Locking up your voice
By Simon Bisson & Mary Branscombe in Editorial
Voice is mobile’s killer app. Secure voice? That’s another story.
Way back in the early days of the GSM specification, the designers came up with a voice cryptography standard, called A. Governments and security agencies weren’t too happy as they felt that A was too strong - and it would make conversations far too hard to monitor. The result was A5/1, a rather less strong cryptosystem. Whether the over the air path was encrypted or not didn’t really matter - as once your call hit the wired network it was transmitted in the clear.
Not every call can run in the clear.
Some contain significantly price sensitive information - details of a new drug, information about the location of an oil field, negotiations for a merger or an acquisition. It’s information that if it’s lost could cost you, or your business, a lot of money. There’s also no way of quantifying the risk. Then there’s information that could be damaging if it’s intercepted - the details of a divorce settlement, or a bitter custody dispute. You might also be a government employee, trying to keep secrets secret. And finally there’s the issue of the current economic downturn, where very little is certain - apart from the fact that industrial espionage always increases during a recession.
So how do you secure your voice calls?
You could buy a secure cellphone, but it’s not really an economic proposition - it’s expensive to run, the call quality is reltively poor, and there’s lots of lag. More importantly, the phones are large and obvious, so anyone who sees you make a call with one knows you have something to hide.
One alternative is a UK startup, Cellcrypt, which has developed a software voice encryption client that runs on a standard smartphone. We sat down with the CEO, Dr Simon Bransfield-Garth at RIM’s WES event in Orlando to find out more.
There’s a new mantra in the mobile industry: voice is data. Cellcrypt treats it just that way, using IP to connect devices together. The result is a service that’s secure over GPRS, 3G, and WiFi. All of the encryption is in the device, so there’s no reliance on the network - all you need to do is run an application that looks like a standard phone application. Just choose a contact, and the application secures a channel and makes a voice connection between two devices.
The authentication key is set using RSA and 204-bit elliptic curve Diffie Hellman (elliptic curve cryptography gives you a lot of encryption per bit, and is very efficient). Once a session has been authenticated Cellcrypt generates a session key to handle the conversation cryptography, using 256-bit AES wrapped in 256-bit RC4. The whole process is currently being certified for government use by FIPS, and there are plans to go through the UK’s CAPS certification.
One thing to note - there is a server in the cloud to handle call connections and routing, but it doesn’t do any cryptography at all, it just handles the call initiation and licence management. There’s also no central key server, and keys generated from first principles in the phone - giving you a very secure end-to-end environment.
I gave it a try - even in the crowded wireless spectrum of WES the call quality was good. There is some latency, which is only to be expected, and the lower the quality network, the greater the latency. WiFi networks should expect 250ms, 3G, 370ms, and 2G, 500 ms. The business model is based around a service fee of $1K/person/year.
–S
Trackback by - February 9, 2012 on 3:39 am
greenpeace usa interest group…
[…]his loved ones and hundreds of thousands of worldwide supporters, campaigners and celebrities wait patiently […]…
Trackback by - February 9, 2012 on 8:39 am
will smith dead or alive…
[…]ready brief even though ago, “Mom athlonsports are exceeded shin as properly as knee players, I […]…
Make a comment
Tag cloud
Archives
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
Most commented posts
- Java's SSVAGENT.EXE: training the monkey
128 comments
- When Windows 7 upgrades won’t hibernate (the solution)
- Do you need IPv6 for DirectAccess? Yes and No
- Chrome OS: what happens when "always connected", isn't?
- The ColdFusion Renaissance
- Make Adobe Acrobat Pro deactivate
- Is there a showstopper bug in Windows 7 CHKDSK?
- There’s a reason smartphones are locked down
- At sixes and Windows 7s
- The LHC isn
Highest Rated Blog Posts
- Songs of distant satellites (100%)
- Nobody knows what Web 2.0 really is (100%)
- Log in and lock in (100%)
- Top tips for speeding up Vista (100%)
- Mommy, why is there a home server in the office? (100%)
- Employees are our most valuable asset (snigger) (100%)
- Locking down IT or blocking creativity (100%)
- Consumer BlackBerrys are good for business (100%)
- HD Trek (100%)
- Join the (beta) community (100%)


