Communication via e-mail or the use of services on the web of more recent diffusion, such as e-commerce and home-banking or online banking, are now consolidated habits with a high demand for security for Internet users on a global scale. With the emergence of the Internet of Things paradigm, which allows the exchange of information between objects, the security of connections on a network is even more crucial.
In line with this, there are two cryptographic protocols. SSL Secure Sockets Layer and TLS Transport Layer Security, designed with the aim of providing secure communication channels between connected devices, for the confidentiality,authentication, and integrity of information, or the impossibility for thirdparties to read the information exchanged, the verification of the identity of the parts of the communication and the non-alteration of the information transmitted.
Confidentiality is guaranteed through data encryption. The protocol provides for the use of symmetric and asymmetric cryptography during the various phases of communication. Public key or asymmetric cryptography intervenes during the phase preceding the actual communication, known as a handshake. With this technique the communication of random numbers for the generation of the secret key, used in the next phase, and a particular number called Pre-Master Secret is also encrypted. During the exchange of application data, the symmetric or secret key encryption method is used, calculated from the random numbers and the Pre-Master Secret traded in the previous phase and many other processes involved. However, Anøm utilizes 3 layers of encryption which include:
OMEMO DoubleRatchet Algorithm is Independently audited by Dutch security research group Radically Open Security and standardized by the XMPP Standards Foundation. The Signal Protocol of Double Ratchet Algorithm uses it to exchange encrypted messages based on a shared secret key, between two parties. Basically, the parties involved use a key agreement protocol to agree on the shared secret key. The Double Ratchet Algorithm has different steps. The first of this step is the Key Derivation Function Chains with the acronym KDF Chains. The following two steps are about the two separate ratchet algorithms, the first being symmetric-key ratchet and the second is the Diffie-Hellman ratchet. These three collectively form the Double Ratchet algorithm.
Also, this is the combination of the symmetric-key and DH ratchets, to get the Double Ratchet.Every time when a message is received or sent, a symmetric-key ratchet step is applied to the receiving or sending chain in order to derive a new message key.And also when a message header entails a new ratchet which is a public key, a DH ratchet step is implemented to replace the chain keys. However, this can only happen before the symmetric-key ratchet.
The lead architect for OMEMO's integration into Anøm is Daniel Gultsch. Co-creator of OMEMO.
In the 1990s, it became apparent that the most frequently used DES encryption standard was no longer able to cope with technical developments. A new encryption standard was needed.The successor to the Rijndael algorithm, named after its developers Vincent Rijmen and Joan Daemen, has emerged as the successor - a procedure that has been accepted in a call for public offerings for its security, flexibility and performance, which has been certified as an Advanced Encryption Standard (AES) at the end of 2000.
AES also divides the plain text to encrypt into blocks. Thus, this crypto system is, like DES,based on block encryption. The standard supports 128, 192 and 256-bit keys.However, instead of 64-bit blocks, AES uses much larger 128-bit blocks that are encoded in multiple consecutive cycles, utilizing a Substitution Override Network (SPN). The DES successor also uses a new round key for each encryption cycle, which is recursively derived from the initial key and linked to the block of data to be encrypted using XOR. The encryption process can be divided into four steps:
Key Expansion:Like DES, AES uses a new round key in each encryption loop. This is derived from the initial key by recursion. The initial key is extended to a length that allows you to map the required number of 128-bit round keys. Each round key is therefore based on a subsection of the extended initial key. The number of round keys needed is the number of rounds of encryption (R) including the final round plus a round key for the preliminary round (number of round keys = R +1).
Preliminary phase: During the preliminary round, the 128-bit input block is transferred into a two-dimensional table (table) and connected to the first round key using XOR (KeyAddition). The table contains 4 rows and 4 columns. Each cell,therefore, contains one byte (8 bits) of the block to be encrypted.
Encryption rounds: the number of rounds of encryption depends on the key length used: 10 rounds for AES128, 12 rounds for AES192 and 14 rounds for AES256.
Final Round: The last round is the last round of encryption. Unlike previous cycles, it does not contain Mix Columns transformations and therefore only includes SubBytes,ShiftRows, and Key Addition operations. The result of the last round is the secret text.
The decryption of AES encrypted data is based on the investment of the encryption algorithm. In addition to the sequence of steps, this also refers to the ShiftRow,MixColumns, and SubBytes operations, whose direction is also reversed.
AES is certified and highly secure thanks to its algorithm. To date, no practical attack is known.The brute force attacks are inefficient because of the key length of at least 128 bits. In addition, operations such as ShiftRoews and MixColumns ensure optimal bit mixing: in the result, each bit depends on the key. Moreover, the crypto system convinces by its simplicity of implementation and its high speed. AES is used as an encryption standard for WPA2, SSH, and IPSec as well as an encryption algorithm for compressed file archives such as 7-Zip or RAR.
However, AES encrypted data is protected against third-party access only if the key remains secret. Since the same key is used for encryption and decryption, the crypto system is affected by the key distribution problem like any other symmetric method. The safe use of AES is therefore limited to application domains that do not require a key exchange or that allow it via a secure channel. Besides, encrypted communication over the Internet requires that data be encrypted on one computer and decrypted on another. Here, asymmetric crypto systems have been installed, which allow secure exchange of symmetric keys or functions without the exchange of a common key.
Hence, Anøm provides AES-256-CBC + Argon2 hash which is used for file-based encryption,covering all Anøm data from notes, to the gallery, and files, and many others.
File based encryption allows various files to be encrypted with separate keys that can be unlocked independently without any worry.
Anøm Encryption supports a number of famous, strong encryption algorithms, and it is very crucial to select the most suitable encryption mode for the algorithms. When choosing a mode, a number of elements should be taken into consideration,including the strength of the mode against known attacks and certain application of the algorithms. For example, network connections require encryption modes allowing the encryption of byte-by-byte sequences. If Anøm must encrypt 512-bytes sectors that an operating system randomly reads from adisk, it has to use another encryption mode. However, AES-256-XTS is used forFull Disk Encryption at the file system layer covering all data on the device.
Anøm Volume Encryption uses XTS encryption mode with all encryption algorithms. It is a known fact that AES-XTS is a kind of tweak-able block cipher that acts on data units of 128 bits or more and uses the AES block cipher as a subroutine. Thekey material for AES-XTS comprises of a data encryption key that is used by theAES block cipher and also as a tweak key that can be easily adopted into thelogical position of the data block. AES-XTS is a concrete class of tweakable block ciphers. Hence, the AES-256-XTS addresses threats like copy-and-paste attack, while providing pipelining and parallelization in cipher implementations.
It should be noted that XTS mode uses its secret key known as a tweak key which is completely different from a Primary Encryption Key used by some other encryption algorithms. Anøm Volume Encryption has relied upon encryption algorithms with block sizes not less than expected bits since inception.
At Anøm, we provide AES-256-XTS as all ciphers are open-source encryption standards. Peer reviewed by security research experts and with proven integrity in the field.We donʼt just use or permit the use of wonky Home-brewed encryption.Roll your own encryption schemes are unproven and often full of holes. It is very important for you not to trust your privacy to cipher standards that have not been scrutinized by encryption experts.
Anøm remains your best options in Encryption protocols as we utilize the right layers of encryption. We've got you covered.