About Beem E2EE chat
ENCRYPTION IN BEEM APP
BEEM supports End-to-End encryption, which ensures that messages can only be read by their recipients. No one -including BEEM servers- can listen to the communication between BEEM users.
CLIENT SERVER COMMUNICATION
BEEM uses a state-of-art protocol that replaces TLS. Mainly no cryptographic suites are negotiated; the algorithm is fixed from the server and the user side. This approach makes BEEM faster than any TLS based system and makes BEEM safe from TLS known vulnerabilities.
The protocol uses RSA 2048 with AES 256 to encrypt the control information between the server and the users. Encryption the control information prevents the BEEM system from being analyzed and protect the users’ identities from been exposed.
The public keys of the users are initially transmitted to the servers using the protocol using RSA 2048 algorithm. Then the server generates a secret s for every user and use it to encrypt the all future communication. When BEEM users start the communication with each other, initially their public keys are received from the server. Later on, when the public keys get updated, the server version gets updated as well.
To provide the highest possible security, BEEM uses End-to-End Encryption. BEEM servers and operators has no access to the messages nor to the calls. BEEM uses military-grade encryption to protect the users’ privacy. Technically, BEEM uses AES 256-bit encryption and exchanges the encryption key using the Diffie Hellman Key Exchange algorithm (DH). The security of the protocol depends on AES and Discrete Logarithm problem.
The user starts the protocol by requesting the recipient’s public key. Once the public key is received, the user does a Diffie Hellman with the recipient’s public key in order to get a shared secret. Then the uses the shared secret as AES-256 bit key to encrypt all the message and communication. The user can start a secret chat session for higher security, when he/she will generate a fresh Diffie-Hellman key and use it in a single chat session with the recipient. The secret chat session key is different than any other key.
DH ALGORTHIM EXPLAINED (FOR CALLS AND MESSAGES)
The Diffie Hellman requires that there are two public parameters prime number q and an integer a, a is a primitive root of q. The process is as follows:
- Suppose users A and B want to agree upon a shared key, User A selects a random number XA(XA< Q) as the private key, and computes the public key YA=a^XA mod q. User A keeps the value of XA confidential so that YA can be publicly obtained by user B. Similarly, user B selects a random number XB < q and calculates the public key YB=a^XB mod q. User B keeps the value of XB confidential so that YB can be publicly obtained by user A.
- UserAgeneratesthesharedsecretkeybytheformula:K=(YB)^XAmodq.Similarly, user B generates a shared secret key calculated to be K = (YA)^XB mod q. These two calculations produce the same result: K = (YB)^XA mod q = (a^XB mod q)^XA mod q = (a^XB)^XA mod q (According to the rule of modulo operation) = a^(XBXA) mod q = (a^XA)^XB mod q = (a^XA mod q)^XB mod q = (YA)^XB mod q. Therefore, it is equivalent to the two parties having exchanged an identical secret key.
a, YA, and YB. The adversary is thus forced to take the
discrete logarithm to determine the secret key. For example,
to obtain the secret key of User B, an adversary must first
calculate XB = inda,q(YB) and then calculate its secret key
using the same method used by user B. The security of the
Diffie-Hellman key exchange algorithm depends on the fact that
while it is relatively easy to compute an exponential modulo
of a prime number, it is difficult to compute the discrete
logarithm. For large prime numbers, it is almost impossible to
calculate the discrete logarithm. For example: The key
exchange is based on the prime numbers q = 97 and a primitive
root a = 5 of 97.User A and user B respectively select the
private keys XA = 36 and XB = 58. Each of them calculates its
public key YA = 5^36 = 50 mod 97 YB = 5^58 = 44 mod 97.After
they have obtained the public key from each other, the secret
keys shared by both parties are calculated as follows:
𝐾 = 𝑌𝐵&' 𝑚𝑜𝑑97 = 44./ = 75𝑚𝑜𝑑97
𝐾 = 𝑌𝐴&2 𝑚𝑜𝑑97 = 5045 = 75𝑚𝑜𝑑97.
𝑢𝑠𝑖𝑛𝑔 𝑡h𝑒 𝑝𝑢𝑏𝑙𝑖𝑐 𝑖𝑛𝑓𝑜𝑟𝑚𝑎𝑡𝑖𝑜𝑛: 50,44; 𝑡h𝑒 𝑎𝑡𝑡𝑎𝑐𝑘𝑒𝑟 𝑛𝑒𝑒𝑑𝑠 𝑡𝑜 𝑐𝑎𝑙𝑐𝑢𝑙𝑎𝑡𝑒 𝑡h𝑒 75; 𝑤h𝑖𝑐h 𝑖𝑠 𝑑𝑖𝑓𝑓𝑖𝑐𝑢𝑙𝑡
BEEM uses 2048 bits public key which makes it secure against any known attack.
How secure is BEEM?
BEEM uses military grade encryption AES-256 with state of art key exchanges protocol. For maximum protection, the system provides the secret chat option where newly generated Diffie-Hellman keys are exchanged and used in a sperate chat session. The encryption in the system protects the users’ privacy using well-studied cryptographic algorithms.
Why does BEEM uses a custom protocol instead of Transport Layer Security?
BEEM saves a lot of time by fixing the cryptographic suites needed to encrypt the link between the users and BEEM servers. The normal TLS handshake have a lot of attacks, for example downgrade attack, or using weak cryptographic primitives. These attacks are avoided by BEEM unique approach. BEEM is also protected against replay attack.
Is the metadata encrypted?
The server needs to know the metadata to route the encrypted messages to their recipients for example. The metadata is encrypted in BEEM in order to prevent any attacker from analyzing the packets.