"The ability to block any interception and business practice monitoring is a key requirement of secure voice technology "
TFTFY.
Personally I would rather trust ZRTP
While the world was distracted by the UK Pry Minister's ban-working-encryption, log-everything-online Investigatory Powers Bill, the civil service was urging government and enterprises to adopt better cryptography for voice calls. CESG, “the information security arm of GCHQ, and the national technical authority for information …
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
When secure voice products are used, key management servers and/or certificate authorities will need to be set up and managed too.
That's not true of ZRTP. Also, ZRTP has widespread support and a high degree of inter-operability between different implementations. Libzrtp is an open source, (although arguably not FOSS), implementation.
The best part of ZRTP (apart from its independence from a central key register) is the initial key check on a call. Every implementation I have seen includes a "check these passwords" phase during setup to detect a MITM (man in the middle) attack, and after confirmation you store a key that has by then validated as a securely exchanged one. It's quite well done. Shame there are so few open implementations around, instead you have a gazillion "secure voice" vendors out there who make a big (and stupidly expensive) production out of kit that really is nothing more than ZRTP - the variable is usually in the quality of the codecs they use as that can introduce serious bandwidth and latency issues.
bullshit in the middle detected:
"Simply knowing a user’s phone number is enough to establish a secure communications link with them."
riiiiiight... and that's exactly what will be allowing man-in-the-middle snooping here - the middleman GCHQ/NSA/BigBrother/etc will be able to impersonate anyone's keys at will and will insert/replace its own keys on the fly.
The parties at both ends of the connection will think they are talking securely to the other side but actually both of them are being relayed via the man-in-the-middle snoop keys.
Security theatre at its best.
(IBE = Identity Based Encryption)
This is an idea that was invented by CESG. It is regarded as secure. It is a very cool concept. It's probably CESG's biggest triumph in terms of academic crypto (ignoring rumours that they invented public key crypto before anyone else because inventing something and keeping it secret doesn't count as an academic crypto)
So CESG keeps on coming up with really cool protocols that use IBE. The only problem is that anything you can do with IBE can be done in a way that's slightly less theoretically elegant but more generally understandable using ordinary public key crypto. So that's what everyone always does.
Absolutely - I agree. This is why HMG likes it (plus licencing etc). However, certificate based has the same problem - just that it's called a trusted root CA. You can roll your own root CA for a private community, and you can roll your own KMS likewise.
IMHO a larger issue of IBE is that the KMS/PKG needs to be online, whereas a root CA can be offline/air-gapped.
>"Simply knowing a user’s phone number is enough to establish a secure communications link with them”.
Eh? Presumably this is not referring to the standard 07xxxxxxxxx type numbers doled out by network operators (nor would a user have to use a network operator-provided number for VoIP). I assume that to be a public key, the user has to generate it themselves - then give it out to contacts or publish it to a directory.
Have I missed something?
CESG have been banging on about Identity-based crypto for ages now. MIKEY-SAKKE is a combination of using MIKEY [1] for the key management, with Sakai-Kasahara algorithm [2] for the crypt itself. Note that MIKEY-IBAKE and MIKEY-TICKET are some of the main contenders for future secure voice standards under VoLTE. The UK want MIKEY-SAKKE instead for assorted reasons.
The idea for MIKEY-SAKKE is that the Identity (phone number) is used as a public key (after some mathematical operations), for which the owner of the identity is the only one with a private key. Obviously though there must be some sort of trust or magic to allow this - that magic is via a 'Key management server' or 'Private key generator' which is mutually trusted by both parties. This KMS generates the private key, based on the identity, and distributes it securely to the owner of that
identity. The "Lawful Intercept" capability comes from the fact that the government can send a warranted request for the keys to the owner of the KMS.
There are similarities between a KMS and a root signing certificate server. The difference is that client public key certificates don't need to be distributed, and keys etc are short-lived so you don't have to deal with immense CRLs. Call setup times are faster and require less bandwidth than using certs, although the difference is small enough not to really matter to most.
Personally I'm not wholly convinced - I think it's generally no better or worse than other approaches, just with a different set of pro's and con's.
[1] https://en.wikipedia.org/wiki/MIKEY
[2] https://en.wikipedia.org/wiki/Sakai%E2%80%93Kasahara_scheme
HOWTO: Secure encrypted voice calls
1. Record your part of the conversation onto wax cylinder in sound proof room.
2. Scan with modified flatbed scanner
3. Encrypt using PKI based system
4. Copy onto USB drive inside TrueCrypt container
5. Lock the USB stick inside a lock box with tamper evident seals
6. Employ non-suspicious person to convey the USB stick to it's destination.
10. Give up and just shout to each other.