Encrypt voice calls, says GCHQ's CESG team ... using CESG encryption

translated:

"We can crack MIKEY-SAKKE - please use it"

"Pry Minister"

Voice dictation still isn't tip top!

CESG's hobby is promoting applications for IBE

(IBE = Identity Based Encryption)

This is an idea that was invented by CESG. It is regarded as secure. It is a very cool concept. It's probably CESG's biggest triumph in terms of academic crypto (ignoring rumours that they invented public key crypto before anyone else because inventing something and keeping it secret doesn't count as an academic crypto)

So CESG keeps on coming up with really cool protocols that use IBE. The only problem is that anything you can do with IBE can be done in a way that's slightly less theoretically elegant but more generally understandable using ordinary public key crypto. So that's what everyone always does.

>"Simply knowing a user’s phone number is enough to establish a secure communications link with them”.

Eh? Presumably this is not referring to the standard 07xxxxxxxxx type numbers doled out by network operators (nor would a user have to use a network operator-provided number for VoIP). I assume that to be a public key, the user has to generate it themselves - then give it out to contacts or publish it to a directory.

Have I missed something?

I am looking forward to the arrival of JackPair (www.jackpair.com/). Although it requires a hardware at both ends, so will not work without some pre-planning, it can work with any phone (mobile/VoIP/PSTN), and it addresses the issue of MITM neatly.

Read the spec/RFC

CESG have been banging on about Identity-based crypto for ages now. MIKEY-SAKKE is a combination of using MIKEY [1] for the key management, with Sakai-Kasahara algorithm [2] for the crypt itself. Note that MIKEY-IBAKE and MIKEY-TICKET are some of the main contenders for future secure voice standards under VoLTE. The UK want MIKEY-SAKKE instead for assorted reasons.

The idea for MIKEY-SAKKE is that the Identity (phone number) is used as a public key (after some mathematical operations), for which the owner of the identity is the only one with a private key. Obviously though there must be some sort of trust or magic to allow this - that magic is via a 'Key management server' or 'Private key generator' which is mutually trusted by both parties. This KMS generates the private key, based on the identity, and distributes it securely to the owner of that

identity. The "Lawful Intercept" capability comes from the fact that the government can send a warranted request for the keys to the owner of the KMS.

There are similarities between a KMS and a root signing certificate server. The difference is that client public key certificates don't need to be distributed, and keys etc are short-lived so you don't have to deal with immense CRLs. Call setup times are faster and require less bandwidth than using certs, although the difference is small enough not to really matter to most.

Personally I'm not wholly convinced - I think it's generally no better or worse than other approaches, just with a different set of pro's and con's.

[1] https://en.wikipedia.org/wiki/MIKEY

[2] https://en.wikipedia.org/wiki/Sakai%E2%80%93Kasahara_scheme

Lawful interception?

How wide is the jurisdiction of this "lawfulness"? John in London and Tom in Leeds use encrypted communication service (VOIP or messaging) provided by an entity abroad, in Iceland or Switzerland for example; an entity that has no physical presence in the UK.