Our Communication Security strategy can be summarized in the following key points:
- Exclusive use of Open and Standard encryption algorithms and protocols
- Exclusive use of technologies subject to public peer review
- Avoid security through obscurity
- Provide easy-to-use products
- Operating in a democratic European country, with no restrictive crypto law
We use Open and Standard encryption algorithms and protocols, which are the result of years of public research in cryptography certified by internationally recognized institutes such as IETF (Internet Engineering Task Force), all over the world and not only in one geo-political area.
All the encryption algorithms and security methods including Random Number Generation strictly follow the FIPS (Federal Information Processing Standards) rules.
However standard algorithms such as AES or Diffie-Hellman are not enough: they are just building blocks of a more complex system, the encryption protocol.
The IETF is the authority that analyzes, approves and manages all the widely used internet protocols. Besides, the IETF has a strong policy against anti wiretapping. It is officially described in the IETF Policy on Wiretapping RFC2804 where it affirms that no IETF protocol may include wiretapping features.
When a security technology uses only the standards, we can be sure that the technology has been subject to independent security peer review by scientific and security communities. In fact, the two most famous international cryptographers in the world enforce that concept:
Bruce Schneier in his “Why cryptography is harder than it looks” clearly states: “Good cryptographers know that nothing substitutes for extensive peer review and years of analysis”.
Philip Zimmermann in his “Beware of Snake Oil” explains the typical mistake made by a software company that considers itself expert enough not to need peer review: “Every software engineer fancies himself a cryptographer, which has led to the proliferation of really bad crypto software.”
We make use of Communication Security code that has been already audited by a huge number of security experts and used in thousands of security applications.
PrivateWave’s Secure Communication Solutions cannot be polluted with backdoors by design. We strongly warn users against any kind of proprietary solutions as we believe that security through obscurity does not work. Just think that in 1883, the core of modern cryptography was summarized in La Cryptographie Militaire by Auguste Kerckhoffs: “The security of a cryptosystem should not depend on keeping the algorithm secret, but only on keeping the numeric key secret”.
However, making encryption technologies in the most secure way is not enough.
Any IT or security manager knows well that if a security system is too difficult or too annoying, the final user will just avoid it. To be efficient, a security system must be extremely easy to use. PrivateWave’s products have a high degree of usability.
All secure communication products are, by default, integrated with the mobile phone’s operating system, so that the end-user does not have to change the way he uses his mobile phone. To make a secure call is no different than to make a standard phone call.
