How Sengi security works

At the heart of Sengi, it's the Sengi Security Network, a peer-based end-to-end authentication and encryption network based on social connections.

A single stick can be easily broken, but it is difficult to break a bundle of them. The Sengi Security Network works on the same principle.

Because family and close friends are some of the most reliable ways of authenticating you, in Sengi security network, on top of your own security protection with typical encryption and authentication, family and friends can further authenticate each other, encrypt and protect each other's data, which results in a strong security network in the Internet to defend against external online threats and help each other to recover when disasters happen, while maintaining independent security to each other. In real life, it's safer to stay together and protect each other as a team. It works the same way in the Internet with the Sengi Security Network.

The Sengi Security Network has the following desirable security, usability and data availability properties.

Trustless, self-sufficient and easy

  • Encryption, decryption and critical authentication are all carried out by a user or between a user and the social connections chosen by the user. Operations are either totally transparent to users or just a few taps. No need to trust any centralized 3rd-party, which effectively addresses the risks of abuse and compromise on data confidentiality in a 3rd-party centralized environment.
  • Provide strong encryptions and security control, and resist scalable attacks on online data

  • In the current web-based storage model, personal data are protected by access controls by centralized servers. Once the centralized access controls are compromised, all personal data stored in the centralized servers are exposed. With Sengi, by using end-to-end encryptions with additional multi-layered encryptions, when the servers are compromised, it does not compromise the data confidentiality of the stored data. In addition to the end-to-end encryption addressing the internal threats from the servers, Sengi also works seamlessly together with these access control. Together they offer a defense-in-depth solution that significantly strengthens the security of cloud data against external threats.
  • A common existing practice is to use password-based encryption to protect online data. However, such protection is vulnerable to offline cracking. It's known that majority of user passwords can be cracked offline effectively. With multi-layered encryption, even if the passwords were compromised, other encryption layers still protect the data confidentiality.
  • Built-in two-factor authentication

  • Thanks to the end-to-end encryption, two-factor authentication is now built-in. Access to encrypted data is always by-default 2-factor authenticated, in one single step.
  • Increase data availability.

  • For data with strong end-to-end encryption, there is a major risk of data availability, i.e. once the encryption keys or passwords are lost, the data is lost forever. With multi-layered encryption and peer-based authentication, the encrypted data can be securely recovered by the owner and only by the owner, in the cases of losing devices, encryption keys or losing passwords.
  • Allow users choose strong passwords

  • By allowing secure password reset in the case of forgetting one, Sengi allows users choose strong passwords without the fear of losing password and losing data.

  • Technical specification

  • Data encryption: AES-256
  • Key encryption: AES-256, ECC P-521
  • Signature and hash: ECDSA, SHA-256
  • Password stretch: PBKDF2, 10,000 iterations

  • Sengi closely monitors the development of industrial standards and recommended best practices (including the latest curves) and would update the system accordingly.

    What Sengi does not do

    Sengi does not and can not protect against targeted attacks on selected individuals.

    If a user was targeted by powerful adversaries with a lot of resources, there will be no security for the user. There are just too many different ways to compromise the user's security, no matter in digital life or in real life. It's not possible for Sengi to protect against such attacks.  However this kind of targeted attacks is costly and does not scale and is highly unlikely to apply to everyone.

    There is no absolute security in this world. However, with Sengi, online data can be just much safer.

    Sengi does not provide extra security on top of what operating systems offer at device level

    Mobile devices offer sophisticated security features such as sandboxed application environment and local file system encryption , which provide strong data security at local device level. Sengi cloud data security solution depends on and works with the device security solution together to offer a seamless data security for online/cloud data.

    For example, from the moment of each photo being taken, by default, a photo is immediately placed into the Sengi sandboxed environment in a secure fashion. Such design allows Sengi ensures the security of the entire life cycle for the photo. No other 3rd party apps can intentionally or unintentionally violate the security of the photo.

    However, such security model is based on the security of an operating system. If a user's device or the operating system is compromised, the online/cloud data security for this user will most likely be compromised.

    A user can not recover his/her encrypted data using Sengi network in these scenarios

  • If the user does not have a security peer available to assist the recovery
  • If a user lost all devices with the encryption keys and forgot the password at the same time

  • Due to the nature of end-to-end encryptions, recovery operations of encrypted data are carried out entirely among users. Sengi is not able to recover and is not obligated to recover any encrypted data.