katsana

July 08, 2015

KATSANA™ Live Tracking Platform is now on HTTPS (TLS 1.2) secure connection, and other security improvements

‹ Back to article list
katsana

We are ecstatic to inform that since July 6th 2015, the best Live GPS Tracking Platform is now protected with HTTPS (TLS 1.2) security protocol.

Hyper Text Transfer Protocol Secure (HTTPS) is an encrypted/secured version of HTTP, the protocol that sends data from our servers to the browser that you are currently using. In simplest terms, deployment of HTTPS on my.katsana.com means all communications between the KATSANA servers and your browser are encrypted. HTTPS is often used to ensure that highly confidential informations are transmitted securely on the Internet; hence you will see https being used extensively on online banking websites, and online shopping carts.

Grade A Implementation of HTTPS (TLS1.2)

Deployment of HTTPS encryption on KATSANA Live GPS Tracking Platform is certified as Grade A, as reported on Qualys SSL Labs website. You may view the report of our HTTPS certificate on this page.

Server key and Certificate #1 information
Common names: *.katsana.com
Alternative names: *.katsana.com katsana.com
Key: RSA 2048 bits (e 65537)
Weak key (Debian): No
Issuer: RapidSSL SHA256 CA – G3
Signature algorithm: SHA256withRSA
Revocation information: CRL, OCSP
Revocation status: Good (not revoked)
Trusted: YES

Platform cookies encrypted with AES-256-CBC encryption

Cookies are a tiny piece of information left by the server onto a user’s device to identify and authenticate him.

On top of communication between the server and the user through HTTPS, we have further strengthened Katsana platform cookie by encrypting it with AES-256-CBC (Cipher-block-chaining) encryption to ensure that no one could pretend to be a validated user.

Protection of user actions against Cross-Site Request Forgery (CSRF)

CSRF or XSRF or sea-surf is a type of web attack that occurs when a malicious code is injected to cause a user’s browser to perform and unwanted action on a trusted site. For example, this kind of attack could result in transfer of funds, changing of a password, or worse, could potentially delete important data. This kind of attach are used by attacker to make a target system performs a function without the knowledge of the target user, at least until the unauthorized function is ran.

In KATSANA, for quite some time now we have added a security token associated with each user actions. Assigning actions with token ensures that the action is valid and triggered by the actual user.

How KATSANA users benefit from HTTPS

As we grow in term of size, type of users and use-cases, it is imperative and extremely critical for the KATSANA team to ensure that sensitive data such as vehicle location and user details are not leaked out into the open Internet.

With a standard HTTP protocol, any data transmission from a server to user are sent in ‘plain-text’, which is readable. Thus this information can be snooped (or intervened) by a third party. A third party can potentially disguises himself as the server and collects confidential information submitted from the user, vice-versa.

With implementation of HTTPS on our Live GPS Tracking platform, it makes the connection secure by encrypting data between the user and the server. This means, if somebody managed to intervene the connection, he will not be able to understand the data interchange because only authenticated user and server can decrypt and read the data.

What the hacker may read is only a jumbled mess of data which is of no use.

In summary, KATSANA cares about you. Your vehicle and your data are protected at all times and we strive to ensure that when it comes to security, we are one of the benchmarks in GPS Tracking and Fleet Management Systems.