How Sengi security works
At the heart of Sengi, it's the Sengi Security Network, a peer-based end-to-end
authentication and encryption network based on social connections.
A single stick can be easily broken, but it is difficult to break a bundle
of them. The Sengi Security Network works on the same principle.
Because family and close friends are some of the most reliable ways of
authenticating you, in Sengi security network, on top of your own security
protection with typical encryption and authentication, family and friends
can further authenticate each other, encrypt and protect each other's data,
which results in a strong security network in the Internet to defend against
external online threats and help each other to recover when disasters happen,
while maintaining independent security to each other. In real life, it's
safer to stay together and protect each other as a team. It works the same
way in the Internet with the Sengi Security Network.
The Sengi Security Network has the following desirable security, usability
and data availability properties.
Trustless, self-sufficient and easy
Encryption, decryption and critical authentication are all carried out
by a user or between a user and the social connections chosen by the user.
Operations are either totally transparent to users or just a few taps.
No need to trust any centralized 3rd-party, which effectively addresses
the risks of abuse and compromise on data confidentiality in a 3rd-party
Provide strong encryptions and security control, and resist scalable attacks
on online data
In the current web-based storage model, personal data are protected by
access controls by centralized servers. Once the centralized access controls
are compromised, all personal data stored in the centralized servers are
exposed. With Sengi, by using end-to-end encryptions with additional multi-layered
encryptions, when the servers are compromised, it does not compromise the
data confidentiality of the stored data. In addition to the end-to-end
encryption addressing the internal threats from the servers, Sengi also
works seamlessly together with these access control. Together they offer
a defense-in-depth solution that significantly strengthens the security
of cloud data against external threats.
A common existing practice is to use password-based encryption to protect
online data. However, such protection is vulnerable to offline cracking.
It's known that majority of user passwords can be cracked offline effectively.
With multi-layered encryption, even if the passwords were compromised,
other encryption layers still protect the data confidentiality.
Built-in two-factor authentication
Thanks to the end-to-end encryption, two-factor authentication is now
built-in. Access to encrypted data is always by-default 2-factor authenticated,
in one single step.
Increase data availability.
For data with strong end-to-end encryption, there is a major risk of data
availability, i.e. once the encryption keys or passwords are lost, the
data is lost forever. With multi-layered encryption and peer-based authentication,
the encrypted data can be securely recovered by the owner and only by the
owner, in the cases of losing devices, encryption keys or losing passwords.
Allow users choose strong passwords
By allowing secure password reset in the case of forgetting one, Sengi
allows users choose strong passwords without the fear of losing password
and losing data.
Data encryption: AES-256
Key encryption: AES-256, ECC P-521
Signature and hash: ECDSA, SHA-256
Password stretch: PBKDF2, 10,000 iterations
Sengi closely monitors the development of industrial standards and recommended
best practices (including the latest curves) and would update the system