back to article Encrypt voice calls, says GCHQ's CESG team ... using CESG encryption

While the world was distracted by the UK Pry Minister's ban-working-encryption, log-everything-online Investigatory Powers Bill, the civil service was urging government and enterprises to adopt better cryptography for voice calls. CESG, “the information security arm of GCHQ, and the national technical authority for information …

  1. This post has been deleted by its author

    1. TheVogon Silver badge

      "The ability to block any interception and business practice monitoring is a key requirement of secure voice technology "

      TFTFY.

      Personally I would rather trust ZRTP

  2. This post has been deleted by its author

    1. Dave 126 Silver badge

      The Register has published its public key before, but I can't find it now either.

      1. Trevor_Pott Gold badge

        http://www.theregister.co.uk/about/company/contact/

        US bureau chief Chris Williams has his PGP key listed.

  3. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      When secure voice products are used, key management servers and/or certificate authorities will need to be set up and managed too.

      That's not true of ZRTP. Also, ZRTP has widespread support and a high degree of inter-operability between different implementations. Libzrtp is an open source, (although arguably not FOSS), implementation.

      The best part of ZRTP (apart from its independence from a central key register) is the initial key check on a call. Every implementation I have seen includes a "check these passwords" phase during setup to detect a MITM (man in the middle) attack, and after confirmation you store a key that has by then validated as a securely exchanged one. It's quite well done. Shame there are so few open implementations around, instead you have a gazillion "secure voice" vendors out there who make a big (and stupidly expensive) production out of kit that really is nothing more than ZRTP - the variable is usually in the quality of the codecs they use as that can introduce serious bandwidth and latency issues.

      1. TheVogon Silver badge

        "Every implementation I have seen includes a "check these passwords" phase during setup to detect a MITM (man in the middle) attack,"

        Be aware that as far back as late 2006 the US NSA developed an experimental voice analysis and synthesis system to defeat this protection.

  4. Anonymous Coward
    Anonymous Coward

    translated:

    "We can crack MIKEY-SAKKE - please use it"

  5. Anonymous Coward
    Anonymous Coward

    "Pry Minister"

    Voice dictation still isn't tip top!

    1. caffeine addict Silver badge

      You know that noise you just heard? That was a joke, not so much "wizzing by" as lazily flapping towards the horizon, yet you still missed it...

  6. G2
    Black Helicopters

    license to snoop included in RFC6509

    bullshit in the middle detected:

    "Simply knowing a user’s phone number is enough to establish a secure communications link with them."

    riiiiiight... and that's exactly what will be allowing man-in-the-middle snooping here - the middleman GCHQ/NSA/BigBrother/etc will be able to impersonate anyone's keys at will and will insert/replace its own keys on the fly.

    The parties at both ends of the connection will think they are talking securely to the other side but actually both of them are being relayed via the man-in-the-middle snoop keys.

    Security theatre at its best.

  7. leon clarke

    CESG's hobby is promoting applications for IBE

    (IBE = Identity Based Encryption)

    This is an idea that was invented by CESG. It is regarded as secure. It is a very cool concept. It's probably CESG's biggest triumph in terms of academic crypto (ignoring rumours that they invented public key crypto before anyone else because inventing something and keeping it secret doesn't count as an academic crypto)

    So CESG keeps on coming up with really cool protocols that use IBE. The only problem is that anything you can do with IBE can be done in a way that's slightly less theoretically elegant but more generally understandable using ordinary public key crypto. So that's what everyone always does.

    1. Anonymous Coward
      Anonymous Coward

      Re: CESG's hobby is promoting applications for IBE

      > ignoring rumours that they invented public key crypto before anyone else

      Not exactly a rumour. It's been confirmed via public statement, and the IIRC Clifford Cocks has appeared in interviews on the matter...

    2. Old Handle
      Thumb Down

      Re: CESG's hobby is promoting applications for IBE

      IBE may be secure in a theoretical sense, but it has a backfront door build into the design. It requires the use of a Private Key Generator (PKG), a "trusted" third party to make it all work. No wonder the government likes the idea.

      1. king_tut

        Re: CESG's hobby is promoting applications for IBE

        Absolutely - I agree. This is why HMG likes it (plus licencing etc). However, certificate based has the same problem - just that it's called a trusted root CA. You can roll your own root CA for a private community, and you can roll your own KMS likewise.

        IMHO a larger issue of IBE is that the KMS/PKG needs to be online, whereas a root CA can be offline/air-gapped.

  8. Dave 126 Silver badge

    >"Simply knowing a user’s phone number is enough to establish a secure communications link with them”.

    Eh? Presumably this is not referring to the standard 07xxxxxxxxx type numbers doled out by network operators (nor would a user have to use a network operator-provided number for VoIP). I assume that to be a public key, the user has to generate it themselves - then give it out to contacts or publish it to a directory.

    Have I missed something?

    1. Ian Michael Gumby Silver badge

      @Dave

      I was thinking that one could spoof the phone number so that you have someone spoofing your public key.

  9. Graham Marsden
    Holmes

    Well of course...

    ... it's different when THEY do it...

  10. jay_bea

    I am looking forward to the arrival of JackPair (www.jackpair.com/). Although it requires a hardware at both ends, so will not work without some pre-planning, it can work with any phone (mobile/VoIP/PSTN), and it addresses the issue of MITM neatly.

  11. Kane Silver badge
    Boffin

    Hmmmm....

    "Simply knowing a user’s phone number is enough to establish a secure communications link with them”

    I'm probably being a bit dense here (apologies, I'm only on my third coffee for the day), but what happens when phone numbers are recycled?

  12. king_tut

    Read the spec/RFC

    CESG have been banging on about Identity-based crypto for ages now. MIKEY-SAKKE is a combination of using MIKEY [1] for the key management, with Sakai-Kasahara algorithm [2] for the crypt itself. Note that MIKEY-IBAKE and MIKEY-TICKET are some of the main contenders for future secure voice standards under VoLTE. The UK want MIKEY-SAKKE instead for assorted reasons.

    The idea for MIKEY-SAKKE is that the Identity (phone number) is used as a public key (after some mathematical operations), for which the owner of the identity is the only one with a private key. Obviously though there must be some sort of trust or magic to allow this - that magic is via a 'Key management server' or 'Private key generator' which is mutually trusted by both parties. This KMS generates the private key, based on the identity, and distributes it securely to the owner of that

    identity. The "Lawful Intercept" capability comes from the fact that the government can send a warranted request for the keys to the owner of the KMS.

    There are similarities between a KMS and a root signing certificate server. The difference is that client public key certificates don't need to be distributed, and keys etc are short-lived so you don't have to deal with immense CRLs. Call setup times are faster and require less bandwidth than using certs, although the difference is small enough not to really matter to most.

    Personally I'm not wholly convinced - I think it's generally no better or worse than other approaches, just with a different set of pro's and con's.

    [1] https://en.wikipedia.org/wiki/MIKEY

    [2] https://en.wikipedia.org/wiki/Sakai%E2%80%93Kasahara_scheme

  13. Luke Worm

    Lawful interception?

    How wide is the jurisdiction of this "lawfulness"? John in London and Tom in Leeds use encrypted communication service (VOIP or messaging) provided by an entity abroad, in Iceland or Switzerland for example; an entity that has no physical presence in the UK.

  14. phuzz Silver badge
    Coat

    HOWTO: Secure encrypted voice calls

    1. Record your part of the conversation onto wax cylinder in sound proof room.

    2. Scan with modified flatbed scanner

    3. Encrypt using PKI based system

    4. Copy onto USB drive inside TrueCrypt container

    5. Lock the USB stick inside a lock box with tamper evident seals

    6. Employ non-suspicious person to convey the USB stick to it's destination.

    10. Give up and just shout to each other.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019