Home My Account Downloads Support Company
Help V2.1 Guides - Security

WallCooler and Security

This article covers the basics of WallCooler secure connection establishement.
It is mainly aimed at providing an understanding of the security mechanism used by WallCooler to exchange data to its remote sibling.
Overview
WallCooler uses Secure Socket Layer (SSL) to create secure and reliable connections between two sides.
It automatically manages potential disconnections of the underlying SSL socket (timeout, proxy settings), by creating a new underlying socket.
Only if it cannot reach the remote side will it then close the WallCooler Connection.

WallCooler's use of SSL offers many benefits:
  • Proxy/Firewall:
    Can be tunneled through a Proxy/Firewall.

  • Security:
    SSL encryption is used, providing the same level of security as secured websites.

  • Authentication:
    An SSL dual authentication can be used (1 private key on each side), to ensure both sides are connected to the right computer.

  • Integrity:
    Only outbound TCP connections are made, so the integrity of the network security is maintained.
Relay Servers
WallCooler does automatically take care of relaying data when necessary.

Vedivi Relay Server will be used when two WallCoolers cannot establish a direct connection between each other.

So if you have one computer behind a Firewall (i.e. your office) and the other directly connected to the internet (i.e. home), WallCooler will attempt to establish a Bridge between them using a direct connection.

If on the other hand none of your computers are directly on the Internet, or the WallCoolers cannot establish a direct route, a WallCooler Relay Server will be used to allow the connection.

Note: Only encrypted data is relayed, so a relayed connection is as secure as a direct connection (see "How it works" below).

  Basic SSL Concept
SSL uses asymetrical key for authentication and self generated symetrical keys for data encryption.
Asymetrical key (also called Public/Private keys) means two keys are necessary to code/decode data:
  • Public Key: Used to encode the message, but cannot decode it. It can be distributed widely.
  • Private Key: Used to decode the message. It must be kept on the server only.
So basically, although everybody having the Public Key can encode a message, only the owner of the Private Key can decode it. This makes it the perfect mechanism for authentication as you know that the only person who can respond to you message must have the Private Key.

Authentication is essential, because it ensures you are connecting to the right computer and tells the remote computer who you are.
When for instance you connect to a WebSite to buy a product online, you want to be sure that you are connected to the right WebSite and not a hacked replica only interested in steeling you card details.
To achieve this, the WebSite will have a Private Key certified by a Certification Authority, you will start a conversation encoded with the corresponding Public Key, and if it responds, you know it is the right WebSite

This authentication however is not enough for a tool like WallCooler, because for our WebSite example, the WebSite does not care about who is connecting to it, only the customer needs to make sure it is the right WebSite.
In WallCooler however, the two sides have to make sure they talk to the right remote computer. That is why WallCooler allows dual authentication, which is basically the same concept but applied in both directions.
This means both WallCooler sides will have to generate a Private Key and communicate the corresponding Public Key to the remote WallCooler.

Note: To avoid potential wrongdoing, we do not provide ways to extract the Private Key.

How it works
WallCooler connectivity is done in several steps:
  1. Sign-On 1:
    WallCooler establishes a secure SSL connection with aVedivi Server and authenticates itself with the credentials provided by the user.
  2. Sign-On 2:
    The second WallCooler establishes a secure SSL connection with Vedivi Server and authenticates itself with the credentials provided by the user.
  3. Secure Tunnel establishement:
    The two WallCooler now establish an SSL tunnel between themselves, so that only these WallCoolers can decipher each other messages.
  4. Data Encryption & exchange:
    The WallCooler can now exchange data securely, as only the remote WallCooler has the private key to decipher the encoded data.

    Note: The relay server is only routing encrypted data at this point, and cannot decipher anything as it does not possesses the private key required.

Links
» Frequently Asked Questions
» Dowload WallCooler
Home   -   My Account   -   Downloads   -   Help   -   Company   -   Forums   -   FAQ   -   Terms & Conditions

Copyright © 2003-2007 Vedivi Ltd. All rights reserved.
Term of service  .  Privacy policy  .  End user usage agreement