ClinkMe Messages and Calls Security

Introduction

ClinkMe enables you to search for and call, easily, quickly and intuitively, contacts from your device’s address book, plan calls, and manage your favourite contacts. Another important part of the application is the possibility of its users exchanging messages or making calls.

To be able to call or exchange messages with others, each user must have a registered ClinkID account, which is used for logging in to the ClinkMe services. On registering a new account or on logging in and managing an existing ClinkID account the application communicates with the server securely by the HTTPS protocol and the data is safely stored on the server as well as on the user’s device. For more information see Personal Data Security.

ClinkMe Messages

All communication between ClinkMe and the messaging server is done securely by the TLS protocol, which prevents messages form being eavesdropped or falsified. For exchanging messages the ClinkMe application uses the standard Extensible Messaging and Presence Protocol (XMPP), which contains a lot of enhancements that bring advantages to users, e.g. confirmation of the sent message having been read by the recipient.

Standard security of messages

Even in its basic version, which is available to all users, the application provides a very solid solution for secure exchanging of messages between the sender and the recipient. All messages that the user exchanges with other users are automatically encrypted by means of asymmetric cryptography and by the principle of Pretty Good Privacy (PGP). To be able to send a message via ClinkMe the user must have a private and public key generated. That is automatically done by the application when it is run for the first time and the user cannot change this data. When a message is being sent the application automatically generates a unique random key which is used for coding the content of the message (256-bit AES algorithm is used). Then this random key is encrypted by the recipient’s public key using the RSA algorithm with padding, PKCS#1. The encrypted content of the message and the ciphered key are then sent to the recipient, who is the only person that can decipher the incoming message (using their private key), i.e. the unique random key is deciphered first and then the message is deciphered.

Enhanced security of messages

Users who buy ClinkMe Secure (available for purchase in the application) can increase the level of message security by being able to generate their own key which is then used for encrypting the messages between the sender and the recipient, called secure communication key. This key is different for each contact, so messages sent to one recipient are encrypted by a different key than messages sent to another recipient. Moreover, a different initializing vector is used for each message encrypted in this way, so the encrypted content is always different even though the non-encrypted content of the message sent to the same recipient is the same. All secure keys for communication that the user has created for the individual contacts are safely stored only on the user’s device (they are not stored on the server). For message content encryption the 256-bit AES algorithm is used.

Messages limited in time

Users who buy ClinkMe Secure (available for purchase in the application) can send the validity period of sent messages to make sure that the message will be deleted on the recipient’s side after some time. Messages sent in this way are also deleted from the sender’s device. All messages limited in time are physically deleted on both the sender’s and the recipient’s device and are not stored on the server. Messages limited in time bring another security enhancement – the sender can be sure that messages sent in this way will be deleted after some time and will not be available in the conversation.

Synchronizing the security between devices

Because one of the objectives of the ClinkMe application is to provide the user with maximum security, no information used by the application for message security is synchronized to another device via iCloud or another cloud service. This important information includes the private and public keys (standard message security) that protect all outgoing and incoming messages and secure keys for communication belonging to users with contacts for enhanced message security.

On the other hand, for each user to be able to transfer this information from one device to another ClinkMe makes it possible to synchronize this information by its own synchronizing solution which is not used by any servers. Synchronization is available in the application menu and is done via Bluetooth or Wi-Fi and it can only be done between two devices to which the user is logged on to using the same ClinkID account. Synchronization between devices via Bluetooth or Wi-Fi is always encrypted by a unique key generated during each synchronizing session. For data encryption during synchronization a 256-bit AES algorithm is used.

How to achieve maximum security?

Users can achieve maximum message security by purchasing ClinkMe Secure and generating a secure key for communication with a selected user. If the user wants to be sure that the message will not be available to the recipient after some time, it is convenient to limit the message in time, which means that the message sent in this way will be deleted both from the sender’s and the recipient’s device after some time.

ClinkMe Calls

For calls security the Secure Real-time Transport Protocol (SRTP) is used. Each call is encrypted by a unique randomly generated key known only to the caller and the called person. The application automatically tries to connect the users directly without using a “peer-to-peer” server. If that fails (for example, due to technical limits in one of the user’s infrastructure), the call is transmitted via a TURN server, which is part of the infrastructure of the ClinkMe server part. In order to connect both users a STUN server, which makes it possible to find out both devices’ public IP addresses, is used.

ClinkMe Call Diagnostics

Each user can easily, quickly and in a well-arranged manner verify how a ClinkMe call is secured on the outgoing or incoming call screen. This screen shows information about the type of security (e.g. TLS), says whether the call is being transmitted directly between the users or via a TURN server, and provides information about the general level of security.

Links

The following list contains links to technologies and protocols mentioned in the text:

HTTP Secure (HTTPS)
Extensible Messaging and Presence Protocol (XMPP)
Transport Layer Security (TLS)
Public-key cryptography (Asymmetric key cryptography)
Pretty Good Privacy (PGP)
Advanced Encryption Standard (AES)
Secure Real-time Transport Protocol (SRTP)
Session Traversal Utilities for NAT (STUN)
Traversal Using Relays around NAT (TURN)
Initialization vector (in cryptography)
Bluetooth
Wi-Fi
RSA (cryptography algorithm)
Peer-to-peer (P2P)