User:Mntbrry/sandbox/cameoNet

Original author(s)memo Connect GmbH
Developer(s)memo Connect GmbH
Initial release18 August 2014; 10 years ago (2014-08-18)
Stable release
0.4.2 / 5 November 2014; 9 years ago (2014-11-05)
Written in[[Scala (programming language) |Scala]],HTML5
Operating systemAndroid, iOS
Available inGerman, English
TypeInstant Messaging
LicenseOpen Source
Websitewww.cameonet.de

cameoNet is a secure instant messaging application for all devices, such as smartphones, tablets and desktop computers. cameoNet is availabe as web app for all devices and also as mobile app for Android and iOS. A Windows Phone version is currently being developed[1] In addition to text messages images, videos, positions and voice messages can be transmitted as attachments. Founder, developer and operator is Memo Connect GmbH in Halle (Saale).[2] All cameoNet servers are located in Germany.

Security

edit

Many platforms use protocols like the Diffie–Hellman key exchange, thereby simplifying some technical aspects, but don't solve the authentication problem and enable man-in-the-middle attacks. cameoNet uses a Public Key Infrastructure (PKI). The PKI enables authentication and flexible secured group conversations.

The security system of cameoNet is based on current cryptography methods. To assure data security cameoNet uses AES and RSA algorithms. The combination of symmetric (AES-256) and asymmetric (RSA-4096) encryption algorithms makes it possible to encrypt user-to-user and group conversations.[3] Adding a member to a conversation is facilitated without the need to re-encrypt the entire conversation. In the event that a group member is to be excluded from a conversation this is also a simple process. The management of encryption keys ensures that private keys and the content of the messages will not be accessible for a cameoNet server administrator. Only the individual users are able to decrypt secured cameoNet content.

cameoNet allows secure communication with external users outside of the application environment. It offers two ways to secure a web reader conversation.

  1. By manual key exchange.
  2. By using the PassCaptcha procedure

The PassCaptcha procedure includes exchanging a CAPTCHA image for transmitting the symmetric key. The PassCaptcha technology simplifies exchanging keys and makes automated key extraction more difficult.

Another aspect is the verification of the identities of group conversation's participants. Encryption may prevent unauthorized access, but by itself cannot authenticated the particibans of a group conversation. cameoNet users may verify each other's identities by exchanging their key-IDs through several ways (manual exchange, QR-codes). Once users have validated their identities they can use digital signatures to sign messages and attachments. This enables private and authenticated conversations. This process does not imply that the service needs any information about the users' real identities. It is possible to have an anonymous account and identity while still communicating secured and authenticated. Meanwhile, users can also be fully verified by submitting personal identification documents (e.g. passport or driver's licence).

The application consists of a Scala/MongoDB based back end and a HTML5 based front end, connected by a REST API. The backend system supports stateless session handling, which enables easy horizontal scaling in case of increasing system load. Currently all major web browsers on Windows, OS X, Linux, Android, iOS and Windows Phone are supported by the front end. Mobile applications for Android and iOS are available.[4][5] A Windows Phone application is in development.[6]

Use of the Application

edit

When first starting the application the users are asked to provide their account data (user name and password, other data is optional). After creating a user account and a short address of welcome the application's functions are introduced to the user through a quick start guide. Then a cameoKey is automatically generated. The key is essential to secure encryption. The user may then search for contacts and send friend requests. If a request is accepted, the cameoKeys (the public keys) are exchanged and a secured communication is possible. While communicating, users are informed of the level of security though a colored lock symbol. Asymmetric encryption is signified by a green lock, a yellow lock shows that the communication is secured by a regular password or a PassCaptcha. A red lock shows that the ongoing communication is unencrypted.

Data Protection

edit

The application's servers are located in Germany. Thus, the operating company and the service are subject to the German Federal Data Protection Act. Users may synchronize their address books with the cameoNet servers. If either the phone number or the email address of a contact in the address book match an entry in the service's data base, the contact ID is added to the contact list automatically.

Characteristics of cameoNet

edit
  • Open to external users through SMS and email
  • Encrypted communication with external users via Passcaptcha
  • Availability on all major devices and platforms
  • Open Source
  • Multiple identities per user account possible
  • Optional anonymous use

References

edit
  1. ^ WMPoweruser.com, Secure messaging service cameoNET is coming to Windows Phone soon 15 October 2014. Retreived 18 November 2014
  2. ^ Deutsche Startups, cameoNet: Verschlüsselte Mailing- und Messaging-App 25 August 2014. Retreived 18 November 2014.
  3. ^ cameoNet Homepage, 'FAQ' 18 August 2014. Retreived 18 November 2014
  4. ^ TruTower.com, 'cameoNet Secure Private Messaging App Launches' 15 October 2014. Retreived 18 November 2014
  5. ^ cameoNet Blog, 'cameoNet now also available as iOS app for iPhone and iPad' 18 November 2014. Retreived 18 November 2014
  6. ^ WMPowerUser, 'secure messaging service cameoNet is coming to Windows Phone soon' 15 October 2014. Retreived 18 November 2014
edit