Sunday, June 18, 2017

Where Crypto Helper's security comes from.

As some readers may know, I have pre-released an application for Android called Crypto Helper that is able to secure text in a manner that is extremely hard to break. It's security comes from a few design elements that coincidently allow me to keep the app's source code simple.

Secure Interface:

My app uses a simple interface which doesn't handle sending or receiving any external data, instead my app uses existing features in android known as the clipboard and intent. This design allows the app to automatically paste data into the input, copy output to the system clipboard, or directly export output to external apps like your email client or "secure" text messenger. This simple design also doesn't save your encryption keys, if the keys were saved then the system could be attacked by stealing them from the key stores even if they were made secure through encryption. Since the app saves nothing, once you shut the app down, all sensitive data is never moved from RAM to storage and is therefore lost and impossible for invasive investigations to recover. This means that the security of the app itself is completely dependent on the user and the device, there are no known weaknesses in my app therefore it can only be attacked by attacking the host device or user habits (two factors that are out of the hands of even the best app developers).

Algorithm Design:

Behind the scenes, my app uses simple but powerful algorithms to scramble text and make it unreadable without the correct key. The idea behind encryption is to make sensitive data impractical to derive from the encrypted data, and there are other uses of cryptography like verifying the identity of a sender. My app uses an algorithm that can be layered upon other algorithms like AES256 to make it even more secure, however it is already hard to break on its own. My app not only makes decryption without the key many times harder than encryption or decryption with the key (the mechanism behind encryption), but it also uses a phenomenon known as collisions to mask your data by making several potential solutions with no way for an intruder to tell which one is correct. One time pad is the name of the algorithm I based mine off of, it's unbreakable if a secure key is used once and never found by an intruder, it's lightweight to compute by only adding and subtracting rather than multiplying and dividing.

Features To Foil Crooks And Save You Time:

CryptoHelper gains a new level of security with a simple function I added that adds a massive amount of complexity to cryptanalysis attempts. My app has a feature where it generates random noise and injects it into the cipher-text which changes its length and makes it impossible to tell if all the text is necessary for decryption. With intruders unable to easily separate signal from noise, the text gains a new layer of protection. Crypto Helper also has a hexadecimal encoder for compatibility, if the app creates cipher-text in which has exotic characters, it makes the user's life harder if they need to type in the text so I made a feature where it outputs the hexadecimal notation for the characters to save users from a headache before one is ever found. Keys are hashed by default to save users who choose weak keys and increase difficulty of brute force attacks, users using older keys or custom keys longer than the 512 bit hash will benefit by turning off the "Secure key" feature which will use the key in verbatim. These are some features I have not found in any other application, and I am still adding more if anyone has any ideas.


No comments:

Post a Comment

Latest Post

Steam on Linux Mint Cinnamon

Most viewed