facility to negotiate the keys as per their convenience. Additionally, the client can trust on the server as the server does not store or read the user data. Everything is protected and safe and sound.


9


EncroTalk®

Voice over IP is usually used these days by most of the telecommunication applications. The Real time transfer protocol is also used in telecommunication over the internet. The VoIP/RTP has replaced the traditional analog telephones too. It is age of digital technology and the telecommunication technology uses that technology too. Through VoIP/RTP, the quality of conversation has become clear and quick. The traditional telephones these days usually are still not very clear as compared to VoIP/RTP. The conversations become secure and protected only the protocol used is safe and implemented properly. Through EncroTalk®, the ZRTP protocol is used to encrypt all conversations and the data is transmitted through close loop network. The subscribers cannot call for pizza but all subscribers on EncroTalk® system can be reached easily. Our company uses VoIP switches based on Malaysia, Netherland, Canada, and Romania. Every user of the system can invite others on the network and can contact them irrespective of the residence of the user. Most of our customers are located worldwide. However, mostly they reside in China and Australia. These users can easily communicate with users in South America and Canada through EncroChat®. The voice quality is very clear. The Meta data is first obfuscated in our system in order to protect the users. The VoIP switches then encrypt the call setup and thus the users cannot trace each other at any cost. Additionally, the VoIP is like a transmitter that transmits data from one place to other using complex mathematical algorithms. One the keys are negotiated by the users, the system uses the audio channel to compare data and protect the system from the attacks of Man-in-the-Middle (MitM). This way the whole process becomes safe. In case there is any detection of attack or fraud, the system determines it and ensures the integrity of the system. Additionally, the users of the EncroTalk® application usually negotiate keys on its own so that no one else knows the keys and the system remain encrypted from end to end. Furthermore, the ZRTP implementation does not store the keys in the memory. The memory becomes clear soon after the process comes to end so that there is no problem in the system and the user privacy could be maintained. A Retained Secret (RS) code is saved on each device after the first call between two users of EncroTalk® and after this on every future call; the code detects any attacks and warns the users. Additionally, a perfect forward secrecy (PFS) code is also employed which supports the call integrity and destroys the meaning keys after the call is ended.


10


1. Registration

2. Key Exchange

3. Key Management (axolotol ratchet)

A new encryption key is generated for next message

after every sent and received encrypted message. Old

encryption keys becomes obsolete immediately and are

discarded.

4. 4. Stateful Authenticated Encryption

From key management, encrypted message is generated

by using ephemeral AES 256 cipher in CTR mode.

HMACSHA 256 guarantees integrity and authenticity.

5. Verification – Manual or Notary

From key management, encrypted message is generated

by using ephemeral AES 256 cipher in CTR mode.

HMACSHA 256 guarantees integrity and authenticity.

Shared Secret Triple Elliptic Curve Diffie-Hellman Ephemeral 25519 (ECDH)

key exchange. Provides both forward and future secrecy


11


Bob receives subscription request and accepts it

from Alice

Bob receives subscription request and

accepts it from Eve

Bob and Alice verify security fingerprints manually using a secure

secondary channel like VOIP or in person

Bob and Eve verify security fingerprints manually using a secure secondary channel like VOIP or in person

Verified & Notary

Bob Alice

Bob Eve

Alice Bob

Subscription request

Subscription request


12


Verified & Notary

Eve Bob


13


Bob is a notary for Alice and Eve. Both are verified on his contact list

Eve sends subscription request to Alice who accepts. Both users add

each other to their respective contact lists

unverified

Contact list

Alice

Eve

Contact list

Bob

Alice

Contact list

Bob

Eve

Bob

Alice Eve

Alice is a notary for Bob. He is verified

on her list.

Eve is a notary for Bob. He is verified

on her list.

Subscription Request & Accepted


14


Bob

Eve Alice

Contact list

Bob

Eve

Contact list

Bob

Alice

1. Alice requests notarization for Bob and Eve

2. Bob forwards notary request to Eve

3. Eve verifies security fingerprints

and responds to Bob

4. Bob relays back to Alice

Contact list

Alice

Eve


15


Dave manually verifies and becomes a

notary with Eve. Dave then sends a

subscription request to Alice, who

accepts.

He is now automatically verified with Alice

because of his notary status with Eve.

Bob sets up five EncroChat® devices for his

people and manually verifies each one and

becomes a notary.

All the users notarized on his list can send

subscription requests to each other and,

after acceptance, be automatically verified

without having to use a secondary secure

channel like VOIP or physically meet.

This greatly simplifies the verification

process.

Dave sends a subscription request to

Sandy, who accepts. They are NOT

verified as there is no notary in common

with their contact lists. They will have to

manually verify to assure identity.

Bob

Dave

Contact list

Alice

Eve

Doris

Beth

Sandy

Contact list

Eve

Alice

Sandy

Contact list

Bob

Alice

Beth

Dave

Contact list

Bob

Eve

Doris

Beth

Contact list

Bob

Alice

Contact list

Bob

Eve

Alice

Sandy

Contact list

Bob

Beth

Dave


16


EncroChat® - Wi-Fi versus Cellular Network

Before we start, we fully encrypt your communications one after the other within our applications named as Elliptical Curve Diffie-Hellman Ephemeral (ECDHE) by using 25519 curve with AES 256 cipher in CTR mode and also HMAC-SHA256, that helps in protecting both kinds of networks from the eavesdroppers. By deploying X.509 certificates in combination with Transport Layer Security (TLS) protocol (both on our clients and servers), EncroChat® platform is protected proving that the services which our clients are connecting to, are what they intend to be thus, giving a protection from tampering and eavesdropping. For validation of our X.509 certificates, we don’t rely on any third party Certificate Authority (CA) because EncroChat® is its own CA, giving no chance to outsider corruption of the certificate process. In addition, in our EncroChat® and EncroTalk®, one can individually verify the distant user communication without man-in-the-middle (MITM) lowering the attack chances even more. We don’t doubt the reliance on Wi-Fi and cellular network method. However, there are benefits in using one network over the other in view of tracking like:

1) Less power is consumed in Wi-Fi modem as compared to the cellular ones, hence, less range (Smartphone: 32mW (15dBm), Range=100M, Cellular modem: 200mW, Range=35kms). Tracking becomes more difficult with Wi-Fi because of weaker signals.

2) Wi-Fi and cellular modems both transmit unique identifiers to their particular networks. Wi-Fi conveys MAC address to Wi-Fi router whereas; the cellular modem transmits IMSI and IMEI to the cellular tower. IMEI can’t be legally changed and it is ‘burned’ to the phone making tracking more easy and with Wi-Fi, MAC address could be changed thus making the person invisible.

3) Cellular networks are homogenous (Licensed and controlled by government and are required to give information as well) whereas, Wi-Fi are heterogeneous (being mixture of various devices requiring no licensing).

4) Wi-Fi devices are given private IP addresses and when communicating with internet, are connected to a single public IP address. Tracer will only trace back to the Wi-Fi router making it difficult to specifically locate the exact device. Conversely, each client is given a specific IP address in cellular networks making tracking of geographical location easier (IP address is linked to IMEI and IMSI).

5) Generally, Wi-Fi routers use WPA2 for encryption (Wi-Fi Protected Access II) that has its own security for the data transmission. On the other hand, even the largest SIM card manufacturer by British and US secret agencies and everything was accessible to them from at least 2010 (https://firstlook.org/theintercept/2015/02/19/great-sim-heist/).

https://firstlook.org/theintercept/2015/02/19/great-sim-heist/


17


Silent Circle Critique

Shamir’s Law:

Adi Shamir stated that: Crypto is not penetrated but is bypassed. Cryptography, however, is typically bypassed. No major world-class security system is employing cryptography in which the hackers penetrate the system by actually going through the cryptanalysis… typically, penetrating the security system involves simpler ways.

Silent Circle, in the past, has deliberately encouraged weak security solutions offerings. Their email platform had to be erased and shut down without notifying their customers because they feared US government would take encryption master key decrypting their customer email. Phil Zimmermann said that it was possible for them to see the data regarding the email (who it’s to/from, date, subject line etc) and ask them to decrypt it.

In their Compliance and Law section, Silent Circle has unclear wordings by stating that their service doesn’t have any link with the government.

For security, Silent Circle offers the New Blackphone (by combining hardware, software communication and operating system) to their customers by mentioning that security should be a solution rather than a software application. Yet, upon examination, this implementation has serious issues:

1) Upon an error in the communication, user becomes exposed because there is one-line defense plan and no additional protection method (Like tunneling the data through encrypted channel). Experienced coders have already found issues present in it.

2) By connecting user directly to the internet is like providing a hostile environment. The protection that they are providing can be easily defeated, turned off by user and removed as well and it provides a small shielding.

3) Through Internet browser, users connect to websites which in return increases the possibility of Trojan/malware invasions and risking the privacy of communications.

4) Its preliminary environment has modifications in which software’s like Google Play store has been removed but it could be added back by the users back to the phone. This might be risky for the Blackphone in terms of increasing the hacker attack and reducing the security. Furthermore, by not truly removing and only disabling the actual code for harmful utilities, system


18


applications can result in getting hacked which is also demonstrated by a security researcher at Blackhat conference (http://www.theregister.co.uk/2014/08/11/blackphone_rooted_at_blackhat/)

5) One can disable GPS (which is enabled by default) with a software switch which could also be re-enabled without having the user getting noticed about it. This would also make an outsider know about the user’s location as well.

6) Another factor is that the camera is also enabled and a compromised phone could be used for taking the photos and video recording and the data could be received. So, as a result, the outbound traffic in the form of Trojans and malware is not stopped, and the compromised device would be used to transmit/collect personal data and to control the servers on the internet.

7) Hackers could easily infect the phone and get direct access to it because of the Micro-SD slot is included in it.

8) The Blackphone usage would still allow an individual to be accessed by the authorities (physical location, time, voice and text etcetera)

9) Blackphone users could still make unencrypted phone calls to other users who are using other networks and users could easily be mistaken.

Not similar to the PGP protocol model (in which messages are encrypted the similar public key), Silent Circle makes use of SCIMP protocol (A derivative of the “OTR-Off the Record protocol for text communications). OTR, for every session, uses ephemeral key exchanges. This is the significant characteristic of today’s modern secure protocol otherwise, comparatively; other network adversary keep records which could be later on decrypted and later on compromised. And though the ephemeral key exchangers, recorded ciphertext would remain private (Keys are only ephemerally in the memory for short spam). Mostly, the execution of this kind of protocol is more about lowering the risks of impacts of key compromises. On the one hand, SCIMP has outstanding secrecy features but on the other, has poor future-secrecy features. In summary, the compromise on key could deeply have an impact on compromising the future messages (no impact on the past messages).

Silent Circle servers (to which all the users would be connecting with) themselves are susceptible to be uncovered on the internet and hackers could also easily investigate

http://www.theregister.co.uk/2014/08/11/blackphone_rooted_at_blackhat/

http://www.theregister.co.uk/2014/08/11/blackphone_rooted_at_blackhat/


19


and look into these servers for a weak link. If they succeed in doing so, they are able to

attack it from any possible direction and gaining a pathway to the conversations.

Last of all, Silent Circle is assembled by the ex-government team of the United States and the information could be easily used by them for the government benefits against individuals. They could easily do that by sending an application updating request and one would not even know about the occurrence of the event. In the past, there had been cases of such nature in which users private communications were compromised (HushMail).


20


Is SkySecure a Secure Product or Hype?

SkySecure makes it possible to create a “3-layered private” security in their product. They have basically added ECC (elliptic curve cryptography) around PGP encryption. This ECC may not be secure in itself but depending on Sahmir’s Law in which it is mentioned that ‘Crypto is not penetrated, it is bypassed’.

However, SkySecure product still experiences the similar limitations that the PGP protocol also undergoes though. The user still has one key and if the private key is compromised, all the future and past messages are also uncovered. Sender’s digital identity could be exposed because every message is marked with the private key and the authorship of the device could also be uncovered. We want to deny the ownership of the messages being sent but also want to be assured who we’re talking to. The dominant negative feature of SkySecure is that one has complete non-reputability.

Skyware has also moved forward to release an application that has been installed on a Blackberry device. While discussing the privacy of communication, one has to present a complete picture of the solution. We think that SkySecure fails in the following state of affairs:

1) Having the web browser installed on the device, a user could have the whole system easily exposed to the other party when a suspicious website is being visited. There are things like Adobe Flash and malicious JavaScript which would appeal the user to visit the websites which might allow the invader to have an access to the private and personal data (items including contacts, messages and also the private keys). Malware could also be installed in the process as well.

2) Through the operational camera, the users’ device could be remotely controlled to get video/pictures.

3) SkySecure also mentions that the Blackberry hardware is more secure as compared to the Android hardware which could not be certainly considered factual because of the fact that the Blackberry Q10 uses Qualcomm system-on-a-chip (having integrated LTE modem) which also is responsible for creating security issues. The modem has its own running operating system (OS) which could be attacked by the attacker as a result taking hold of the personal private encryption keys not only that but also gaining access to things like GPS, camera or microphone.

4) The actual device operating system does not implement the password locking although the SkySecure application has this function. As a result, not making the actual OS to be fully encrypted and could be compromised.


21


5) The marketing notes of SkySecure mentions that they provide secure

connection with the server because authentication is required thus lowering the attack risks. But on the contrary, this is not preventing someone’s attack. It would only help in avoiding someone from manually typing the passwords and security keys and it will not be helpful if the memory is discarded.

6) SkySecure also states in their marketing notes that a fake password could be generated so that it could be given by the user to higher authorities if there is any pressure. Upon typing this fake password, all the data would be erased and the user is notified that the device has been compromised. On the other hand, this could become problematic because in Canada, the unruly demolition of the evidence is against the law. Chances are there that the higher authorities would first make a backup of the device before inquiring about the passwords and by having one dataset destroyed, the other could be used for data retrieval.


22


lt’s Time for PGP to Die

Any industry that requires having the equivalent electronic device for a regular conversation among two people in a vacant room, PGP is the incorrect protocol option in a situation like this because of the reason that it comprises of solo key pair, digital structure with no forward secrecy hence making it a poor choice for those who want to have the following requirements: to be confident in knowing the person/party one is talking to, having the conversations uninterrupted, self-assured in denying any conversations to the interested third party (any), being relaxed about the private key exposure and the message written with that particular private key. Taking the drawbacks of the original PGP protocol, in the present day’s market for PGP ‘secure’ messaging is a blending mixture of mail servers, resellers and key servers and the way of differentiating themselves from one another is to use methods like spreading rumors and interfering with the competitors by launching DDOS (distributed denial-of-service attacks) or hindering the way of communication between resellers and the users. So, in summary, it comes in the way of the customer’s communication with the party that needs to be communicated with hence, getting in the communication pathway. The resellers have devised a method to maintain the cash flow and come to look ahead to a business where they make use of the applications like BES (Rim’s Blackberry Enterprise Server), Microsoft servers, Microsoft’s Exchange Server application and Symantec’s PGP Universal Server because the PGP reseller business is quite demeaning in nature. The reseller lacks the knowledge of how these products actually work. How would the resellers know about that, since they do not have a slightest clue of what they are doing behind the curtains? It is not known whether all of these companies work with the agencies set by the government. Back in the 2009, the specialists of NSA were able to read and see the text messages from Blackberry devices. It was also being entitled in the NSA’s presentation in which they made discourse that depicted that BlackBerry’s could also be compromised. Not only that, but it also contained the Mexican government’s email image as well. Now, the resellers are trying their best to make themselves set apart in other ways. The new terminology that is being used is ECC, which is no doubt short but it does sound a bit threatening. Not to make things more certain but this ECC term is quite used by a large segment of the Internet in different communications. The term ECC stands for ‘Elliptical Curve Cryptography’, which is a branch of mathematics (comparatively new branch), that help in allowing smaller key sizes with having either the same or better strengths as compared to the larger key sizes from competing algorithms like RSA (which is a longtime PGP default). In the present day, for asymmetric encryption (This is used for creating private or public key pair), PGP is using RSA 4096 and for symmetrical encryption AES 256 is being used. One can now choose ECC instead of the RSA in the BES version 10+. The choices which the individual has for ECC


23


curves are NSA (National Security Agency) or NIST (National Institute of Standards and Technology). These are verified and confirmed to be NOT safe (http://safecurves.cr.yp.to/) Resellers are promoting a third-party client application which is supposed to run on a Blackberry device (named as the Q5 or Q10, basically same Samsung S4 hardware design and it lacks security). Not only that, but the resellers are using the similar PGP infrastructure with flaunting the ECC label. Making it even a more complex and insecure infrastructure. The internal users on a reseller offering ECC have now two different key-pairs (Private/public); the RSA one and the ECC one. An individual can’t have a communication with those who subscribe to another reseller using RCC. So, they are going to use the RSA private/public key-pair. It’s expected that both of the key-pairs are kept on sever by taking the use of one out of the two key modes (offered by the BES). It’s also possible that there is no security on the private key by the RSA key pair, meaning that BES server could be threatened by copying the keys and then use them for other purposes.

EncroChat® - What’s in the BOX?

[email protected]

http://safecurves.cr.yp.to/

EncroChatSure.com . . . Better Sure than sorry! EncroChat® · EncroChat® Messaging Protocol vs...

Documents

Transcript of EncroChatSure.com . . . Better Sure than sorry! EncroChat® · EncroChat® Messaging Protocol vs...