Security
System
ProPTT2 support strong security features for enterprise aria.
All session and data would be encrypted by strong encryption algorism.
Account
ID and password is encrypted in 3 steps. Hash, OTP and TLS/SSL.
| Password | Saved hashed password by Sha512 + BCrypt(option) |
|---|---|
| OTP | OTP(One-Time-Password) is used for authentication |
| 2FA(Two-Factor Authentication) | User can use an authentication token(SSAID, IMEI, Phone number, SMS token and so on) with password. (detail) |
| Password Policy | Customer can set the Password Policy for user. |
Login session
| TLS/SSL | All login seesion is encrypted by TLS/SSL |
|---|
PTT control session
| TLS/SSL | All control seesion is encrypted by TLS/SSL |
|---|
Media session
Media sharing session encryption is optional. if PTT has a attribute of encription, it would work.
| End to End Encryption | ProPTT2 support E2EE. PTT server support key distribution for PTT clients. |
|---|---|
| Algorism | ProPTT2 support AES128/256 (wikipedia), ARIA256 (wikipedia) Encription algorism |
Data encryption
Local client must encrypt local data.
| System DB | The important field in DB is encrypted with AES. |
|---|---|
| iOS | OS can support encryption for each app. |
| Android | ProPTT2 encrypt local DB with AES. |
Video sharing session
Video sharing session encryption is optional.
| TLS/SSL | Video sharing session is encrypted by TLS/SSL |
|---|
AdminWeb
AdminWeb also have secure features.
| TLS/SSL | All communication is encrypted by TLS/SSL |
|---|---|
| XSS Protection | AdminWeb support XSS protection headers and script prevention. XSS |
| CSRF Protection | AdminWeb support CSRF protection token and script prevention. CSRF |
For highest security level
In device side, VPN and MDM can be used for PTT service.
| VPN | VPN can support encryption for each session. You can use high performance encryption. |
|---|---|
| MDM | MDM can manage device, app and user's profile on high level security. |