There were 48 Million Cyber Security Incidents in 2014 alone.

Its not whether they'll target your business, it's when?

Technical Deep Dive

Bulletproof Security

The main principle of Dekko is that no data passed through the network can be decrypted using information on the servers. This means that even the creators of Dekko and the administrators of the data centre or servers cannot see users’ data. The encryption and decryption process only occurs on the users’ device.

Dekko uses several well-known and proven encryption techniques, including AES and ECC. AES is proven to be reliable and efficient. Dekko uses ECC for encrypting and signing all data while many others use RSA for the same purpose. ECC is more efficient encryption system, both in terms of security and performance.

Note. Dekko does not use Dual_EC_DRBG for anything, thus eliminating a weak point introduced by NSA in the standard ECC design.

Message Integrity

When a new message is created it is assigned a unique key before being encrypted with AES; this ensures that no two messages are the same even if multiple users have the same password. The message recipients’ public key is also added to the message before it is signed by the senders’ private key to ensure the message cannot be tampered in delivery. Changing the digital signature is impossible as it requires senders’ and receivers’ keys, the senders’ private key is never passed across the network and the receivers’ key is always encrypted.

A MiTM is a common cyberattack where a malicious actor intercept, send and receive data meant for somebody else, or not meant to be sent at all, without either party knowing before it’s too late. This situation cannot occur in Dekko due to the multi-layer encryption, no master keys and digital signing for every message.

Data Storage, backup and Sovereignty

Dekko’s system architecture is based on a central server just like a regular email system but the key difference is that all data is stored in encrypted format using the private keys from the users. There is no master key that can be used to decrypt the data so messages and documents are totally safe and immune from data poisoning

Dekko’s storage uses Eloquera; a modern open standard database designed for the cloud with clustering support for high availability and disaster recovery. The Dekko system has multiple database and frontend servers to ensure no single point failure will effect operations. In addition data backup is real-time to off-site server so there can be no data loss.

Dekko’s default hosting partner is Microsoft Azure which is available in 140 countries through 17 regions. If your data hosting requirements demand higher levels of security such as Tier 4 or jurisdiction must be local in your own country not covered by Microsoft Azure we will consider alternative based on the opportunity. Dekko also has optional service where we can install on premise if required.

User Authenticity

When a user logs onto the dekko system they enter their password which is then ‘salted’ to create a unique hash which is sent to the dekko server for identification. The ‘salt’ ensures every user is unique even if users have the same password. Every time the sender logs in, dekko records the time and location in its audit trail which is periodically checked for unusual activity.

Now we all know that we should use strong passwords but in the unlikely event that several dekko users have been careless and even used the same password such as “123456”, Dekko still ensures each user is unique by password hash and ‘salt’ combination.

When the recipient opens a new message the delivery has been successful the sender is notified.

Business Features

Dekko is designed for business unlike many competing solutions which focus more on anonymity for privacy. In business there are many situations where you need the confidence that the discussion and documents need to remain private and within a trusted group of colleagues. In Dekko we call this a circle (similar to a domain) where member names forms part of their identification ie john@IBM. All the members of the circle are visible in a shared address book along with their online status.

One member is nominated as administrator to send out initial group invitations but following that any user can be authorised to invite other new members if needed. This admin function is simple and designed for business users not IT.

Each circle has their own group policies; such as

  • Each member must nominate backup user to assist with reset password in case they forget.
  • Group archive user where all messages and documents are duplicated if required
  • Enable or disable options such as revoke message, reminders, destroy after time, restrict redirection, watermark etc.

  • Dekko circles can also be linked through whitelist registry to allow users to communicate across circles. This may be useful for global organizations across continents’ or even different companies eg. Merger Acquisitions deals, sharing IP for manufacturing etc. In this situation both circle administrators need to approve link request.

    We expect some companies; especially large organizations may not be interested in Dekko running on public cloud and may prefer to host solution in their private cloud or on premise. We support this option and will advise your hardware requirements and assist with Dekko software setup and customised ongoing support.

    For software vendors that are interested to incorporate Dekko into their existing products, we have published API in the form of a web service to allow other applications to store their data using Dekko’s encryption technology. The clients for Dekko’s web services exist in JavaScript and in .NET

    Last but not least since the Dekko’s name structure is not using standard email format - no spam.

    Frequently Asked Questions

    What is Dekko in a nutshell?

    Dekko is a secure yet simple way of sending emails, having chats and storing and sharing documents, with full end-to-end multi-level encryption and unparalleled security & privacy. It is fully secure both as a stand-alone cloud-product for immediate use and as a software platform to be used with new or existing software application.

    What does Dekko mean with ‘Unparalleled security & privacy’?

    With unparalleled security & privacy we mean:

    • No unauthorized access of data at any time
    • End-to-end 3+ layers of encryption
    • Only the user can see their secure password (and hence their data)
    • Data is always available
    • Data sources are verifiable
    • Search over encrypted data
    • You (as user) control the data
    • A full audit trail is available

    To what kind of security threats can Dekko protect?

    Dekko provides a response to security threats including:

    • Unsecured physical links that is vulnerable to tapping
    • Secured links vulnerable to “man-in-the-middle” attacks
    • Data loss during transmission
    • Data alteration during transmission
    • Data loss due to hardware failures
    • Data leakage from secure systems
    • The use of unsecured links for external access to the system
    • Fake messages imitating messages from known people
    • The absence of confirmation of data retrieval by a recipient
    • The necessity to store unencrypted data to make searches possible
    • Spam

    Is Dekko really safe from hackers?

    Yes, but with the proviso that we store your password encrypted, so if your password is very simple it is possible that a highly sophisticated hacker could discover it using brute force techniques. You only need one password to use Dekko so make it a good one. Characters and numbers (and at least 8 of them) are good.

    What is your approach to regulators requiring access to my data?

    Ownership of your data always remains with you and regulators must negotiate any access directly. In fact, of course, we literally have no way to share your information. Having said that, Dekko is not an anonymous system and we do keep meta data regarding the use of the system

    What if I forget my password?

    This is catastrophic as we have no way of retrieving it for you. However there is a solution. Nominate trustees who you can contact if you lose your password. They, like us, do not have access to your password, but you can ask them to give you the ability to reset your password.

    Messages and data belong to the enterprise. How can we see it if we do not have user passwords?

    This is a matter of policy. For example, all messages can be automatically copied to a corporate account. Dekko does not impose rules – it fits into the way a business actually operates.

    How can a small company do what giant companies are not doing?

    We like to think that we have designed a better and entirely secure solution for messaging and data storage. We started with a clean slate and the benefit of years of experience. After all, those mega companies depend on targeted marketing for their business models. They want to read your data, and use it in order to generate revenues to survive. Dekko survives only on modest fees for the service it provides.

    What type of security testing have you conducted within the past 12 months?

    We perform security testing every quarter, which encompasses both - external network penetration and web application penetration testing. In additional we have analytics engine monitoring in real-time any unusal behavoir.