Security Framework

The security framework developed by The Serval Project uses Elliptic Curve crypto system to provide authentication and digital signing, data encryption and decryption, and identity management for the Mesh network.

The ServalSecurityFramework.odt document describes the security framework in detail (needs OpenOffice Writer or LibreOffice Writer to open).

The main parts of the Serval security framework are:

  • the per-device Keyring file contains encrypted secret keys for many identities, each identity unlocked with its own PIN (pass-phrase), and every identity deniable while not unlocked;
  • Mesh Datagram Protocol (MDP) uses elliptic curve public keys as its network address space, so once a subscriber is known, it is trivially easy to send encrypted traffic to him/her, and straightforward to perform key exchange for secure sessions;
  • Mesh Datagram Protocol (MDP) natively supports unsigned clear, signed clear, and signed encrypted payloads using the destination and origin Serval Identity (SID)s as keys;
  • the Serval routing protocol uses randomly generated Serval Identity (SID)s, not MAC or IMSI device addresses, making it difficult for eavesdroppers to link a person to a handset;
  • Rhizome uses a strong hash (digest) algorithm to prevent tampering with the contents of files that it distributes;
  • Rhizome uses cryptographic signatures on all manifests to prevent tampering with file meta data and identity;
  • Rhizome can encrypt its payloads (independently of MDP encryption);
  • Rhizome allows anonymous and fully deniable authorship.

Login