We tend to communicate through the easiest solutions available to us, but those solutions are not often secure enough to transmit sensitive or classified information (health data, confidential company data, personal identification number). There’s no widely adopted secure way to confirm identity of the other party when you must communicate through multiple channels (ie. email and instant messengers).
Most people don’t have time or want to add and learn to use yet another messaging application on their devices. To address this we embrace existing communications apps like Whatsapp, Telegram, email and provide an easy way to secure any communications that is transmitted over them.
We aim to provide Companies and governments solution which can achieve needed compliance level. Transparent solution that can be easily audited and trusted is needed. Previous our Signet app has used short range Bluetooth communications for exchanging cryptographic keys and forming trust relationships between correspondents. You can use the Signet app to encrypt and decrypt any type of content to your trusted contacts and share the encrypted files over any other messaging service to the intended recipient. Signet has zero external dependencies or infrastructure needed for it to function. The only thing needed is the mobile client for both parties.
In this hackathon, to make all this help with remote work and under social distancing, we built a feature to allow creating of trust relationships over ordinary video conferences by using the phone screen and the front facing camera as a data link between the devices.
How we built it
It is an Android mobile app written in Kotlin language. It uses industry standard Elliptic Curve and RSA cryptographic primitives and utilizes Android phones’ secure hardware keystore for keeping keys safe. Exchanging keys will be made possible over a video call by showing the mobile phones’ screens on both ends while the app shows QR codes which the mobile phone on the other end of the video call interprets. When key exchange is done, the app can be used to write messages, take pictures, record audio or encrypt files and then share the encrypted and signed information over messenger apps, file sharing services or email.
Challenges we ran into
While building the original version of the Signet app, our biggest challenge was to make it easy to use and understand by an average mobile user. We wanted to design an app that had zero infrastructure components needed for operation, and where the cryptographic secrets would be secured in the best possible way on both Android and iOS platforms.
We settled for using Bluetooth for creating the trust relationships as person to person meetings are after all the way we as humans naturally form trust relationships to each other. We wanted to follow this logic and avoid all oddities of remote key management and also hierarchies that do not follow this natural way as people establish trust to each other.
Corona, however, posed an unique challenge to us. We’re now living in a world where face to face meetings got replaced by Facetime, Zoom and many other means of showing our face in digital form to our new prospective business partners and contractors. In this world right now it is nearly impossible to meet every person you’ll need to deliver classified information to, thus deprecating our original line of thought with using short range Bluetooth for adding contacts.
Accomplishments that we're proud of
We are proud of being able to offer a tool that gives people freedom to choose the underlying messaging service or ecosystem while still preserving privacy and confidence in the communication. We’re probably the first ever security application that has hardware based key primitives in use on both Android and iOS platforms in a compatible way. We designed our cryptosystem to account for known weaknesses while using 100% standard cryptographic primitives to do so. We designed our cryptosystem to be easily extensible, to allow us to add quantum proof primitives whenever the new standards are out.
We are also very proud to be a team who can run into impossible problems and challenges only to adapt and overcome them while always learning new things in the process.