Ict encryption agt_fabio_pietrosanti

The present document cannot be used, modified, published or copied in any matter or means without prior consent of Privatewave Italia Spa.

Mobile voice encryptionA revolutionary approach in voice encryption

industry

Fabio PietrosantiCTO of PrivateWave

http://www.privatewave.com


Agenda

• Corporate Information

• Mobile Voice Encryption Solutions

• Politically neutral technologies

• Voice Encryption Standards


Corporate informationWho we are


4

Our Mission

PrivateWave offer you

the most sophisticated

protection technology

through powerful and

easy-to-use phone call

encryption tools.


• Established in 2005

• Research within Politechnic of Milan

• Financially robust (since 2008 or +4Mln EUR)

• Italian corporation, based in Milan

• +20 employees (majority with technical backgrounds)

• Corporate transparency as a key value

• Experts in telecommunication security

• AGT partnership in middle east

5

Corporate information


We works with Industry technology leaders


Mobile Voice Encryption Solutionswhat do we do


• We know that phone calls can be intercepted

But now…

• GSM can be cracked with 1500 EUR equipment

• Generic Radio HW + USRP1

• OpenSource cracking SW – Airprobe + A51crack

• I tested personally

• Everyone is a target8

GSM is broken with cheap hardware


• Software voice encryption product for smartphones

• Nokia S60 smartphones

• Blackberry Bold9700, Bold 9000, BB 8520

• iPhone 3GS, 4G

• Use VoIP (UMTS, GPRS, WIFI)

• Require installation at both parties

• Extremely easy to be used

• Time saving when face2face is not possible

• Ready for organization-wide distribution• Increased user acceptance! No Dedicated Hardware!

9

PrivateGSMMobile Voice Encryption


• PrivateGSM provide human based authentication with automatic key generation and agreement based on ZRTP

10

PrivateGSMHuman based authentication


• The user does not have to change the way he do secure call respect to traditional calling

+801 Secure Prefix

11

PrivateGSMTransparent to the user


Differentiated Security Model

• Security model it’s highly relevant when defining policies for secure communications

• Specific information require specific security model

• PrivateGSM support two security model

Protecting from everyone

Protecting from third party

12


Protect from everyone

End To End Security

• The information is encrypted at the source and decrypted at the destination.

• Anyone except the caller and the called can acquire the communication.

13


IP NetworkInternet

MNO 1

MNO 2 Communication protected by ZRTP

End To End Security

Protect from everyone

Secure Telephony

Infrastructure PBX


Protect from third party

End To Site Security

• The information is encrypted separately from the source to the server and from the server to the destination with two different operations.

• Anyone except the server, the caller and the called can acquire the communication.

• The organization has the authority to eavesdrop it’s own communication

15


Protect from third party

IP NetworkInternet

MNO 1

IP Phone(Snom)

Communication protected by SRTP/SDES

End To Site Security

Secure Telephony

Infrastructure PBX


17

Different secure model for voice encryption


• Quick Deployment• No need to distribute hardware devices.No logistic handling

• Leverage existing smartphone base

• Quick Installation• No need to deploy keys across secured devices

• Keys are negotiated dynamically

• Integration• Integrate within existing phones & telephony infrastructure

• No Vendor Lock-In• We give our customers the freedom to be indepedent from us

18

Unique advantage - Flexibility


• Certified to be secure• Multiple independent research/industry

institutions certify it to be secure

• Open Source• Subject to public review

• Every security sensitive piece of code can be inspected and reviewed

• Full Protection• Protect from intelligence gathering trough phone call logs (signaling)

• Politically neutral• Technology resistant against possible political pressure on

manufacturer

19

Unique advantages - Security


Politically Neutral TechnologiesOpen & Standard Encryption


• Politically neutral technology doesn’t mean “made in Switzerland”

• Politically Neutral Technologies are a result of a methodological approach to provide guarantee of:

Protection from political pressure against manufacturer

Guarantee of well designed and secure technologies

21

What’s Politically Neutral Technology?


• Risks of Backdoors

• Manufacturer can be subject to political pressure to to insert a backdoor in encryption codes

• Proprietary encryption technologies can have security weakness due to absence of public, distributed scientific peer review

• Proprietary solutions cannot be Politically Neutral Technology

• No protection from political pressure to put backdoors

• No public peer review of security strenght

22

NON Politically Neutral Technology


• In 2002, Verint, the Israelian company providing lawful interception product to Netherland KPN operator infiltrated trough backdoors in installed interception systems.

• Abused of backdoors in technical support system to eavesdrop Netherland politicians

• The Israelian Verint did the same in USA on AT&T and the scandal was discovered by CIA

23

Backdoors example?


In 2005 a backdoor put in Ericsson AXE telephony switch of Vodafone Greece allowed spying

The prime minister, the chief of secret services, a lot of activists has been intercepted

All phone calls were diverted to a bunch of prepaid anonymous SIM cards

Costas Tsalikidis has been found dead head of Security of the Mobile Telco was found “suicided”

Backdoors example?


• Protection from Backdoors Open Source codes are publicly available

No single country influence in implementing technology

No change can be done without notice

Encryption code can be inspected independently and autonomously

Standard Encryption Technologies are designed in international bodies by multiple subjects (research, industry, indivuduals). No single country influence in designing technology

Standard Encryption Technologies are publicly reviewed and analyzed No encryption weakness

25

Politically neutral technology


Voice Security StandardsVerifiable encryption technologies


ZRTP Security Standard

• End-to-end encryption with man-in-the-middle protection

• Invented by a group of famous international cryptographers leaded by Philip Zimmermann in 2006

• Standardized by Internet Engineering Task Force (IETF)

• Protocol with encryption algorithms recognized by most important international security bodies

• Human authentication –No Automatic authentication process

27


ZRTP Security Guarantee

• ZRTP use encryption algorithms recognized scientifically by

ECC Brain pool - Germany

Standards for efficient cryptography group (SECG) – International

ECC Interoperability Forum – International

National Institute of Standard (NIST) – USA

• Implemented in secure open source code

• ZRTP use encryption algorithms certified for TOP SECRET within NSA and NATO environment

28


ZRTP Encryption Tech Summary

• Symmetric algorithm: AES-256 (CTR)

• Asymmetric algorithm: ECDH-384 (P-384)

• Strength equivalence: RSA 7680

• Perfect Forward Secrecy (PFS): In the unfortunate “loss” event of your phone, no one will be able to access your keys even if used in the past

• Open Source Secure Codes

29


SRTP Security Standard

• End-to-site encryption with digital certificate verification

• Exactly same security architecture of HTTPS

• Based on Digital Certificates and PKI

• Standardized by Internet Engineering Task Force (IETF)

• Diffused among major business VoIP desk phones manufacturer

• Snom, Cisco, Asterisk, Avaya, etc

• De Facto Enterprise Secure Telephony Standard

30


SRTP Encryption Tech Summary

• Symmetric algorithm: AES-128 (CTR)

• Asymmetric algorithm: TLS with x509v3

• Strength equivalence: RSA 2048

• Perfect Forward Secrecy (PFS): In the unfortunate “loss” event of your phone, no one will be able to access your keys even if used in the past

• Open Source Secure Codes

31


Voice Encryption Technology Summary

Politically Neutrality of PrivateGSM Security Technologies

32

Tech Open Source

Public Specificatio

n

Standard

Peer Reviewe

d

Security Model

Level

ZRTP YES YES YES YES END-TO-END TOP-SECRET

SRTP YES YES YES YES END-TO-SITE SECRET


Mobile voice encryptionA revolutionary approach in voice encryption

industry

[email protected]

Ict encryption agt_fabio_pietrosanti

Technology

Transcript of Ict encryption agt_fabio_pietrosanti