Security


Dekko’s key benefit is that anything shared on the platform cannot be decrypted using information on the servers, thanks to end-to-end encryption. The encryption and decryption process can only occur on the user’s device, and Dekko never requests that users pass their passwords over the network, either in open or in encrypted forms. That makes listening to traffic totally useless as no data allowing decryption is passed through the networks at any time.

Dekko uses recognised, efficient and proven encryption techniques, including AES and ECC. ECC is used for encrypting keys and signing all data. Dekko does not use Dual_EC_DRBG, thus eliminating a weak point in the standard ECC design.

screen-shot-2018-03-26-at-2-51-24-pm

Verified Send and Receive

Dekko always signs all outgoing messages using the sender’s digital signatures. This uniquely identifies the sender and confirms that the content of the message has not been altered in any way. This prevents any fake messages entering the system; Changing the digital signature is impossible as it requires both the sender’s and receiver’s keys, and they are never passed through the network in open form.


Account Registration:

account registration (1)

Dekko account registration is straightforward and fast; new users only need to provide a name, email address and password. An email address ownership verification is performed with the address provided, and once this is confirmed, account setup is complete. The password phrase required to decrypt user data is never sent to Dekko servers – only you can ever know your password, and your password is the key to all of your data. Even Dekko’s creators and administrators of data centres and servers have no way of reading user data.


Sending a Message:

sendingmessages (4)

Sending an email, chat or file is handled using the same encryption process. Anything sent on Dekko is encrypted using a different method to the last, which means that even if a decryption solution is somehow found for a single item, it cannot be applied to any other. All of this is done in the background users can always be confident that their communications are safe without ever having to think about anything other than logging in and sending a simple email.


In Detail:

Several layers of encryption are used to protect users’ data and communications:

  • HTTPS is used to protect all communications between Dekko servers and clients, and all communications are HTTPS only.
  • Passwords are salted and hashed before leaving the client device.
  • Every document and message is protected by a new set of keys and encrypted using AES-256 symmetric encryption.
  • Keys for messages and documents are encrypted using the user’s master key (never available on the server).
  • All outgoing messages are signed using private keys. To guarantee the identity of the sender, all incoming messages are validated against public keys of the sender.
  • Master keys are protected using Elliptic curve cryptography (secp256r1ECC) and users password and salt. Additionally 2FA can be enabled.

Dekko uses established open source libraries for its actual code. This avoids any potential miss-coding issues. The libraries used are:

Dekko does not use the NSA-compromised Dual_EC_DRBG algorithm for generating cryptographically secure random numbers. Thus, Dekko provides end-to-end security in a manner similar to the HC-2650 Modem that is used in military-grade security communications.