Skip links

SKY ECC : Building a Solution Based on Zero-Trust

In a previous post, where we talked about the secure messaging landscape (link to the previous post sent), we discussed the security continuum and how all computers, security and otherwise, lies somewhere along the continuum of convenience vs security. We fall at the far end with other device-based solutions, as we offer extremely secure ways to communicate, but with the compromise of convenience. A trade off like this is one users do not mind as solutions, such as SKY ECC give them the reassurance that they are secure. When you know that your communications and business dealings cannot be leaked, shared or intercepted, it allows you to be content and to be able to concentrate on other matters. In this post, we will look at what differs between other messaging solutions and SKY ECC’s trust. Or in this case, zero trust. SKY ECC is built to distrust technology and it is this distrust that keeps your messages safe and your information safe.

“Zero-Trust Security”: What does it Mean?

The best way to illustrate our zero-trust approach is with recounting a conversation with someone purchasing SKY ECC devices to use for their company.

Customer: “We would never buy iPhones. We don’t trust Apple not to share our data or have hidden backdoors in the software or devices.”

Our response: “That’s good. We don’t trust them either, and here’s how we protect against those risks and potential threats.”

By this, we do not mean Apple has or uses backdoors inbuilt into their software or hardware. Instead, we are saying that when SKY ECC was built (On Apple, Blackberry and Google devices), development was approached with this statement: should the device be compromised, how would we protect the messages and SKY ECC?
This premise runs through all of the development of the device, from the OS, network and on to the app. With every point, we asked ourselves: How can we protect device, should this one part be compromised? How can we stop the spread along the chain? Because of this, we make sure the devices we use match up to our standards of security, that all network traffic is encrypted and that if even a layer of protection within the phone is compromised, the messages stay secure beneath the other layers.

Throughout SKY ECC, zero-trust is core to its features, how it works and to staying safe online.
When first starting off with end-to-end encrypted (E2EE) apps, many of them have you enter a phone number or email address. Using this information, along with access granted to your contacts, the app searches to find people you may know. In principle, this sounds great. You can find people quicker and easier and vice versa. But it also means putting your trust in the directory server. That means that somewhere, a list of identifiable information about you is connected to the messaging account in question. All it takes is one breach, such as what happened with WhatsApp , and the app and your privacy is compromised.

With SKY ECC, it is impossible to search for a user’s ID, add them as a contact and begin messaging them, or for this to be done in reverse. To share contacts, you have to provide them with your ECC ID, which being randomly generated, stops anyone from guessing, at which point they must make a contact request to be added. Once you approve the request, then you can message each other. This was a point raised when we compared Signal and WhatsApp. Through this, you get the contact information from someone you know, or a contact that is giving you the information directly to you. This means you do not need to put faith in a server as it searches through contacts. Aside from confirming that the ID exists on the system, it’s all at your discretion. We will not tell you who you should trust and so we engineered SKY ECC so that the decision is completely up to you.

How a Zero-trust Approach Gives us Our Edge?

Approaching security with a zero-trust mind set allows us successfully ensure security. It allows us to be a step ahead. With SKY ECC, we are careful at every step, always using our zero-trust method. We know what happens when this is not used. Your device seems fine when you install the app, but what of a key logger is installed after being rooted? It then doesn’t matter how secure or encrypted the message is. Your security is compromised and anything you type is being seen, without you being aware. How about “only the content needs to be encrypted for each message, the metadata is not important”? Metadata is crucial, potentially providing a lot of information about you to whoever may access it, as we talked about in a previous post. Encrypting messages is a good start, but to fully protect your privacy and security, we believe that the messaging solution needs to be protected by multiple layers of concentric protection.

The Layers of Security: What are They?

At SKY ECC, we use the idea of protection in concentric layers as part of our Zero-trust method. Our SKY ECC security page can provide more detail and insight to give you an understanding into how each layer works and the hardware and software involved.

In a previous post, where we talked about the secure messaging landscape (link to the previous post sent), we discussed the security continuum and how all computers, security and otherwise, lies somewhere along the continuum of convenience vs security. We fall at the far end with other device-based solutions, as we offer extremely secure ways to communicate, but with the compromise of convenience. A trade off like this is one users do not mind as solutions, such as SKY ECC give them the reassurance that they are secure. When you know that your communications and business dealings cannot be leaked, shared or intercepted, it allows you to be content and to be able to concentrate on other matters. In this post, we will look at what differs between other messaging solutions and SKY ECC’s trust. Or in this case, zero trust. SKY ECC is built to distrust technology and it is this distrust that keeps your messages safe and your information safe.

“Zero-Trust Security”: What does it Mean?

The best way to illustrate our zero-trust approach is with recounting a conversation with someone purchasing SKY ECC devices to use for their company.

Customer: “We would never buy iPhones. We don’t trust Apple not to share our data or have hidden backdoors in the software or devices.”

Our response: “That’s good. We don’t trust them either, and here’s how we protect against those risks and potential threats.”

By this, we do not mean Apple has or uses backdoors inbuilt into their software or hardware. Instead, we are saying that when SKY ECC was built (On Apple, Blackberry and Google devices), development was approached with this statement: should the device be compromised, how would we protect the messages and SKY ECC?
This premise runs through all of the development of the device, from the OS, network and on to the app. With every point, we asked ourselves: How can we protect device, should this one part be compromised? How can we stop the spread along the chain? Because of this, we make sure the devices we use match up to our standards of security, that all network traffic is encrypted and that if even a layer of protection within the phone is compromised, the messages stay secure beneath the other layers.

Throughout SKY ECC, zero-trust is core to its features, how it works and to staying safe online.
When first starting off with end-to-end encrypted (E2EE) apps, many of them have you enter a phone number or email address. Using this information, along with access granted to your contacts, the app searches to find people you may know. In principle, this sounds great. You can find people quicker and easier and vice versa. But it also means putting your trust in the directory server. That means that somewhere, a list of identifiable information about you is connected to the messaging account in question. All it takes is one breach, such as what happened with WhatsApp , and the app and your privacy is compromised.

With SKY ECC, it is impossible to search for a user’s ID, add them as a contact and begin messaging them, or for this to be done in reverse. To share contacts, you have to provide them with your ECC ID, which being randomly generated, stops anyone from guessing, at which point they must make a contact request to be added. Once you approve the request, then you can message each other. This was a point raised when we compared Signal and WhatsApp. Through this, you get the contact information from someone you know, or a contact that is giving you the information directly to you. This means you do not need to put faith in a server as it searches through contacts. Aside from confirming that the ID exists on the system, it’s all at your discretion. We will not tell you who you should trust and so we engineered SKY ECC so that the decision is completely up to you.

How a Zero-trust Approach Gives us Our Edge?

Approaching security with a zero-trust mind set allows us successfully ensure security. It allows us to be a step ahead. With SKY ECC, we are careful at every step, always using our zero-trust method. We know what happens when this is not used. Your device seems fine when you install the app, but what of a key logger is installed after being rooted? It then doesn’t matter how secure or encrypted the message is. Your security is compromised and anything you type is being seen, without you being aware. How about “only the content needs to be encrypted for each message, the metadata is not important”? Metadata is crucial, potentially providing a lot of information about you to whoever may access it, as we talked about in a previous post. Encrypting messages is a good start, but to fully protect your privacy and security, we believe that the messaging solution needs to be protected by multiple layers of concentric protection.

The Layers of Security: What are They?

At SKY ECC, we use the idea of protection in concentric layers as part of our Zero-trust method. Our SKY ECC security page can provide more detail and insight to give you an understanding into how each layer works and the hardware and software involved.

Each of these layers is made to be able to strengthen and support the rest, but without them being wholly dependent. To be able to compromise a SKY ECC device, it would need several layers to be simultaneously be broken, without the app or device triggering a reset via lockdown. When BlackBerry security carried out extensive tests, they could not find a way to penetrate through the app and were unable to exploit and vulnerabilities in the tests . With every version update, SKY ECC security is enhanced, with protection layers being enhanced, leaving your messages and information secure and protected.

When it comes to secure messaging, there is a few things that are definite.

  • When messages are sent, they are encrypted before being sent from the device and will remain encrypted until they get to the receiver of the message.
  • Messages are never unencrypted and are never stored on the server.
  • Next, your device has the private encryption keys generate on and they remain there.
  • Finally, no matter what, the messages you send, we cannot decrypt.

No now and never will we, Amongst our competitors, of those who meet the criteria above, some do very well. But when it comes to protecting your security, we make sure to go the extra mile when it comes to protecting your privacy and messages. Many of our competitors manufacture their devices, a move which allows them more options in control for features and hardware. The downside of this means the devices then lack the level of cryptographic and tamper resistance that mass-produced devices do. Similarly, some competitors make a secure Android, their own variant. This improves security, but this advantage falls away whenever a patch is required. When security holes can be used within minutes, how long could it take for a patch to be made and to be sent to each of their users? Mobile OS’s are not simple or easy to test and even for large companies such as Apple or Google, getting the patch out can be a challenge.

So why do we use devices that are from Apple, Google or Blackberry? Why do we not build our own devices, software and hardware? It is because with using their devices, there is access to a million more people who use the device, of Android or iOS. Whilst many people spend their time trying to hack into these devices, there are even more people looking to make sure they stay secure. When security holes appear, word gets around quickly, allowing for it to be fixed just as quickly. Using these devices also allows us for more visibility in to the devices. This can range from their specs, to how they were built, to the devices core apps. Another device could not be put to the same levels of scrutiny as those made either BlackBerry, Apple or Google.

Spoofing Prevention: What is it?

A problem that often occurs with chat apps is users being impersonated. Be it bad passwords, or someone gaining a phone number by spoofing, it is possible and it does happen. However, ECC ID’s cannot be spoofed or faked in anyway. Each ID is bound to a single device at any one time. To switch on to a new device, the ID must be deactivated and the items and chats saved into your vault erased. The device then needs to be reset to its factory settings. Finally, the ID needs to be reactivated onto the system of the device you are switching to.

This may seem like a lot, but it means that no one can attempt to impersonate you. We have had people try to do so. They have not been successful. Should you have someone try to impersonate you on SKY ECC, your find that SKY ECC becomes disabled on the device. Following this is an email from our support team. If someone tries to message the person now posing you, they will be unable to, as the messages will not send. They can’t as whoever is attempting to impersonate you will have different encryption keys to yours and the system will flag it. With SKY ECC, it is nigh on impossible for someone to impersonate you and you not to know, as long as you have control of the device.

Zero trust allows you to trust your privacy

With a zero-trust approach, it allows us at SKY ECC to ask the ‘what ifs’ and allow you to have peace of mind in knowing your data and messages are secure. Trusting security is not easy and is hard to earn. SKY ECC was built to make sure that your security and communications remain private. Our number one mission is to ensure your privacy. With our zero trust method, you can trust that your privacy is guaranteed for your messages.

Leave a comment