Category: Internet Security

What are different VPN Protocols?

VPN solutions are based on different VPN security protocols. Each of these VPN protocols offer different features and levels of security. Some of the VPN protocols commonly used are explained below:


  1. Internet Protocol Security or IPSec:

    Internet Protocol Security or IPSec is used to secure Internet communication across an IP network. IPSec secures Internet Protocol communication by authenticating the session and encrypts each data packet during the connection.
    IPSec operates in two modes, Transport mode and Tunneling mode, to protect data transfer between two different networks. The transport mode encrypts the message in the data packet and the tunneling mode encrypts the entire data packet. IPSec can also be used with other security protocols to enhance the security system.


  2. Layer 2 Tunneling Protocol (L2TP):

    L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is usually combined with another VPN security protocol like IPSec to create a highly secure VPN connection. L2TP creates a tunnel between two L2TP connection points and IPSec protocol encrypts the data and handles secure communication between the tunnel.


  3. Point – to – Point Tunneling Protocol (PPTP):

    PPTP or Point-to-Point Tunneling Protocol creates a tunnel and encapsulates the data packet. It uses a Point-to-Point Protocol (PPP) to encrypt the data between the connection. PPTP is one of the most widely used VPN protocol and has been in use since the time of Windows 95. Apart from Windows, PPTP is also supported on Mac and Linux.


  4. Secure Sockets Layer (SSL) and Transport Layer Security (TLS):

    SSL (Secure Sockets Layer) and TLS (Transport Layer Security) create a VPN connection where the web browser acts as the client and user access is restricted to specific applications instead of entire network. SSL and TLS protocol is most commonly used by online shopping websites and service providers. Web browsers switch to SSL with ease and with almost no action required from the user, since web browsers come integrated with SSL and TLS. SSL connections have https in the beginning of the URL instead of http.


  5. OpenVPN:

    OpenVPN is an open source VPN that is useful for creating Point-to-Point and Site-to-Site connections. It uses a custom security protocol based on SSL and TLS protocol.


  6. Secure Shell (SSH):

    Secure Shell or SSH creates the VPN tunnel through which the data transfer happens and also ensures that the tunnel is encrypted. SSH connections are created by a SSH client and data is transferred from a local port on to the remote server through the encrypted tunnel.



– Captain Krypto 🙂


Feel free to get in touch with Kryptotel for any further information about encrypted smartphones. You might as well be interested in KryptoPhone – the customized encrypted smartphone by Kryptotel. To know more about KryptoPhone, please visit us at: www.kryptotel.net.

How Secure is WhatsApp’s Encryption?

How Secure is WhatsApp’s Encryption?


WhatsApp, one of the most popular messaging app service, in April this year, announced that the service would now use end-to-end encryption to secure user communication. The service would benefit 1 billion+ users of the messaging across all devices.

End-to-end encryption (E2EE) is a secure way of communication where only the actual users involved in the communication can access the messages in the chat. Eavesdroppers, cyber-criminals and hackers, telecom companies, Internet Service Providers or government agencies cannot read the messages. Even the company that has built the application will not read the messages.

WhatsApp on its website says, “WhatsApp’s end-to-end encryption is available when you and the people you message use the latest versions of our app. Many messaging apps only encrypt messages between you and them, but WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp. This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.”

This means WhatsApp will now have end-to-end encryption by default. WhatsApp’s end-to-end encryption (E2EE) will ensure that all communication between two users will secure and cannot be read by anyone else. Text messages, Audio/Voice notes, videos, pictures, everything will now be encrypted and cannot be read by anyone except the sender and the receiver. Not even the WhatsApp.

[blockquote author=”” link=”” target=”_blank”]Although it is a welcome that step that WhatsApp is finally an encrypted messaging service, but the question that now arises is “how secure is WhatsApp’s end-to-end encryption?”. We will break down encryption in WhatsApp and how secure it actually is.[/blockquote]


WhatsApp had partnered with Open Whisper Systems to design its new end-to-end encryption feature which is based on Signal Protocol.

According to the whitepaper issued by WhatsApp, once the session has been established, clients need not rebuild new sessions with each other until the session is ended by the users.

The whitepaper further explains how encryption takes place in WhatsApp. It reads, “clients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication. The Message Key changes for each message transmitted, and is ephemeral, such that the Message Key used to encrypt a message cannot be reconstructed from the session.”

[blockquote author=”” link=”” target=”_blank”]All this sounds good so far. Whether the security and privacy that WhatsApp talks about is enough for the user or not, is for the user to decide. Not for us. But here are our two cents on WhatsApp encryption.[/blockquote]

WhatsApp might still collect your metadata.

While the end-to-end encryption might ensure that the contents of the message are not accessed by unauthorized users or even by the WhatsApp, but WhatsApp itself might store metadata. This means the phone numbers involved in the conversation as well as the timestamp on the messages are stored on the servers of the company. Collecting metadata could give out information like who the user communicated with, the time of the communication, how often the two users communicate with each other, the location of the two users at the time of communication, etc.

WhatsApp is owned by Facebook

WhatsApp was acquired by Facebook in the year 2014. Facebook is considered one of the least privacy minded company in the market. There also have been some reports doing rounds on the Internet that Facebook supplies government with reports and information. So if that’s the case then it makes little sense that a messaging app owned by a least privacy minded company would not share information of the users to the government agencies.

Messaging Apps with higher grade of encryption available in the market.

Now that the popular messaging app WhatsApp has decided to go with end-to-end encryption, it is not the best encrypted messaging app available in the market. There are many other messaging apps in the market today which offer higher grade of encryption. Some apps even provide military grade of encryption and multiple levels of security.
So if a user is concerned about privacy and security then WhatsApp might not be the best option for that user. The market is wide open when it comes to encrypted messaging apps.

Providing encryption to a billion users free of cost?

WhatsApp has a billion users and providing end-to-end encryption to a billion users is a stupendous task and the efforts must be appreciated. But the question that arises in people’s minds is why is WhatsApp offering encryption at no cost at all? Why is it free of charge? Where does WhatsApp make money from?!

Please feel free to add in your thoughts in the comments section below. We would appreciate your valuable contribution.

– Captain Krypto 🙂


For users interested in messaging apps with higher grade of encryption, please visit: Military Grade Encryption VoIP Apps


Feel free to get in touch with Kryptotel for any further information about encrypted smartphones. You might as well be interested in KryptoPhone – the customized encrypted smartphone by Kryptotel. To know more about KryptoPhone, please visit us at: www.kryptotel.net.

How to encrypt calls and chat?

In the digital era that we live in today, securing privacy of your data and communication on any medium is next to impossible and a never ending struggle.

In the digital era that we live in today, securing privacy of your data and communication on any medium is next to impossible and a never ending struggle. Your communication could easily be accessed by your telephone operator, Internet Service Provider, and even some agencies.

With the omnipresent methods of modern surveillance on almost all modes of communication, there are still ways to protect your communication and data from prying eyes. In this blog, we discuss about how we can protect our calls and chats from being snooped upon.

[blockquote author=”” link=”” target=”_blank”]Having your calls encrypted is a fool-proof way of securing your communication. There are a number of encrypted VoIP apps available in the market today who offer secure communication by making use of various encryption protocols.[/blockquote]


Kryptotel Secure VoIP is one of the superior VoIP apps in the market who’s core feature is encryption of the communication. Using Kryptotel Secure VoIP, a user can make encrypted audio and video calls, and encrypted instant messaging as well.

For government officials and business professionals who are concerned about their call conversations being private and secure, especially when telephone companies keep record of telephone call data in their archives for years.

Call tapping for private investigation purposes and for commercial competition/illegal industrial espionage leads to 5% of the world’s population being listened to during their private conversations.

Kryptotel secure VoIP app has been designed keeping in mind the government and business professionals who want to secure their communication to safeguard their organization’s communication and activities. Spying on competitor companies to industry secrets common for contract hackers.

Kryptotel Secure VoIP app doesn’t transit through the operators public telephone switches but uses Internet connection encrypting the content safely without leaving any trace or the possibility of recording any of the data (the caller or the called). Even with the “Black Out calls” the caller ID is changed for every call. Kryptotel app is one of the best solution a person concerned about his/her privacy can find today.

[blockquote author=”” link=”” target=”_blank”]The Kryptotel app uses military grade encryption and other secure features to secure a user’s communication through the app. Kryptotel app uses Asymmetric, Symmetric and SHA-512 algorithms in order to maximize the level of security.[/blockquote]


Asymmetric Encryption based on RSA certificates and private key of 8192 bits, which is a military grade requirement in encryption.

Symmetric encryption based on AES 256 bits is used by Kryptotel app. This app also uses SHA-512 algorithm for digital signature.

This is a stronger level of encryption used in the app. In the commercial world, usually an encryption level of RSA 20148 bit and AES 128-bit is used. For securing online banking, RSA 2048 and AES 128 bit is usually used.

All the communication, between two devices with Kryptotel app, is encrypted. Be it instant messages, audio or video calls, audio conferencing – all of it is encrypted and secured with a military grade encryption.

Using a Kryptotel app, you can share images, audio and video clips, and also PDF, XLS, Doc file types.
Upon installing Kryptotel secure VoIP app on your device, you are provided with a unique number (just like a phone number). When you want to make an encrypted call to other person with Kryptotel app, you need to dial his/her Kryptotel number.

In case the other person is not available to pick the call, it will be redirected to his/her voice mail. The voice mail will be stored in an encrypted container and only the actual recipient will be able to listen to it. The voice mail can be listened only through a Kryptotel app which uses account authentication method and decrypts the recorded message. To access your voice mail you need to dial toll free number 444 and keep digit 1 pressed for few seconds, the easy to use IVS will guide you to read, store and cancel your voice mail.

Download Kryptotel Secure VoIP app:

You can either download Kryptotel app from your phone’s app store or from its website: https://securevoip.kryptotel.net/download/
More details about securing communication with Kryptotel app are available at: securevoip.kryptotel.net.

– Captain Krypto 🙂


Feel free to get in touch with Kryptotel for any further information about encrypted smartphones. You might as well be interested in KryptoPhone – the customized encrypted smartphone by Kryptotel. To know more about KryptoPhone, please visit us at: www.kryptotel.net.

Internet of Things – Security Challenges

Internet of Things or IOT is a network of physical objects or things connected to the Internet. The objective of Internet of Things is to enable these objects or things to communicate and exchange data with each other.



These objects could be anything like mobile phones, TV, watches, car, headphones, lights, house-holding items like refrigerator, washing machine, microwave oven, etc. These objects and entities, known as things are provided unique identifiers and the ability to transfer data automatically over a network.

The communication in Internet of Things (IOT) comes from computing devices and embedded sensor systems used in industrial machine-to-machine communication, smart energy grids, smart homes and building automation, vehicle to vehicle communication and wearable computing devices.

However, since the idea of communication between physical objects and the internet is relatively new, the security could at times become vulnerable. Increased automation and digitization creates new security challenges. Security of multiple points in the network is challenging and the risks are huge.

[blockquote author=”” link=”” target=”_blank”]Cyber Security is of utmost importance in Internet of Things, and security is not given the highest priority, the whole business model based on IOT will be undermined.[/blockquote]

Some of the security challenges identified in Internet of Things are:

  1. Increase in vulnerability points:
    As there are millions and billions devices connected in the Internet of Things. Each of these devices create a potential security risk as they represent a potential doorway to your IT infrastructure and data.
    A study by Fortify, a part of HP, showed that 70 percent of the devices connected in the IOT are vulnerable to the security issues.
  2. Privacy Concerns:
    Most of the devices connected in the Internet of Things in one way or the other collected at least some personal information of the user from the device or from the application. Some of the devices even transmit this information via the network without any encryption. This makes the data vulnerable to theft and misuse if accessed by an unauthorized person.
  3. Authentication and Authorization:
    Weak and easy to break passwords add to the vulnerability. A lot of users configure their devices and accounts with weak passwords. Some of the users don’t even change the default passwords given by vendors for the devices.
  4. Not all devices connected are encrypted:
    In Internet of Things the devices connected communicate with each other by transferring data from one device to another device via the network. Most of these devices fail to encrypt the data and hence an addition to the security issues. Encryption in IOT should be of the highest priority seeing the amount of data and information that transferred between the devices, the cloud and the mobile applications.




It is crucial to take care of the above security challenges and make Internet of Things more secure and trustworthy for users. Security of Internet of Things is a multi-layered approach, and security needs to be taken care of at two levels – the device level and the network level.
This will be ensured by increasing the security level around the following.

  1. Secure Booting:
    Secure booting will ensure that the device only allows an authorized access and keeps the hackers away. This could be done by using a digital signature, or a cryptographically signed code.
  2. Secure Code Updates:
    Secure code on the device should be updated for any bug fixes or security patches ensuring that any malicious code does not enter into the system.
  3. Access Control:
    Access Control methods should be installed into the device to allow it to only access the necessary resources required to perform any action.
  4. Device Authentication and Data Security:
    It is important to prevent unauthorized access to the device, data storage or communication. Data Storage and communication needs to encrypted. All communications with the device should be authenticated, the device needs to be authenticated prior the device communicating over the network.
  5. Secure Communication:
    Incoming and outgoing communication from the device needs to secured and encrypted. Strong encryption protocols should be used to encrypt the communication.
  6. Prevent Cyber Attacks:
    It is important to prevent any sort of cyber attacks. This can be achieved by embedding firewalls which would provide a layers against such attacks by inspecting the traffic at the device and stop the malicious attempts and block the hackers before launching an attack.

Taking care of the above points will ensure that security and privacy in Internet of Things is fully protected and not compromised.

– Captain Krypto 🙂

References:

http://www.cmswire.com/cms/internet-of-things/top-5-internet-of-things-security-concerns-026043.php
http://www.vyzvoice.com/the-internet-of-things-security-challenges/#_ftn1
http://internetofthingsagenda.techtarget.com/definition/IoT-security-Internet-of-Things-security
https://securityintelligence.com/how-the-internet-of-things-iot-is-changing-the-cybersecurity-landscape/

Feel free to get in touch with Kryptotel for any further information about encrypted smartphones. You might as well be interested in KryptoPhone – the customized encrypted smartphone by Kryptotel. To know more about KryptoPhone, please visit us at: www.kryptotel.net.

How to encrypt your emails?

Email is an important part of our communication in our day to day life – both for personal and professional purpose. However, emails are prone to disclosure of information. An average email service doesn’t do much to protect your emails. In most cases, when you send out an email it is sent as a plain text via web with no encryption involved.

That means emails can even be read by people who are not the designated recipients of the email. Even a popular email service like Gmail doesn’t support encryption and therefore prone to be intercepted.

It is important to protect your emails from being read or sniffed by someone to save avoid misuse of the sensitive information and data in the emails. Email encryption is one way of protecting and securing your emails from being accessed by someone who’s not an unauthorized recipient of the email. Encryption is a process of transforming a plain text email message into a cryptogram which is a set of symbols making it look like a scrambled text which makes it unreadable except for the one who owns the readable key.

Encryption is done with the help of two keys – Public Key and a Private Key. Public key is used to encrypt the email message whereas private key is used to decrypt the email message.

This is how the encryption process works and makes email communication safe and secure:

  • When you send a secure email message to someone, you use a public key to send the encrypted email but keep your private key secret.
  • When someone sends you an email message, they use public key to send the encrypted email message, and you use your secret private key to decrypt the message.

There are various technological tools available to effectively encrypt an email and communicate with your peers with an added security and protection to your emails. These email encryption tools would work to automate the encryption process for you.

There are also some web based encrypted email services that allow users to send out encrypted emails. Mail1Click is one such email service which enables its users to send and receive encrypted email messages.

Mail1Click

Mail1Click is a free and secure email service that uses strong encryption level to keep the email communication safe and secure. Mail1Click has an easy to use interface that encrypts the emails automatically.

[blockquote author=”” link=”” target=”_blank”]Mail1Click is a free and secure email service that uses strong encryption level to keep the email communication safe and secure. Mail1Click has an easy to use interface that encrypts the emails automatically.[/blockquote]

Mail1Click can be used by individuals as well as business professionals to send and receive encrypted emails. All you need to do is activate your Mail1Click account and all the encryption, decryption, signature and signature authentication is automatically executed by the application. You just use Mail1Click like any other popular email service, only with a difference of emails being encrypted with Mail1Click.

Here’s what you need to use Mail1Click:

  • Goto Mail1Click website
  • Choose between personal or business
  • Create an account with Mail1Click
  • Start using Mail1Click

Business users can also select their own domain name to use Mail1Click. e.g., username@yourcompanyname.com.

There are two ways to access Mail1Click:

How to protect your email account

Emails are important part of our day-to-day communication. We use emails for personal as well as professional communications. Emails contain sensitive personal and professional information – Bank details, access to social media accounts, etc. Therefore, it is really important that your email account is secure and protected from hackers. In this guide we will tell you some simple ways to protect an email account.

[divider height=”30″ style=”dots” line=”default” themecolor=”1″]

Check the security options your email service provides. All email providers ensure that the email security is maximum, but a user should know how to make use of those security features.

  • 1. Choose a stronger password. Make sure it is not easy to guess.
    A strong password will be a combination of uppercase and lowercase letters, numeric digits, and special characters. (a – z, A – Z, 0 – 9, @#%$&, etc.).
  • 2. Always use an alternate email address in the details, this will help you regain access to your email if someone takes control of your email account. Also, enter your mobile number in the account details.
  • 3. If your email service provider gives a Two Step Verification method, make sure you make use of it. This will increase the level of security of your email account.
  • 4. Security Questions: Make sure to use security questions which are not easily guessed. Remember the answers.
  • 5. Protect your Computer: If you are using a wireless Internet connection or your computer doesn’t have a good anti-virus system in place, then the data on your computer as well as your emails are at risk. If you dont have a firewall in place then your wireless connection is not safe and can be easily snooped upon by the hackers.
  • The least you can do to secure your wireless connection is to use a WPA key on your wireless connection.
    You can add WPA key by following this method: Goto Connections >Wireless Network > Router >Properties >Device Webpage

    Then click on ‘Wireless Security Settings’ and then ‘WEP/WPA Key’. Set it using WPA key.

How to stay safe on a public WiFi Network using a VPN?

Public WiFi networks hotspots like the ones you would find in a coffee shop or in a hotel room are not as safe and secure as one might believe they would be.

Most public WiFi network hotspots are insecure and open since they lack public WiFi security encryption. It is easiest to hack or snoop into your connection when you are connected through a public WiFi network.

[blockquote author=”” link=”” target=”_blank”]Even if there is a username and password for the connection, you are still at risk because you are sharing the network with a number of other people. So, how do you stay safe on a public WiFi network? We will explain how you can secure your connection using a VPN when you are connected to a public WiFi network hotspot[/blockquote]

How do I secure my Internet connection on a public WiFi hotspot?

You can secure your Internet connection on a public WiFi network hotspot by using a Virtual Private Network or VPN service. A VPN service will ensure that all your Internet traffic and communication is encrypted and remains safe and insulated from snoopers and hackers. VPN services use many security/encryption protocols to create security layers to protect your data from prying eyes.

Using a VPN service is the best method one can think of to secure your connection on a public WiFi network. A VPN service will create an encrypted tunnel through which an encrypted data transfer will take place and all communication will be routed through a VPN server. This leaves no chance for hacker to gain an illegal access to your data and connection. Even if they manage to access your data, it will be in an encrypted format and they would not be able to decipher the data.

So, next time you are connected to a public WiFi network, all you need to use a VPN service on the device you want to use for Internet browsing while you are connected to the public WiFi. Most of the VPN services are available for computers, mobile and tablet devices as well. All you need to do is install a VPN client application on your device and activate it. Once your VPN connection is active and you are connected to a VPN server, all your Internet browsing traffic and communication will be transferred from your device to the VPN server through an encrypted tunnel (created by the VPN) based on strong security protocols.

VPN One Click is one of the popular VPN services available which is used by over 10 million users globally, and uses strong encryption protocols like IPSec, L2TP/IPSec, PPTP, OpenVPN for encryption. VPN One Click has been in the market since 2011 and has VPN servers located in 29 countries.

[hr height=”15″ style=”zigzag” line=”default” themecolor=”1″]

How to download VPN One Click?

VPN One Click is available and compatible with almost all devices and platforms, and can be installed easily without any hassles. Its just a one click installation with VPN One Click.

VPN One Click is available to install from Apple App Store, Android PlayStore, Windows Store, Kindle, Mac App Store, etc. VPN One Click can also be installed directly from its website: https://www.vpnoneclick.com/download/

Please comment below if you have any concerns or want to add something to the topic.

Good luck and cheers. 🙂