Author: armour

What limits does yours have?

When it comes to secure comms apps, group messaging is often taken as a given, expected.  However, sending everyone in a group the same message simultaneously it isn’t quite as straight forward as it sounds.  It all depends on how the messages are handled.  Some apps send messages from the client to every user in the group, and obviously the more members in the group, the more messages that need to be sent.  As the client is required to process each of these messages and any attachments (including any encryption) this can cause issues resulting in practical limits on the numbers in a group.

Alternatively, a single message can be sent to a messaging server, which then replicates the messages to the entire group. This is a far more scalable method, where the server is doing the hard work and the size of a group becomes almost unlimited. This has been achieved in Armour Mobile by extending our encryption capability, drawing on 3GPP standards.

So if your organisation needs to communicate securely within groups, sending bulk messages and attachments efficiently, without limits on the number of recipients, we have the solution for you.

For more information contact us via:

Email: sales@armourcomms.com

Tele: +44 (0)20 36 37 38 01

Do we need yet another wake-up call regarding keeping our data safe?  The latest scandal involving Cambridge Analytica’s mining of Facebook profiles, which has been running for a few weeks now and shows no signs of abating, is a sign of rising public consciousness that personal data is important, it is valuable. The case highlights just how social media companies seem to please themselves when it comes to who has access to what.  At the very least, social media companies take a commercial view which is in their own interests and not in the interests of their customers/users – and who can blame them – it’s how they make a profit.

While those that need to have sensitive and/or commercial communications probably won’t be using Facebook to do so, they might be using consumer grade apps such as WhatsApp (owned by Facebook) or others.  The messages sent on these services are encrypted, but, as we’ve said before, the associated metadata still gives away a lot of valuable information.  To illustrate this point, by profiling the metadata associated with a conversation between two people, it is possible to identify who is the most important, ie. Boss and sub-ordinate, simply based on the frequency, length, number and response times of replies. Using these techniques it is possible to map a whole organisation!

This is a timely reminder that if you’d rather keep your sensitive communications private you need to be aware of where your metadata is held and who might have access to it. Relying on social media companies that makes their money through third parties advertising to the user base, is never going to be good for users – it is the price you pay for a ‘free’ service.

Services provided by security vendors don’t rely on selling advertising to make a profit, they are in business to protect their customer’s data, and their reputation lives or dies by their ability to do so.  Something worth remembering next time you need to send a work/business related communication.

We are all looking to do more, be more productive, efficient and organised. With a plethora of unified communication solutions promising to boost productivity by using time in a smarter way, it’s easy to see how these applications are appealing. But are they secure?

Not all applications are created equally

We often hear of high profile security breaches and the resulting financial and reputational issues they cause. This alone should be motivation for product creators to implement adequate security controls into their solutions. However, speed to market and functionality improvements can often take precedence over security.

When purchasing a new car, we take for granted that safety features have been built in, we don’t ask whether we need to retrofit seatbelts and air bags. Car manufacturers have reinvented the way cars are designed, with passenger safety at the heart of the critical thinking design process. The net result is a product that is secure by design with features that work in unison.

Education not blame

Too often employees are cited as the ‘weakest link’ and are blamed for being the cause of security incidents. In reality, these incidents are often caused by users just trying to get their work done, but in the face of complex and poorly designed applications, they are being put in the position of understanding and making complex security decisions beyond their realm of expertise. Secure communications should be just that, secure by default. Security should be there without the user having to think about it, they are not the experts and we should not expect them to make decisions like one.

For example, a secure messaging application might be required to block pasting text out of the app and perhaps even pasting in. However, from a usability point of view, if the message is a phone number or email address, the user probably wants to be able to paste that across into their dialler or email app, rather than having to retype it. Security and usability have to be carefully balanced.

Businesses need to ensure their employees have the right tools required to carry out the job. If users need to have conversations where the content must remain confidential, then organisations need to provide the appropriate solution that enables this transparently. Which means by default removing burden from the user and ensuring that information is not put at risk.

The way forward

It’s time to stop apportioning blame and seeking to ‘fix the user’ but instead design technology to fit the business process and how people behave, rather than asking employees to adjust themselves.

Users shouldn’t have to be security experts and bear the burden of using solutions where security has been bolted on as an after thought. Employees should take security seriously and be an educated user – but they shouldn’t need cyber security credentials to do their day job.

Choosing a secure communications solution such as an Armour product is a positive way to address this issue. Armour Mobile solutions are cost-effective, easy to use with technology that is always designed to be government-grade level secure – proven assurance to our customers that we take security seriously.

It’s time for the tech industry as a whole to step up and start thinking about the needs of the user and not hiding behind ‘user error’.

CallKit integrates VoIP services with other call-related apps on the Apple device, using the same native interface, making it easier for users as they use the same dialer for all calls.  However, it’s not plain sailing and CallKit does have its limitations.  Here’s our take on it…

The Good

CallKit provides a more typical Apple interface, which is great for the user experience and provides anonymity when receiving secure calls, particularly when in a public place, because all calls look the same.  It provides integration features with other types of incoming call, which means that Armour users are able to prioritise their secure calls over a standard call, and so avoid interruptions.

The Bad

Calls made with CallKit appear in the regular iOS call log, which used to be synced to iCloud.  The sync to iCloud may be turned off, but can you rely on users to remember to do that? Importantly, this means that meta data for secure calls also appears on the standard phone log – which is far from ideal.  To identify the incoming caller, their information would need to be in the Apple push, which may mean that it requires access to the secure contacts database, which could result in call details being stored outside of the secure database, all of which would contravene a CPA certified solution.  And, all of which could give away valuable metadata to an attacker.

CallKit provides the user with an incoming call interface on the lock screen, however, if your secure comms app is held behind a secure login, it may not initiate for the incoming call.

The Ugly

The user interface is limited to Apple’s standard phone app, which means that additional functionality (i.e. buttons for messaging, video and conferencing controls) can’t easily be displayed.  CallKit also has limited ability to deal with video calls, for example, video needs to be enabled at both ends for the call to take place (whereas Armour Mobile will allow one-way video calls, since this better fits with the security and usability requirements of our customers).

Users may require the ability to disable CallKit.

Our overall take on CallKit is that while it can cause more problems than it solves, it does solve some specific issues in specialist use cases, and for this reason we will be including CallKit in an upcoming version of Armour Mobile, so that our clients have the choice.

Don’t rely on the very IP channel that has just been hacked, because your adversaries will be monitoring it!

If (when!) your organisation succumbs to a cyber-attack, the first thing you need to think about, when assessing the situation and putting together a plan for recovery and future mitigation, is exactly how you are going to communicate.  Whether it is the IT department discussing the technicalities, or communicating with senior managers and the board to keep them abreast of events, the last thing you should do is use the very platform that has just been compromised, ie, your corporate network.

In layman’s terms, if your email has been hacked, sending an email to your friends asking for help is nonsensical – your email alerts the hackers to the fact you’ve detected their presence.  And, you can’t tell if any of the responses are genuinely from your friends or from the hackers messing with you.

It is very common when hackers have compromised a system for them to watch carefully for the responses from any IT resources that are tasked with countering their attack. Typically this includes watching and subverting any communications channels that IT may be using.  It’s not unusual for hackers to send spoof messages to try and assess just how well the IT team understands the nature of the attack, to capture new passwords or other changes to security, and prevent key messages from being delivered.

During the initial investigation phase of a cyber attack it is difficult to know what systems have been compromised, so it is best not to rely on any of them, if possible.

By protecting the communications of the IT and digital forensics team, you are blocking a very useful source of information from being intercepted or modified by the hackers. In addition, by using a secure communications platform, such as Armour Mobile, and having the secure comms hosted by a third party, you are further isolating the IT team’s comms from the potentially compromised systems that they are trying to recover.

For third party ‘blue teams’ brought in to handle such hacking situations it makes perfect sense for them to bring their own secure comms solution with them – and this is a question that you should be asking any would-be supplier when tendering for such services.

Armour is now working with a number of organisations that can provide specialist technical consultancy and cyber advisory services, from penetration testing and assurance, to incident management and response, and technical security research.

The privacy of calls, messages and emails has been a media focus in recent months with enterprises and governments around the world seeking better protection from hackers and illegal surveillance. Enterprise digital data represents an economic asset and whilst perfect security isn’t possible, there are steps that organisations can take to protect their mobile communications.

 

Securing mobile communications

When looking at securing mobile communications, be it voice or data, it is important for any solution to deliver three  key outcomes. The first is confidentiality, i.e. ensuring no unauthorised person or machine can access the content of any data exchange  The second is integrity, ensuring that information, messages, attachments have not been tampered with; and third is authentication of identity, i.e. ensuring that the parties exchanging data – whether persons or machines – are doing so with the individual or the machine with which they believe they are exchanging data.

 

Protecting data confidentiality 

Encryption of data passed between two parties requires an encryption key. However, the challenging part of a cryptographic protocol is deciding on a key to use for encrypting a particular set of data (for example, a voice call between two users). One method is called asymmetric cryptography, also known as public key cryptography: this uses the concept of a public and private key pair, encrypting the data with the public key, such that only the owner of the private key can decrypt it (thus also proving the recipient’s identity if they are the only holder of that private key). Each user’s application holds a private key within it which remains secret whilst their public key is made available to any other users who wish to encrypt a call or message to them.

However, there are disadvantages with typical implementations of  public key cryptography in that it is cumbersome to scale in large organisations as public keys need to be distributed to all the users before encrypted communications can take place. To ease administration, organisations can use a central trusted server to store the public keys and users can then ‘look-up’ the public key of another user whenever needed. However, this requires the server to be always available 24×7 and fully secure, so no one can maliciously insert fraudulent keys.

Alternatives include one-time asymmetric encryption also known as ephemeral Diffie-Hellman. This method establishes a one-time key between two users; however, a disadvantage of this method is that it doesn’t prove the other user’s identity (so could be spoofed by a malicious hacker posing as the recipient, or acting as a man-in-the-middle between the two users) and is therefore reliant on another layer of complexity to prove authenticity of the end points.

 

MIKEY-SAKKE protocol – Secure multimedia communications

Secure communications are needed across government and within many industries; to this end the UK government has a policy of encouraging the development of security solutions. MIKEY-SAKKE was defined in 2012 by the UK’s National Technical Authority for Information and Assurance (CESG) – now the National Cyber Security Centre (NCSC) – using recognised Internet standards (e.g. RFC6809).

The MIKEY-SAKKE protocol uses identity-based cryptography and is designed to enable secure, cross-platform communications by identifying and authenticating the end points. It is an efficient and effective protocol for building a wide range of secure multimedia services for government and enterprise organisations.

 

Identity-based encryption

Identity-based encryption uses the publicly known identity of the communicating parties to determine the encryption keys to use. For example, a trusted domain manager provides a domain certificate giving any user the ability to take an input ‘identity’ and create a public key to encrypt data to the user with that unique ‘identity’. The identity could be a phone number, email address or other similar identifier.

This identity needs to be centrally verified, so that everyone in the system knows the identity is associated with a particular user. Using an existing unique identity (such as a mobile phone number) provides a ready source for these identities. The recipient, provisioned with the private key for their unique identity, can then decrypt the calls and message sent to their identity. As a result, anyone can securely communicate with any user in the domain without having to individually exchange any prior information between the users.

 

Scalable, flexible and complete control

Armour’s identity-based encryption solution delivers the flexibility, convenience and security required in today’s world of modern communications. As secure registration is established using only a single message, the Armour identity-based encryption solution is highly scalable and flexible.

It supports both real-time communications such as one-to-one and conference calls (both voice and video), and deferred delivery such as messaging and voicemail. It is designed to be centrally-managed, providing domain managers with full control of the security of the system whilst maintaining high availability.

Features of the Armour solution include the ability to build a validity period into the user identity. This is ideal for organisations that may regularly employee contractors or utilise third parties.  Encryption keys can be generated for a limited period of a month, week or even just minutes. After the time has lapsed the key is rendered inactive and a new key would need to be generated. This reduces the risk of keys remaining valid after a team member leaves (or a mobile device is lost or stolen), reducing the risk of accidental data loss.

 

A new approach

Securing modern methods of communication requires a new approach. Various forms of public key infrastructure have attempted to provide usable and scalable, client-to-client security. However, processes have often been cumbersome and the driving factor behind frustrated users adopting less than secure practices in order to ‘get their job done’, thus creating a weak link in the security chain. Identity-based encryption avoids having to tie a user to a hard-to-remember-and-identify public key, instead the user’s identity ‘becomes’ their public key.

Security should not be seen as a hindrance but as a significant component of the overall culture of an organisation and as a business enabler that can allow innovation by supporting modern working practices.

 

For more information about MIKEY-SAKKE visit:  https://www.ncsc.gov.uk/articles/using-mikey-sakke-building-secure-multimedia-services