Architecture of an On-Premises Corporate Messenger Server with End-to-End Encryption

An on-premises corporate messenger server designed for secure communication must meet stringent security requirements, ensuring the confidentiality and integrity of messages exchanged between users. This article outlines the architecture of such a system, focusing on end-to-end encryption (E2EE), where messages are encrypted on client devices and only decrypted by the intended recipient.

Core Components of the Architecture

  1. Client Applications:
    • Platform Coverage: o Applications are provided for mobile devices - Android and iOS, and web browsers (under development) with client-side encryption.
    • Key Management: Each client generates a unique pair of public and private keys upon a registration on a server. The private key is securely stored on the client device and on the server being protected by the user's password, while the public key is shared with the server for distribution.
    • Encryption & Decryption: Messages are encrypted locally using the recipient's public key and decrypted upon receipt using the sender’s private key.
  2. On-Premises Server:
    • Key Distribution Service: Stores and distributes public keys to clients while the private key can only be downloaded by its owner.
    • Message Relay: Acts as an intermediary to relay encrypted messages between clients without having access to their contents.
    • Authentication & Authorization: Ensures that only verified users can send and receive messages. The authentication method is username/password authentication.
    • Audit Logs: Only message timestamps are logged. No other metadata such as user activity or other is logged.
  3. Database:
    • Encrypted Message Storage: Encrypted messages are stored with strict access control, ensuring there is no plain text data on the server.
    • User and Key Information: Stores user profiles, public keys, and device information. This data is also encrypted to protect against unauthorized access.
  4. Network Security:
    • Transport Layer Security (TLS): All communications between clients and the server are encrypted using TLS to prevent interception during transit(optionally, not enabled by default).
    • Firewall and VPN: The server is deployed within a secure corporate network protected by firewalls and optionally accessible through a VPN.

Workflow: Sending and Receiving Messages

  1. User Registration:
    • During registration, the client generates a public-private key pair.
    • The public key is uploaded to the server, and the private key remains on the client device and is also uploaded to the server, being protected by the user's password.
    • User profile data such as nickname, avatar, and phone book contact names are encrypted with a symmetric key that can be decrypted using the user's public and private key pair.
  2. Conversation Initialization:
    • When a conversation (two-user or multi-user) is created, the initiating client generates a unique session key for that conversation.
    • The session key is encrypted with the public keys of all participants and sent to the server.
    • Each participant retrieves and decrypts the session key using their private key.
  3. Message Sending:
    • The sender's client retrieves the encrypted session key from the server.
    • The sender decrypts this session key with his private key.
    • The message is encrypted locally on the sender’s device using the decrypted session key.
    • The encrypted message is transmitted to the server over a secure TLS connection.
  4. Message Delivery:
    • The server relays the encrypted message to all participants in the conversation.
  5. Message Decryption:
    • Upon receipt, the recipient’s client decrypts the message using their private key.
    • The decrypted message is never exposed to the server or other unauthorized entities.

Security Features

  1. End-to-End Encryption: The server never has access to plaintext messages, ensuring that only the intended recipient can decrypt and read the message.
  2. Zero Knowledge: The server operates with zero knowledge of the message contents, minimizing the impact of potential breaches.
  3. Key Management: Robust mechanisms ensure the secure generation, storage, and exchange of keys.

Benefits of the Architecture

  • Complete Data Sovereignty: All components are hosted on-premises, ensuring full control over sensitive corporate data.
  • Scalability: The architecture can support a growing number of users and devices with appropriate hardware scaling.
  • Regulatory Compliance: Makes it easy to comply with strict data protection standards like GDPR and HIPAA by ensuring message privacy..

Conclusion

This architecture provides a secure, scalable, and compliant solution for corporate communication, prioritizing end-to-end encryption and minimizing server-side exposure to sensitive data. By combining robust encryption practices with secure on-premises hosting, organizations can ensure the privacy and integrity of their internal communications.