Technologies implemented in secure messenger SafeUM

SafeUM innovates secure communication

We implemented most recent achievements and cutting-edge technologies in information technology security to develop cryptographic protection mechanisms for our instant messenger. The level of encryption and its performance meets the most stringent banking standards. Your private or business information is totally safe and confidential when using our chat messenger. SafeUM eliminates any possibility of data interception and spoofing and also provides the parties' authentication. Here's more information on the technology, cryptographic systems, functionality and features.

Details

SafeUM innovates secure communication

We implemented most recent achievements and cutting-edge technologies in information technology security to develop cryptographic protection mechanisms for our instant messenger. The level of encryption and its performance meets the most stringent banking standards.

Your private or business information is totally safe and confidential when using our chat messenger. SafeUM eliminates any possibility of data interception and spoofing and also provides the parties' authentication. Here's more information on the technology, cryptographic systems, functionality and features:

>> P2P mode of voice and video calls involves direct data transfer between users bypassing our servers. The communication channel is not limited to the server capacity which distinguishes SafeUM from all other popular instant messengers.

>> Encryption. The information is encrypted by subscriber A, stored on the server and transmitted in encrypted form. After going through communication channels it is decrypted by subscriber B. The information is open only at the end nodes - where it is encrypted – users' mobile phones or tablets. Any other equipment such as servers, switches, routers and SafeUM servers contain encrypted information.

>> Digital signature is another reliable way of data protection during transfer. This automatic technology authenticates the parties and ensures data integrity. Account and chat hacking as well as spoofing are totally eliminated.

>> Hybrid encryption scheme. A symmetric block encryption algorithm is used to increase the encryption performance. Asymmetric elliptic curve cryptography is used to transfer the encryption key in the data exchange process. It has high levels of cryptographic security with a relatively small key length. This hybrid scheme allows to "take the best" out of each system and combine into one cryptosystem with very good encryption performance and cryptographic security as well.

>> The ElGamal scheme is used for symmetric key transport. SafeUM cryptography experts implemented complex algorithmic optimization of the encryption process taking into account the stringent requirements of the banking sector. The application works fast and ensures high quality communication without any delays. In other words - the communication quality is equal to that of the other chat messengers but at the same time it provides a very high level of information security and extremely fast encryption performance.

>> Our servers have no hard drives. We use Redis in-memory database - the best option for SafeUM that allows to store all (!) the data in RAM. Third parties can only access these data after going through a complicated legal and bureaucratic procedure. And even then SafeUM can disclose only the encrypted data. We do not have private keys. They are generated on the basis of the pass-phrase that the user must remember. We, being the providers, cannot decrypt messages stored on the server. >> SafeUM multimedia messenger comes with an exclusive set of functionality. You can simultaneously use up to three accounts online in one messenger. No phone number is needed to sign up. What do you think about the disable chat history saving feature? How about the screen shot protection during the dialogue? And voice modification feature? SafeUM uses a system of three security PIN codes: first is used to sign in, second - to access secret contacts and chats and the third one - to deactivate the account in case of any information security threats.

You can choose your level of security, choose your subscription and free yourself from any communication security concerns.

Why SafeUM Premium subscription can not be free

You may ask why you have to pay for some tariff plans? Our messenger is a commercial product. We do not want and will not deceive you and sell your personal information to marketing specialists. We have invested in our product development without attracting any potential customers donations or engaging any sponsors. Every cent invested was spent on quality, design and exclusive functionality. We offer you security at the price of a cup of coffee. We respect your privacy and secrets. You keep them safe yourself using SafeUM secure messenger!

Details

Why SafeUM Premium subscription can not be free

You may ask why you have to pay for some tariff plans? Our messenger is a commercial product. We do not want and will not deceive you and sell your personal information to marketing specialists. We have invested in our product development without attracting any potential customers' donations or engaging any sponsors. Every cent invested was spent on quality, design and exclusive functionality.

We offer you security at the price of a cup of coffee. We respect your privacy and secrets. You keep them safe yourself using SafeUM secure messenger! The encryption system is built in such a way that even we have no access to your correspondence or personal information.

We do not set out terms, we offer you to decide what communication security level to select. Only you decide what kind of information you want to disclose. We do not track your phone, it is of no interest to us. Our priority is to create a unique and most secure communication environment!

We want you to find everything you need within the same application: multiple accounts working simultaneously, the ability to send files of unlimited size, confidential video conferencing feature and secure data exchange.

We offer you to choose from a set of completely unique features to ensure the security of your personal and business communication.
Our customer support team will answer any questions you may have.

Security is at the core of everything, even in the free version! You can expand your range of options and features with standard and premium tariff plans. We created a personal account for you to deposit funds easily and safely.

We do not ask you to take our word! You can check the reliability of SafeUM secure messenger if you wish. At the same time our development team is moving on and we will improve and expand our product features in future releases.

Our technologies

We used most recent achievements and cutting-edge technologies in cryptography to develop SafeUM secure messenger. Thus we created a unique hybrid system with all the algorithms combined into a single perfect mechanism to protect your personal information and communication. Direct dynamic AES key generation scheme excludes the possibility of data decryption by third parties when the communication channel is intercepted. The use of the ElGamal Elliptic Curve Cryptosystem with a key length of 256 bits provides unprecedented cryptographic security level.

Details

Our technologies

We used most recent achievements and cutting-edge technologies in cryptography to develop SafeUM secure messenger. Thus we created a unique hybrid system with all the algorithms combined into a single perfect mechanism to protect your personal information and communication.

Direct dynamic AES* key generation scheme excludes the possibility of data decryption by third parties when the communication channel is intercepted. The use of the ElGamal** Elliptic Curve Cryptosystem with a key length of 256 bits provides unprecedented cryptographic security level. It will take several decades and all the computing power of the globe to decrypt each of your messages.

Besides reliable encryption SafeUM also guarantees sender authenticity and data integrity by implementing digital signature mechanism.

The algorithms used are.

AES (Advanced encryption standard) * - block cipher with CBC mode used, key length is 256 bits. Government Compliance document - FIPS 197 (USA Federal Standard).

SHA-2 (Secure Hash Algorithm) - hash function, block length is 256 bits. Government Compliance document - FIPS 180-4 (latest revision).

PRNG (Pseudorandom Number Generator) - generates a pseudo-random sequence of numbers

for cryptographic use. Regulatory document - ANSI x9.17.

Encryption and EC digital signature (ElGamal EC, ECDSA). Regulatory documents X9.63-2001; Public Key Cryptography for the Financial Services Industry - Key Agreement and Key Transport Using Elliptic Curve Cryptography; FIPS PUB 186-4

El Gamal Public-key encryption (Elliptic Curve Cryptography) **

Redis – in-memory database that does not use the hard drive to store information.

Cryptographic algorithms. Mathematical model.

Data transfer between clients and server:

To provide the secure data transfer between client and server, WSS is applied (Websocket Secure over TLS v2.0)

For data transfer and storage, the AES encryption is applied (256 bits key in CTR mode of operation).

Elliptic Curves ElGamal asymmetric encryption is used to provide the keys transfer from user A to user B (the Galois Field size - 256 bits. The field is GF (p) ).

The details are the next:

- the key for each message is generated at random;

- the message or file is encrypted by 256-bit AES in CTR mode of operation;

- the key is transferred in the same cryptographic container using EC ElGamal Encryption;

- the user authority and message integrity is provided by ECDSA;

- each message is transferred with the digital signature;

- for Elliptic Curves Asymmetric algorithms the key size is 256 bits.

Simply, each message is encrypted by some randomly generated AES key, which we considered as X in the algorithms above. Also, for each message the AES IV is generated correspondingly. So, we have the hybrid system, where the AES symmetric algorithm is used for encryption, and EC ElGamal is used for key transport.

Кеу transport description:

Elliptic Curve: y^2 ≡ x^3 – ax +b (mod p) over GF(p), EC-256 according to FIPS 186-4

Stage 1. Keys generation and calculation. Let x – private key, generated at random, Y = x * P where P is the base point. The private key is bind to the username, password and some additional data. It is unique for each user.

Stage 2. Message Encryption. Let X – some plain data, X < p; X != 0; X!=1;Calculatesomekatrandom, Cb=k*P,Сs=k*Y,с=Cs.X–the abscissa of Cs; Calculate the cryptogram: M1 = Cb, M2 = ( c * m ) mod p;

As a result: Cg = { M1, M2 } = { Cb, cm mod p };

Stage 3. Decryption. Ct = x * M1 = x * Cb;

c' = Ct.X() - the abscissa of Ct;

m is restored as m = ( M2 / c' ) mod p; where the division is considered ad the multiplication on multiplicative inverse of c.

Also, the data integrity and the user authentication is provided. It is implemented by using of the ECDSA, according to the FIPS 186-4 specification. So, each message is encrypted using AES in CTR mode of operation, key length is 256 bit. The AES key is transferred, using EC ElGamal algorithm, and each message is signed using ECDSA digital signature.

The encryption data formats:

- the encrypted data is transferred using JSON formats, RFC 4627

- base64 format (RFC 1421 и RFC 2045)

- the data transfer between client and server is provided using

- WSS (Websocket Secure over TLS v2.0) RFC 6455

- the media data is transferred using SRTP (RFC 3711)

Data exchange protocols and the application:

- TCP, RFC 793 / STD 7 is used as the transfer protocol for WebSockets

- UDP, RFC 768 is used as data transmission carrier for media data

- Base64 (RFC 1421 и RFC 2045) is used to pack the binary data for transferring between clients, and between client and server. Also, the encrypted binaries are packed as Base64

- JSON is used to pack the string data for transferring between clients, and between client and server. Also, the encrypted strings are packed as JSON

- TLS v2.0 (SSL v3.0) is used as en encryption transport layer for WebSockets

- UDP (WEBRTC) WebRTC is used for audio and video communication

- SCTP (WEBRTC) Is used for audio and video communication

- HTTPS (HTTP Secure over TLS v2.0) Is used for the user authorization and access control on control panels

- WSS (Websocket Secure over TLS v2.0) Is applied to provide secure exchange between client and server

- ICE (Turn, Stun) Is used for NAT traversal in LAN, and to provide P2P communication

- SRTP (RFC 3711) Is used for audio and video communication between clients.

SafeUM Communications ehf. Company

SafeUM Communications ehf . сompany was founded on November 28, 2013, in Reykjavik, Iceland.
Its business activity is regulated by the laws of Iceland.

The company is engaged in software development and services in the field of IT. To deliver the best results we have hired more than 20 developers across the globe as well as a team of testers, administrators, billing, and technical support specialists.

At the end of 2013 SafeUM Communications ehf. started developing its first application - SafeUM secure messenger. An experienced encryption specialist who worked with Philip Zimmermann joined the team to work on the development of SafeUM secure messenger.

LEGAL ADDRESS

Axarhöfði 14, 110 Reykjavik, Iceland

CONTACT US BY E-MAIL

General questions - info@safeum.com

Support - support@safeum.com

Sales - sales@safeum.com

Marketing - marketing@safeum.com

Legal department - legal@safeum.com

Complaints - abuse@safeum.com

PHONE

Tel.: +354 (5) 395103