User:Mntbrry/sandbox/cameoNet
This is not a Wikipedia article: It is an individual user's work-in-progress page, and may be incomplete and/or unreliable. For guidance on developing this draft, see Wikipedia:So you made a userspace draft. Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
cameoNet logo | |
Original author(s) | memo Connect GmbH |
---|---|
Developer(s) | memo Connect GmbH |
Initial release | 18 August 2014 |
Stable release | 0.4.2
/ 5 November 2014 |
Written in | [[Scala (programming language) |Scala]],HTML5 |
Operating system | Android, iOS |
Available in | German, English |
Type | Instant Messaging |
License | Open Source |
Website | www |
cameoNet is a secure instant messaging application for all devices, such as smartphones, tablets and desktop computers. cameoNet is availabe as web app for all devices and also as mobile app for Android and iOS. A Windows Phone version is currently being developed[1] In addition to text messages images, videos, positions and voice messages can be transmitted as attachments. Founder, developer and operator is Memo Connect GmbH in Halle (Saale).[2] All cameoNet servers are located in Germany.
Security
[edit]Many platforms use protocols like the Diffie–Hellman key exchange, thereby simplifying some technical aspects, but don't solve the authentication problem and enable man-in-the-middle attacks. cameoNet uses a Public Key Infrastructure (PKI). The PKI enables authentication and flexible secured group conversations.
The security system of cameoNet is based on current cryptography methods. To assure data security cameoNet uses AES and RSA algorithms. The combination of symmetric (AES-256) and asymmetric (RSA-4096) encryption algorithms makes it possible to encrypt user-to-user and group conversations.[3] Adding a member to a conversation is facilitated without the need to re-encrypt the entire conversation. In the event that a group member is to be excluded from a conversation this is also a simple process. The management of encryption keys ensures that private keys and the content of the messages will not be accessible for a cameoNet server administrator. Only the individual users are able to decrypt secured cameoNet content.
cameoNet allows secure communication with external users outside of the application environment. It offers two ways to secure a web reader conversation.
- By manual key exchange.
- By using the PassCaptcha procedure
The PassCaptcha procedure includes exchanging a CAPTCHA image for transmitting the symmetric key. The PassCaptcha technology simplifies exchanging keys and makes automated key extraction more difficult.
Another aspect is the verification of the identities of group conversation's participants. Encryption may prevent unauthorized access, but by itself cannot authenticated the particibans of a group conversation. cameoNet users may verify each other's identities by exchanging their key-IDs through several ways (manual exchange, QR-codes). Once users have validated their identities they can use digital signatures to sign messages and attachments. This enables private and authenticated conversations. This process does not imply that the service needs any information about the users' real identities. It is possible to have an anonymous account and identity while still communicating secured and authenticated. Meanwhile, users can also be fully verified by submitting personal identification documents (e.g. passport or driver's licence).
The application consists of a Scala/MongoDB based back end and a HTML5 based front end, connected by a REST API. The backend system supports stateless session handling, which enables easy horizontal scaling in case of increasing system load. Currently all major web browsers on Windows, OS X, Linux, Android, iOS and Windows Phone are supported by the front end. Mobile applications for Android and iOS are available.[4][5] A Windows Phone application is in development.[6]
Use of the Application
[edit]When first starting the application the users are asked to provide their account data (user name and password, other data is optional). After creating a user account and a short address of welcome the application's functions are introduced to the user through a quick start guide. Then a cameoKey is automatically generated. The key is essential to secure encryption. The user may then search for contacts and send friend requests. If a request is accepted, the cameoKeys (the public keys) are exchanged and a secured communication is possible. While communicating, users are informed of the level of security though a colored lock symbol. Asymmetric encryption is signified by a green lock, a yellow lock shows that the communication is secured by a regular password or a PassCaptcha. A red lock shows that the ongoing communication is unencrypted.
Data Protection
[edit]The application's servers are located in Germany. Thus, the operating company and the service are subject to the German Federal Data Protection Act. Users may synchronize their address books with the cameoNet servers. If either the phone number or the email address of a contact in the address book match an entry in the service's data base, the contact ID is added to the contact list automatically.
Characteristics of cameoNet
[edit]- Open to external users through SMS and email
- Encrypted communication with external users via Passcaptcha
- Availability on all major devices and platforms
- Open Source
- Multiple identities per user account possible
- Optional anonymous use
References
[edit]- ^ WMPoweruser.com, Secure messaging service cameoNET is coming to Windows Phone soon 15 October 2014. Retreived 18 November 2014
- ^ Deutsche Startups, cameoNet: Verschlüsselte Mailing- und Messaging-App 25 August 2014. Retreived 18 November 2014.
- ^ cameoNet Homepage, 'FAQ' 18 August 2014. Retreived 18 November 2014
- ^ TruTower.com, 'cameoNet Secure Private Messaging App Launches' 15 October 2014. Retreived 18 November 2014
- ^ cameoNet Blog, 'cameoNet now also available as iOS app for iPhone and iPad' 18 November 2014. Retreived 18 November 2014
- ^ WMPowerUser, 'secure messaging service cameoNet is coming to Windows Phone soon' 15 October 2014. Retreived 18 November 2014
External links
[edit]