Security - Overview
Security is extremely important to us at CrossLoop. A key part of our security model is that we require the presence of a person at both the Share and Access computers in order to conduct a screen sharing session. A Share computer cannot be remotely controlled with CrossLoop unless you are present at your Share computer and accept a connection.We have endeavored in the design of CrossLoop to provide you with Simple Secure Screen Sharing and thereby earn your trust. In the following section you will find in-depth information about our security model as it refers to the different elements of the CrossLoop solution:
- Website
- Client download
- Client access code
- Client user experience
- Client rendezvous
- Blowfish encryption
Website
The CrossLoop website provides HTML pages which describe the product, tells how it works, allow you to track your sessions, be able to promote yourself and your profile, contact helpers, address frequently asked questions and give you information about the company and how to contact us.When you login to the site, we use SSL to ensure that your login credentials are secured.
Client download
When you download the client application from the CrossLoop website using the "FREE DOWNLOAD" button you should see an Internet Explorer (or FireFox equivalent, etc.) Security Warning
It is important to confirm that the download is from the crossloop.com domain. If the crossloopsetup.exe is not from the crossloop.com domain, your access to the CrossLoop website has been compromised. When you select "Run" you should see an Internet Explorer (or FireFox equivalent, etc.) second Security Warning
The crossloopsetup.exe is a signed executable module for download. The display of CrossLoop, Inc. as the Publisher verifies that we are the signers of that code. If you do not see this message, your access to the CrossLoop website has been compromised. The Publisher: CrossLoop,Inc. is a link which you can click to view the publisher's digital signature.
You should be able to confirm that, "This digital signature is OK." Clicking on "View Certificate" you will see the following Certification Information -
Confirming the validity of the digital signature on the downloaded executable module is important because it verifies the origin of digital content and the fact that it hasn't changed since it was signed. If you trust the source (CrossLoop, Inc.), then you can trust the application because it comes from a verified source.
After the code-signed file (crossloopsetup.exe) is downloaded from the website, the browser extracts the certificate from the file, and checks an internal list of certificate authorities (CAs) and their public keys to verify the signature in the certificate. If the signed software is tampered with in any way, the digital signature will break and alert you that the code has been altered and is not trustworthy.
Client access code
Unlike remote control software (GoToMyPC, pcAnywhere, LogMeIn, etc.) which enable you to remotely control an unattended computer, CrossLoop requires the presence of a person at both the Share and Access computers for a connection to be made. This is a key element of the CrossLoop security model.The Share computer which shares control with the Access computer must have a person who gives the Access Code to the person on the Access computer. Once the rendezvous is completed between the Share and Access computers, the Share is asked to allow or deny a session with the identified Access computer.
When the person at the Share computer has clicked the "Connect" button and is waiting for the person at Access computer, the Share computer will timeout in 2 minutes in the absence of a Access computer connection. Thus, it is not possible to leave a Share computer unattended waiting for a Access computer. A person must be present on both computers in order to initiate a CrossLoop screen sharing session. When the person at the Share computer clicks "Connect" a timer is shown in the dialog which counts down from 2:00 minutes. A disconnect is automatically made when the timer reaches 0:00.
When the CrossLoop client is executed and the Share tab is selected, a randomly generated 12-digit Access Code is displayed on the client. This 12-digit Access Code is generated on the client and is a product of several variables, examples of which could include: the current system time; the contents of uninitialized memory; the user / computer name; the amount of disk free space on the client computer, etc. The CrossLoop server is not involved in the generation of this code and does not have any access to the 12-digit Access Code or the variables used by the Share to generate the Access Code.
The Access Code on the Share is passed out of band to the person on the Access computer. Typically this is done over a telephone, using VoIP (Skype, Vonage, etc.), or with a secure chat / instant messaging program. Each time that the CrossLoop client is executed, a new Access Code is generated for the Share. Since there is no single repeatable Access Code for a Share, there must be communication between the persons at the Share and Access computer to exchange the new Access Code.
The 12-digit Access Code is used as the input to a one-way hashing algorithm (MD5) to produce a 128-bit symmetric key for the Blowfish encryption. Blowfish is used to encrypt all communication between the Share and Access computers. The CrossLoop server never has access to the Blowfish encryption key.
Client user experience
The user experience for the CrossLoop clients has been designed to promote security by facilitating a disconnect and also to make the person on the Share computer aware that their screen is being viewed by the person on the Access computer.- At any time the person on the Share computer can hit "Disconnect" to end a session
- There is no "Confirm" on the disconnect so that it will take place immediately
- The Share client dialog is always on top so that the person on the Share computer is aware that the computer is being watched
- During a time of inactivity, or if minimized, the dialog is periodically brought back to the top
Client rendezvous
The CrossLoop server is used as a rendezvous point to connect the Share and Access parties. This rendezvous is accomplished by matching Session IDs between the Share and Access computer. The 32-bit Session ID used in the rendezvous is generated by obfuscating the 128-bit symmetric key generated from the one-way hash of the Access Code. When a match is found between Share and Access Session IDs, a known plaintext message is encrypted with Blowfish at the Share using its 128-bit symmetric encryption key and sent to the Access computer. The Access computer decrypts the encrypted message with Blowfish using its 128-bit symmetric key and will only be allowed to continue if the decrypted message matches the known plaintext message.Once the rendezvous for the Share and Access parties is completed CrossLoop attempts a direct peer-to-peer (P2P) connection between the Share and Access computers. This is usually possible and is successful in about 85% of the connections. If not, CrossLoop relays all of the messages between the Share and Access computers through the CrossLoop relay server. CrossLoop sometimes fails to make P2P connections when a poorly behaved router is involved in the connection, or when UDP packets are blocked.
Blowfish encryption
All of the data transferred between the Share and Access computers is encrypted / decrypted using the Blowfish symmetric encryption algorithm developed by Bruce Schneier (http://www.schneier.com/). Blowfish is a variable-length key block cipher. The key length used by CrossLoop is 128-bits and the algorithm is a 64-bit block cipher.Blowfish is a block-encryption algorithm designed to be fast (it encrypts data on large 32-bit microprocessors at a rate of 26 clock cycles per byte), compact (it can run in less than 5K of memory), simple (the only operations it uses are addition, XOR, and table lookup on 32-bit operands), secure (Blowfish's key length is variable and can be as long as 448 bits), and robust (unlike DES, Blowfish's security is not diminished by simple programming errors).
The Blowfish block-cipher algorithm, which encrypts data one 64-bit block at a time, is divided into key-expansion and a data-encryption parts. Key expansion converts a key of at most 448 bits into several subkey arrays totaling 4168 bytes. Data encryption consists of a simple function iterated 16 times. Each iteration, called a "round," consists of a key-dependent permutation and a key- and data-dependent substitution.