Ict encryption agt_fabio_pietrosanti
-
Upload
privatewave-italia-spa -
Category
Technology
-
view
647 -
download
0
Transcript of Ict encryption agt_fabio_pietrosanti
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
Mobile voice encryptionA revolutionary approach in voice encryption
industry
Fabio PietrosantiCTO of PrivateWave
http://www.privatewave.com
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
Agenda
• Corporate Information
• Mobile Voice Encryption Solutions
• Politically neutral technologies
• Voice Encryption Standards
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
Corporate informationWho we are
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
4
Our Mission
PrivateWave offer you
the most sophisticated
protection technology
through powerful and
easy-to-use phone call
encryption tools.
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
• Established in 2005
• Research within Politechnic of Milan
• Financially robust (since 2008 or +4Mln EUR)
• Italian corporation, based in Milan
• +20 employees (majority with technical backgrounds)
• Corporate transparency as a key value
• Experts in telecommunication security
• AGT partnership in middle east
5
Corporate information
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
We works with Industry technology leaders
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
Mobile Voice Encryption Solutionswhat do we do
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
• We know that phone calls can be intercepted
But now…
• GSM can be cracked with 1500 EUR equipment
• Generic Radio HW + USRP1
• OpenSource cracking SW – Airprobe + A51crack
• I tested personally
• Everyone is a target8
GSM is broken with cheap hardware
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
• Software voice encryption product for smartphones
• Nokia S60 smartphones
• Blackberry Bold9700, Bold 9000, BB 8520
• iPhone 3GS, 4G
• Use VoIP (UMTS, GPRS, WIFI)
• Require installation at both parties
• Extremely easy to be used
• Time saving when face2face is not possible
• Ready for organization-wide distribution• Increased user acceptance! No Dedicated Hardware!
9
PrivateGSMMobile Voice Encryption
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
• PrivateGSM provide human based authentication with automatic key generation and agreement based on ZRTP
10
PrivateGSMHuman based authentication
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
• The user does not have to change the way he do secure call respect to traditional calling
+801 Secure Prefix
11
PrivateGSMTransparent to the user
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
Differentiated Security Model
• Security model it’s highly relevant when defining policies for secure communications
• Specific information require specific security model
• PrivateGSM support two security model
Protecting from everyone
Protecting from third party
12
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
Protect from everyone
End To End Security
• The information is encrypted at the source and decrypted at the destination.
• Anyone except the caller and the called can acquire the communication.
13
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
IP NetworkInternet
MNO 1
MNO 2 Communication protected by ZRTP
End To End Security
Protect from everyone
Secure Telephony
Infrastructure PBX
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
Protect from third party
End To Site Security
• The information is encrypted separately from the source to the server and from the server to the destination with two different operations.
• Anyone except the server, the caller and the called can acquire the communication.
• The organization has the authority to eavesdrop it’s own communication
15
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
Protect from third party
IP NetworkInternet
MNO 1
IP Phone(Snom)
Communication protected by SRTP/SDES
End To Site Security
Secure Telephony
Infrastructure PBX
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
17
Different secure model for voice encryption
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
• Quick Deployment• No need to distribute hardware devices.No logistic handling
• Leverage existing smartphone base
• Quick Installation• No need to deploy keys across secured devices
• Keys are negotiated dynamically
• Integration• Integrate within existing phones & telephony infrastructure
• No Vendor Lock-In• We give our customers the freedom to be indepedent from us
18
Unique advantage - Flexibility
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
• Certified to be secure• Multiple independent research/industry
institutions certify it to be secure
• Open Source• Subject to public review
• Every security sensitive piece of code can be inspected and reviewed
• Full Protection• Protect from intelligence gathering trough phone call logs (signaling)
• Politically neutral• Technology resistant against possible political pressure on
manufacturer
19
Unique advantages - Security
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
Politically Neutral TechnologiesOpen & Standard Encryption
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
• Politically neutral technology doesn’t mean “made in Switzerland”
• Politically Neutral Technologies are a result of a methodological approach to provide guarantee of:
Protection from political pressure against manufacturer
Guarantee of well designed and secure technologies
21
What’s Politically Neutral Technology?
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
• Risks of Backdoors
• Manufacturer can be subject to political pressure to to insert a backdoor in encryption codes
• Proprietary encryption technologies can have security weakness due to absence of public, distributed scientific peer review
• Proprietary solutions cannot be Politically Neutral Technology
• No protection from political pressure to put backdoors
• No public peer review of security strenght
22
NON Politically Neutral Technology
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
• In 2002, Verint, the Israelian company providing lawful interception product to Netherland KPN operator infiltrated trough backdoors in installed interception systems.
• Abused of backdoors in technical support system to eavesdrop Netherland politicians
• The Israelian Verint did the same in USA on AT&T and the scandal was discovered by CIA
23
Backdoors example?
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
In 2005 a backdoor put in Ericsson AXE telephony switch of Vodafone Greece allowed spying
The prime minister, the chief of secret services, a lot of activists has been intercepted
All phone calls were diverted to a bunch of prepaid anonymous SIM cards
Costas Tsalikidis has been found dead head of Security of the Mobile Telco was found “suicided”
Backdoors example?
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
• Protection from Backdoors Open Source codes are publicly available
No single country influence in implementing technology
No change can be done without notice
Encryption code can be inspected independently and autonomously
Standard Encryption Technologies are designed in international bodies by multiple subjects (research, industry, indivuduals). No single country influence in designing technology
Standard Encryption Technologies are publicly reviewed and analyzed No encryption weakness
25
Politically neutral technology
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
Voice Security StandardsVerifiable encryption technologies
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
ZRTP Security Standard
• End-to-end encryption with man-in-the-middle protection
• Invented by a group of famous international cryptographers leaded by Philip Zimmermann in 2006
• Standardized by Internet Engineering Task Force (IETF)
• Protocol with encryption algorithms recognized by most important international security bodies
• Human authentication –No Automatic authentication process
27
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
ZRTP Security Guarantee
• ZRTP use encryption algorithms recognized scientifically by
ECC Brain pool - Germany
Standards for efficient cryptography group (SECG) – International
ECC Interoperability Forum – International
National Institute of Standard (NIST) – USA
• Implemented in secure open source code
• ZRTP use encryption algorithms certified for TOP SECRET within NSA and NATO environment
28
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
ZRTP Encryption Tech Summary
• Symmetric algorithm: AES-256 (CTR)
• Asymmetric algorithm: ECDH-384 (P-384)
• Strength equivalence: RSA 7680
• Perfect Forward Secrecy (PFS): In the unfortunate “loss” event of your phone, no one will be able to access your keys even if used in the past
• Open Source Secure Codes
29
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
SRTP Security Standard
• End-to-site encryption with digital certificate verification
• Exactly same security architecture of HTTPS
• Based on Digital Certificates and PKI
• Standardized by Internet Engineering Task Force (IETF)
• Diffused among major business VoIP desk phones manufacturer
• Snom, Cisco, Asterisk, Avaya, etc
• De Facto Enterprise Secure Telephony Standard
30
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
SRTP Encryption Tech Summary
• Symmetric algorithm: AES-128 (CTR)
• Asymmetric algorithm: TLS with x509v3
• Strength equivalence: RSA 2048
• Perfect Forward Secrecy (PFS): In the unfortunate “loss” event of your phone, no one will be able to access your keys even if used in the past
• Open Source Secure Codes
31
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
Voice Encryption Technology Summary
Politically Neutrality of PrivateGSM Security Technologies
32
Tech Open Source
Public Specificatio
n
Standard
Peer Reviewe
d
Security Model
Level
ZRTP YES YES YES YES END-TO-END TOP-SECRET
SRTP YES YES YES YES END-TO-SITE SECRET
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.
Mobile voice encryptionA revolutionary approach in voice encryption
industry