Secure communication

As with any modern technology, security is an important consideration in implementation and use. The XMPP specification and derived extensions have had security in mind from the very start for both the user, and the host. From flexible SASL authentication mechanisms, to TLS data encryption XMPP, and thus Tigase server, is built as a secure platform. The XMPP platform offers the highest security level verified in independent tests.
Security is not only limited to how users connect to and how information is sent over the network. We add a second level of security covering how data is handled within Tigase, message storage policies, message time to life, account data, and what happens when the user unregisters from the service. Essentially, anything related to protecting the users private information and activity is included in this second level of security; let’s call it “secure security”.
Therefore, to make the server installation live up to this “secure security” standard, a few custom extensions have been developed:

  • Hardened mode is a super secure setting available with Tigase servers that allows no unencrypted communication to and from the server, and requires strong SASL authentication. This mode is enabled by a single setting.
  • PGP is used for message encryption so the message is never in plain text on the server. No more peeking by the service admins at the message content.
  • No weak SASL authentication mechanisms are allowed, indeed, SASL included plain text authentication mechanism but not on a “hardened mode” installation.
  • Well defined policy on message storage. There are a few different message storage schemes in Tigase for offline users, chat history, and server logs. Users have the option to send OTR (off-the-record) messages which are not recorded, or can specify time to live for the message after which it is purged from the server and any user-side device. Chat history stores as encrypted messages only, a user can also opt-out of strong his communication when he is offline or automatically expire messages after specific period of time.
  • Burning messages on user's device. Once message is read a user have an option to burn message as it never existed. It is not recorded, not stored, it is just removed from both clients and the server.
  • Cleanup all data after user deregistration. Unlike an old DOS/Windows file system where a question mark was put in place of the first file name letter and the rest of the file was left intact. In this use-case all user data is purged, deleted and forgotten as he never existed on the system.

This is indeed a customized XMPP system, however, thanks to Tigase’s exceptional flexibility and extensive APIs, it is easy to customize, change existing logic, and add new plugins and components. Tigase can be easily integrated with other systems or as in this case, and can be customized to behave differently from standard XMPP installations.

Follow us on:


Back to Top