- How does Cryptify prevent wiretapping?
Cryptify comibines state-of-art mobile communication technology such as MIKEY-SAKKE alrogithms for key exchange and Advance Encryption Standard (AES) for media encryption.
- What makes a solution secure?
From a cryptographic point of view, there are two fundamental parameters determining the security of a solution.
- The algorithm by which the traffic is encrypted, i.e. that a well proven algorithms with sufficient key lengths is used.
- How the keys are handled, i.e. how are they generated, and who have access to them.
In other words, if you want to prevent wiretapping you will need to be in control of your keys..
The traditional method to design a security system is to let a centrally located Key Management Server generate session keys and assure the authenticity of the parties. One drawback with this architecture is that sensitive data is stored on the Key Management Server, thus exposing the sensitive data to Internet.
Another alternative has been to apply a more distributed architecture without any assistance from a centrally located Key Management Server. One drawback with such architecture is that, while the key generation and exchange can be handled by peer-to-peer protocols, such as Diffie-Hellman, the authentication is left to the users themselves to assure, which creates a huge security risk.
By using MIKEY-SAKKE architecture with an off-line Key Management Server, it is possible to combine the best of two worlds; the authentication is assured by the system and complex IT environments is avoided.