Slingmail International Presentation With Voice
-
Upload
slingsecure-mobile-encryption -
Category
Documents
-
view
852 -
download
1
description
Transcript of Slingmail International Presentation With Voice
1
OVERVIEW
Ø Slingmail is a service that gives you the ability to communicate with other’s in confidence. It is an encryp:on so;ware for secured Blackberry to Blackberry email messaging
Ø SlingMail has been providing this high-‐level of encryp:on for 10 years since 2002
Ø The markets covered by SlingMail to-‐date are North America, Europe, Middle East, Japan, Russia & South East Asia now
Ø SlingMail uses two levels of strong encryp:on for securing data in motion
Ø Security is further enhanced as communica:on is within a closed system, hence minimizing cyber aMacks. Data is con:nuously being purged as we don’t store data. The keys are constantly changing and servers are in a safe jurisdic:on
2
OVERVIEW
Ø The basis for all SlingMail products and solu:ons is our architecture, a plaQorm of security func:ons that combines rock solid security with the tools that organiza:ons need to maintain control over one of their most valuable resources – informa:on.
Ø SlingMail is specially developed for Influen:al World Organiza:ons, Governments, Special Forces, Defence Contractors, Research Ins:tu:ons, Telco's, Broadcas:ng, Financial Ins:tu:ons, MNC’s, High Net Worth Individuals and Celebri:es.
Ø SlingMail Voice Encryp:on on one device.
3
Global Situation (Past & Current)
4
BLACKBERRY A THREAT TO FRENCH NATIONAL SECURITY
Security By Humphrey Cheung TG Daily Thursday, June 21, 2007 10:04 Paris (France) – French government officials are ditching their Blackberry
devices for fears of American eavesdropping. A government advisory, which is being sent to all French ministries, claims that the wireless email messages can be intercepted because they pass through servers in Canada, United States and the United Kingdom. Research in MoKon adamantly assures the French that the emails are secure from everyone, even from employees at RIM. The French believe the emails could be intercepted and read by the U.S. Na:onal Security Agency, but RIM says the emails are heavily encrypted by 256-‐bit strength AES (Advanced Encryp:on Standard). The sender and receiver addresses are also encrypted. The advisory was wriMen by the French secretary-‐general for na:onal defense and first made its rounds two years ago, but has since been updated and re-‐circulated.
5
GOVT MAY GET KEYS TO YOUR BLACKBERRY MAILBOX SOON
15 May 2008, 0810 hrs IST, Rashmi Pratap, TNN The Economic Times
MUMBAI: In a major change of stance, Canada-‐based Research In Mo:on (RIM) may allow the Indian government to intercept non-‐corporate emails sent over BlackBerrys. This is expected to solve the row between the Department of Telecom (DoT) and RIM to a large extent, since the government’s security concerns pertain more to emails from individual users than enterprise customers. At the core of the issue is the data encryp:on technology used in BlackBerrys. BlackBerry uses a very high level of encryp:on — at 256 bits — while sending data. BlackBerry scrambles messages before sending and unscrambles them at the receiver’s BlackBerry. Owing to security concerns, the government wants to be able to intercept and decode the data. However, the government’s decryp:on so;ware can decode messages encrypted only up to 40 bits. India wants RIM to either hand over the decryp:on keys or reduce encryp:on to 40 bits. According to officials close to the development, Canadian High Commissioner David Malone and RIM officials met telecom secretary Siddhartha Behura on May 7 . “It was explained by RIM that it should be possible for the government to monitor emails to non-‐business enterprise customers,” sources told ET. “RIM is considering giving access to individual users’ email to the government. Details on this will be provided in two or three weeks,” sources said.
6
UAE BLACKBERRY UPDATE WAS SPYWARE
July 21, 2009 BBC Middle East Business Report, Dubai BBC World News An update for Blackberry users in the United Arab Emirates could allow unauthorized access to private informa:on and e-‐mails. The update was prompted by a text from UAE telecoms firm E:salat, sugges:ng it would
improve performance. Instead, the update resulted in crashes or dras:cally reduced baMery life. E:salat is a major telecommunica:ons firm based in the UAE, with 145,000 Blackberry users on its books. In the statement, RIM told customers that “E:salat appears to have distributed a telecommunicaKons surveillance applicaKon... Independent sources have concluded that it is possible that the installed so;ware could then enable unauthorised access to private or confiden:al informa:on stored on the user’s smartphone”.
7
Solution
Features two strong levels of encryption, purging of data, constant changing of keys,
servers in a secure environment and
a closed system 8
Features
9
10
How SlingMail Works By providing a baseline for secure informa:on sharing, SlingMail architecture was designed to protect data by ensuring confiden:ality, integrity and non-‐repudia:on. ConfidenKality -‐ SlingMail ensures the intended recipient can examine the message. Dealing with data in mo:on, privacy and confiden:ality can be assured through a process of valida:on, authoriza:on and encryp:on. Integrity -‐ ensures a message has not been tampered while in transit. One of the steps of integrity can be achieved by their own unique password to send and view messages. Another step taken to validate the integrity of an email is the use of our mathema:cal computa:on that is uniquely generated at place of origin so not one strain of data is the same. EncrypKon -‐ modifies data so that the resul:ng message can be read only with the aid of addi:onal informa:on – a key that’s obtainable only to the sender and the intended target. SlingMail supports four types of encryp:on the Advanced Encryp:on Standard (AES), 3DES encryp:on algorithms in all of its encryp:on so;ware, S/MIME (Secure/Mul:purpose Internet Mail Extensions) and our unique keys generator. The key server generates a new random key, stores it and returns a copy to the sending so;ware to use for encryp:on. When recipient receives an encrypted email, the key server is contacted to request the key. If recipient is authorized to view the intended email, the key is retrieved and the message decrypted. All of these steps ensure that a message actually came from the indicated sender and not from an imposter. The benefit is an assured level of security unparalleled in the industry.
SLINGMAIL 1ST LEVEL OF ENCRYPTION
Sender’s of Email Slingmail senders email is encrypted with 2 full levels of
AES256; ie (AES256 + AES256 = 512 bits encrypKon) 3DES & S/MIME
Ø In cryptography, the Advanced EncrypKon Standard (AES) is
an encryp:on standard adopted by the U.S. government.
Ø In June 2003, the US Government announced that AES may be used to protect classified informa:on
11
SLINGMAIL 2ND LEVEL OF ENCRYPTION
Receiver’s of Email 4096 bit public / private key security Ø Email messages sent from the senders Blackberry is encrypted
at 512 bit encryp:on via S/MIME. Ø Messages arriving at Sling Mail's server is further encrypted at
4096 bit encryp:on level Ø Messages are then forwarded and received by the receivers
Blackberry at 4096 bit security level Ø Only persons authorized to receive from the sender will have
the private key to decrypt the messages
12
FURTHER LEVELS OF SECURITY
1. Live cer:ficate revoca:on
2. SlingMail’s own cer:ficate authority
3. We do not keep private keys on the system, as your private key is deleted once it is delivered to end user
4. All keys used to encrypt emails have a short life:me. Keys are changed every 20 days
13
CON’T
5. Servers are located in a territory not subject to legisla:on that allow govt's unprecedented access to your communica:ons
6. Data is purged from the servers every 60 min's
7. Emails in your in box are purged every 10 days
8. All this security measures is then further protected in a :ghtly controlled system; i.e. a closed system
14
WHY IS THIS LEVEL OF SECURITY NECESSARY?
Benefits 1) By not keeping your private key and changing it
frequently, Slingmail and any other party cannot recover your encrypted mail
2) Based in a jurisdic:on not subject to legisla:on to keep or release data, hence, we do not keep any records or communica:ons sent on our systems. You will never need to worry that someone will somehow get them years from now
3) By purging data on our server every 60 mins, hence, we cannot recover encrypted data at all, EVER
15
CON’T
4) Every single computer system is subject to aMack. With a closed system, we reduce the "aMack surface" of our product down to the minimum. Secondly, we have a beMer ability for aggressive and intelligent monitoring to discover "untoward ac:vi:es".
Hence, this means we keep a good eye on it, as well as be aggressive in protec:ng it.
Systems that aMempt to be everything to everyone open themselves up to everyone.
WE DO NOT 16
APPLICATIONS
Server is only a gateway
Acts only as a transporter
Server decrypts message to 4096 bits
17
Sender Private Key’s @ 512bit
Receiver Private Key’s @ 512bit
REQUIREMENTS
• Wireless BES E-‐mail Service
• Device need to have GPRS Service
• If use local Telco service to ac:vate device, need to make sure they have gateway with RIM/Blackberry
18
SLINGSECURE MOBILE VOICE ENCRYPTION
ProtecKng Valuable InformaKon • Organiza:ons make significant efforts to protect their valuable data from loss
or intercep:on – par:cularly when accessed outside the office and travelling abroad.
• In 2010 the cost of mobile phone intercep:on is significantly reduced since hackers computed and published free on the internet a codebook to decrypt GSM calls1 – used in 80% of mobile phones worldwide – as well as demonstra:ng intercep:on equipment that is readily available for under $2,000.
• With SlingSecure, calls can easily be protected on popular cell phones – and
securely connected to office phone systems – so that you can be assured conversa:ons remain confiden:al wherever they are.
19
CON’T
Speak With Confidence • SlingSecure Mobile is an easy-‐to-‐use, next genera:on so;ware solu:on that
runs on standard mobile phones and uses the data channel to serve up unparalleled voice quality, low voice delays (latency), global coverage and intercon:nental call capability -‐ all delivered securely.
• Using SlingSecure Mobile is as easy as making a normal call, yet provides the confidence that phone calls, whether in the mobile or office environment, at home or overseas, within or between departments, suppliers and business partners, are protected end-‐to-‐end.
• Security is assured; SlingSecure uses the same well-‐established and trusted encryp:on technologies to protect voice communica:ons that are used to protect laptops, corporate data and financial services transac:ons.
20
CON’T
Cryptography & Random Number Genera:on Public Cryptography (2048-‐bit RSA & ECDSA using curves with 384-‐bit prime moduli)
RSA and ECDSA are used for authen:ca:on. The key pairs are generated on the phone during the installa:on and are unique to each phone. A private key is never shared. The Ellip:c Curve Diffie-‐Hellman (ECDH) and RSA algorithms are used for key exchange. The session key is only valid for one phone call and securely destroyed a;er use.
21
CON’T
Symmetric Cryptography (AES & RC4, both 256 bits)
Both encryp:on algorithms are used at the same :me. The data packet is first encrypted with RC4 and the cipher text is then encrypted again with AES in Counter Mode (CTR). Both algorithms are ini:alized with the exchanged session key.
Hashing Algorithms (SHA512, MD5)
Two industry standard hashing algorithms are used for increased integrity assurance.
Random Number Generation A 4096 bit seed pool is generated during the installa:on and is periodically updated.
22
CON’T
Key Benefits Security
• Strong end-‐to-‐end encryp:on: even if a call is intercepted, it can’t be decrypted.
• Algorithm AES256, SHA2,RDNG, DH compliant to FIPS specifica:ons • Double-‐wrapped algorithms: every cryptographic calcula:on uses two
algorithms in case one becomes vulnerable in the future • Smartcard cer:fied CC EAL5+ / Tamper-‐proof module storage
Performance • High call quality with low latency • Operates on all data-‐capable wireless networks • Interna:onal calling in over 200 countries • Secure calling to landlines with SlingSecure Enterprise Gateway
23
CON’T
Ease of Use & Management
• Applica:on can be installed, updated and deleted remotely on to any supported device with access to the Internet or Wireless GPRS.
• Management console instantly disable users
• Private Switch(s) or SlingSecure Gateway could be installed at clients own data centre for added security.
• Ease of Secure Conference Service between users “voice”
24
The BlackBerry Enterprise Server and the BlackBerry Device So;ware support a Transcoder API. This API permits third-‐party applica:on developers to create encoding schemes that encrypt, convert, or otherwise change the format of data, and apply an encoding scheme to BlackBerry device data using transcoder applica:on code. The third-‐party encoding scheme prepends a transcoder ID to the data that it encodes. The BlackBerry Enterprise Solu:on then encrypts the transcoder-‐encoded data using standard BlackBerry encryp:on. The BlackBerry Enterprise Solu:on permits only third-‐party encoding schemes that the RIM signing authority system has digitally signed using the RIM Cryptographic API public key to access the Transcoder API to create the transcoder applica:on code. To apply the third-‐party encoding scheme, the BlackBerry device must be running corresponding transcoder applica:on code. Third-‐party applica:on developers can use the Transcoder API to add cryptographic components that the RIM Cryptographic API does not support by default to their third-‐party encoding schemes. The BlackBerry Enterprise Solu:on applies the third-‐party encoding schemes to any outgoing data to which standard BlackBerry encryp:on applies. The Transcoder API supports use of all the cryptography that the RIM Cryptographic API supports. If the BlackBerry Enterprise Server administrator allows third-‐party applica:ons to use the Transcoder API on the BlackBerry device, those applica:ons, if not func:oning correctly, might impact the security, usability and performance of the BlackBerry Enterprise Solu:on, and might cause loss of BlackBerry device data. To use the third-‐party encoding scheme, the BlackBerry Enterprise Server administrator must use the Security Transcoder Cod File Hashes IT policy rule to specify the .cod file for the third-‐party encoding scheme that the BlackBerry device permits to register as a transcoder. For more informa:on about using the Security Transcoder Cod File Hashes IT policy rule, see the Policy Reference Guide.
PERMITTING THIRD-PARTY APPLICATIONS TO ENCODE BLACKBERRY DEVICE DATA
25
WHO NEEDS SLINGMAIL?
In every country there are groups of individuals, government agencies and companies who require the highest level of security. Not just physical security ,but also for transfer of data. Any leak in its transfer could lead to devasta:ng consequences, e.g. leakages of highly sensi:ve informa:on, such as, the company’s strategic marke:ng plans or the results of a break-‐through product that could poten:ally cost the company it’s posi:oning and result in heavy financial losses, etc It is in these above situa:ons that SlingMail was developed where UNCOMPROMISING SECURITY of data transfer for these groups is paramount.
o Influen:al world organisa:ons o Governments o Special land, air, sea, secret and intelligence forces o Companies involved in cuyng edge research o Telco companies o Broadcas:ng companies o Financial ins:tu:ons o Defence Contractor’s o High net worth individuals o Celebri:es, etc 26
WHAT VALUE DO YOU PUT YOUR PRIVICY AT?
Contact us
or +1.212.364.2003
WWW.GETSLINGMAIL.COM
27