The Taurus leak has startled politics and society in Germany. Shortly before the weekend, Russian propaganda outlets reported on apparently intercepted confidential conversations of the German Air Force, triggering numerous discussions about the state of IT security in the army.
"The incident shows that secure communication is still a challenge for many people, even in a professional context," says Benjamin Schilz, CEO at Wire. "Security must be accessible and easy to use. Otherwise, existing security mechanisms will be circumvented consciously or unconsciously. We offer a solution for this with Wire."
One thing is clear: organizations need ONE reliable tool with which they can offer secure messaging, secure audio and video communication and secure file exchange on all common platforms from a single source. But how can such conversations be prevented from being intercepted and what features should a secure communication solution offer? We are taking a closer look at this.
The most important things at a glance:
- Messenger functions: A tool for secure messaging, audio/video calls and file sharing.
- End-to-end encryption: Ensures that only intended recipients can decrypt content.
- Perfect Forward Secrecy: Protects future communication, even with compromised devices, by regularly exchanging keys.
- End-to-end identity: Uses digital certificates to ensure that only authorized users participate in the conversation.
- Federation for secure partner communication: Enables secure exchange with partners, ensures a visible level of security in chats at all times.
- Open source & ease of use: Prioritizes open source for transparency and ease of use to promote adoption.
End-to-end encryption
End-to-end encryption is the gold standard for secure communication. It ensures that only the intended communication partners can decrypt the content of the communication. This applies regardless of the type and content of the communication, i.e. whether it is a text message, audio call or video conference, for example. With Wire, even the transmitted screen content is secured using end-to-end encryption.
End-to-end encryption means that even the provider of the service has no way of decrypting the content of the communication. Administrators within the organization also cannot access the content. With Wire, the keys required for encryption and decryption are only generated and stored locally on the user's device. In addition, they are protected on the devices so that they cannot be compromised by malicious actors.
Wires' implementation of end-to-end encryption makes secure communication practicable even in very large groups.
Perfect Forward Secrecy
An important feature for the quality of encryption is perfect forward secrecy and post-compromise security. This means that communication between two partners can be considered secure even if, for example, a device has been infected with malware and the contents of the conversation or even encryption keys have been intercepted. Wire offers this feature.
If a computer or smartphone is compromised with malware or has been stolen, it can simply be removed from the list of personal devices in Wire and is automatically removed from all chats. It is then no longer possible to decrypt communication content on the device and all further communication can be considered secure. This even applies in the extremely unlikely event that attackers have previously managed to break individual encryption keys with great effort.
This is because the keys for encrypting the content are exchanged regularly so that each individual key is only used for a few messages. This all takes place conveniently in the background without users having to worry about it.
End-to-end identity
End-to-end identity is another important building block for secure communication. Even if end-to-end encryption guarantees the security of communication on the technical side, it must still be ensured that only authorized users participate in the conversation.
A digital certificate is issued by Wire for each user and all devices in the communication, with which each device must regularly authorize itself at the Wire server. This ensures that no unauthorized devices are involved in the conversation and that all content remains confidential. In the event of an IT security incident, the admin can also revoke certificates across the board and thus quickly restore security in an emergency.
With end-to-end identity, this is guaranteed on the basis of an advanced identity solution. In the first step, Wire uses the organization's identity provider, such as Keycloak. The user names in professional Wire environments are then derived directly from this provider to prevent users from imitating other people by changing their username, for example.
Secure communication with partners
With Federation, Wire enables organizations to connect their Wire backends in a secure manner while maintaining their respective data sovereignty. This is because modern organizations can no longer solve many problems purely internally - they need to be in constant communication with partners and customers.
"Modern organizations work in a network - many problems are simply too complicated to be solved in-house alone. With Federation, we support our customers in enabling secure communication beyond their own organization," says Sascha Haase, SVP Product Management at Wire.
Thanks to the specific security rules, it is possible to display the current security level in certain chats, such as Classified - For Official Use Only (VS-NfD). This way, all participants in the conversation know at all times that only authorized communication partners are in the chat, and unintentional sharing of confidential or even classified content can be prevented.
Open source
If you want to use secure communication in a professional environment, you should ensure that the solution used is open source. This is the only way to ensure that the code can be reviewed independently and that no backdoors are built in.
Encryption at rest
It is also important that the communication solution data stored locally on the smartphone or computer is protected against unauthorized access. All data on the device's local storage should therefore be secured using advanced encryption so that neither other apps nor curious attackers can access the content. In addition to the key material for encryption, this also explicitly applies to local backups of chat messages and other content.
Wire supports local encryption of app data on all platforms, including the web application, which can be used in the browser.
User-friendliness
A secure communication solution must offer a high degree of user-friendliness. After all, what good is a highly secure platform if it is so cumbersome to use on a day-to-day basis that nobody wants to use it?
"Technical security is worth nothing without user-friendliness," says Sascha Haase, SVP Product Management at Wire. "After all, security in an organization is created primarily through secure processes that are put into practice and not just through technical specifications and software. If it's so complicated to use the secure communication solution, then it ends up being 'I'll send you a quick WhatsApp message' - and the organization has a problem."
Wire also relies on independent user tests when developing its solution to ensure a high level of usability. We also support high accessibility requirements to enable as many people as possible to participate in secure communication.
(Picture source: Wikimedia Commons, CC-BY-SA 3.0)