privategsm - voice encryption technical overview

An overview of PrivateGSM’s encryption technologies and security

PrivateGSM - Voice Encryption Technical Overview

14/04/2011Fabio Pietrosanti – CTO

http://www.privatewave.comTel: +39 340 180 1049E-mail: [email protected]

2

Agenda

• PrivateGSM Security Overview

• PrivateGSM Voice Encryption Standards

Signaling Encryption

Media Encryption

End-to-End key exchange

End-to-Site key exchange

3

Company Vision: Transparency, Usability and Security!

• PrivateWave promotes the value of total transparency in all the applications developed, using only open source and public technologies, with a security certified and monitored by the biggest worldwide experts in this sector.

• PrivateWave develops and produces encryption products with a focus on the usability. Any user, even with no technical background, is able to communicate in a safe and secure way without any difficulty.

The company vision

PrivateGSM Security Overview

• Software voice encryption product for smartphones

• Nokia S60 smartphones

• Blackberry Bold9700, Bold 9000, BB 8520

• iPhone 3GS, 4G

• Use VoIP (UMTS, GPRS, WIFI)

• Require installation at both parties

• Extremely easy to be used

• Ready for organization-wide distribution

• Increased user acceptance without Dedicated Hardware!

4

PrivateGSM Mobile Voice Encryption


Differentiated Security Model

• Security model it’s highly relevant when defining policies for secure communications

• Specific information require specific security model

• PrivateGSM support two security model

Protecting from everyone

Protecting from third party


Protect from everyone

• End To End Security

• The information is encrypted at the source and decrypted at the destination.

• Anyone except the caller and the called can acquire the communication.


IP NetworkInternet

MNO 1

MNO 2

Communication protected by ZRTP

End To End Security

Protect from everyone

Secure Telephony

Infrastructure PBX


Protect from third party

• End To Site Security

• The information is encrypted separately from the source to the server and from the server to the destination with two different operations.

• Anyone except the server, the caller and the called can acquire the communication.

• The organization has the authority to eavesdrop it’s own communication


Protect from third party

IP NetworkInternet

MNO 1

IP Phone

Communication protected by SRTP/SDES

End To Site Security

Secure PBX


PSTN

Corporate PBX

• Certified to be secure

• Multiple independent research/industry institutions certify it to be secure

• Open Source encryption codes

• Subject to public review ( www.zrtp.org )

• Every security sensitive piece of code can be inspected and reviewed

• Full Protection

• Protect from intelligence gathering trough phone call logs (signaling)

• Politically neutral

• Technology resistant against possible political pressure on manufacturer

10

Security Approach


http://www.zrtp.org/

11

Voice Encryption Standards




Media Encryption




SIP/TLS Security Standard

• Signaling Encryption (like https but better than a browser)

• Server side digital certificates for use by SSL/TLS

• Strict TLS hardening for custom-CA configuration

• Strict TLS Policy Handshake for safety (only strong ciphers)

• Key Exchange (For example RSA or Diffie Hellman or Elliptic Curve DH or Ephemeral DH or ECC Ephemeral DH)

• Key Signing (For example RSA or ECC keys)

• Symmetric Encryption (For example DES, 3DES, RC4, AES128, AES256)

• Hashing Algorithm (For example MD5, SHA1, SHA256, SHA384)

Voice Encryption Standards – Signaling Encryption

12

SIP/TLS handshake

13Voice Encryption Standards – Signaling Encryption

SIP/TLS Encryption Tech Summary

• TLS Exchange Preferences:

• TLS_RSA_WITH_AES_256_CBC_SHA

• TLS_DHE_RSA_WITH_AES_256_CBC_SHA

• Symmetric algorithm: AES-128/256

• Asymmetric algorithm: DHE / RSA

• When negotiating DHE the SIP Signaling acquire Perfect Forward Secrecy (PFS) properties** Not all mobile platform support DHE for SIP/TLS

14Voice Encryption Standards – Signaling Encryption

15





Media Encryption




SRTP Media Encryption Tech Summary

• SRTP describe how to encrypt and guarantee the integrity of RTP packets

• Encryption has been brought to IETF standard in March 2004 with SRTP (RFC3711)

• Several Key Exchange methods has been standardized

• SRTP support for symmetric encryption

• AES128 / 256 Counter mode (CTR)

• SRTP for integrity checking HMAC-SHA1 (32bit used)

16Voice Encryption Standards – Media Encryption

SRTP Media Encryption packet format

17Voice Encryption Standards – Media Encryption

18




Media Encryption




Voice Encryption Standards – End-to-End Encryption

SRTP/SDES Security Standard

• End-to-site encryption with digital certificate verification

• Exactly same security architecture of HTTPS

• Based on Digital Certificates and PKI

• Standardized by Internet Engineering Task Force (IETF)

• Diffused among major business VoIP desk phones manufacturer

• Snom, Cisco, Asterisk, Avaya, etc

• De Facto Enterprise Secure Telephony Standard

Voice Encryption Standards – End-to-Site Encryption

20

SRTP/SDES end-to-site Example Architecture


SRTP/SDES Security Standard

IP NetworkInternet

MNO 1

IP Phone(Snom)

Communication protected by SRTP/SDES

End To Site Security

Secure Telephony

Infrastructure PBX


SRTP/SDES Security StandardINVITE sips:*[email protected];user=phone SIP/2.0Via: SIP/2.0/TLS 172.20.25.100:2049;branch=z9hG4bK-s5kcqq8jqjv3;rportFrom: "123" <sips:[email protected]>;tag=mogkxsrhm4To: <sips:*[email protected];user=phone>Call-ID: 3c269247a122-f0ee6wcrvkcq@snom360-000413230A07CSeq: 1 INVITEMax-Forwards: 70Contact: <sip:[email protected]:2049;transport=tls;line=gyhiepdm>;reg-id=1User-Agent: snom360/6.2.2Accept: application/sdpAllow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE, PRACK, MESSAGE, INFOAllow-Events: talk, hold, referSupported: timer, 100rel, replaces, calleridSession-Expires: 3600;refresher=uasMin-SE: 90Content-Type: application/sdpContent-Length: 477

v=0o=root 2071608643 2071608643 IN IP4 172.20.25.100s=callc=IN IP4 172.20.25.100t=0 0m=audio 57676 RTP/AVP 0 8 9 2 3 18 4 101a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:WbTBosdVUZqEb6Htqhn+m3z7wUh4RJVR8nE15GbNa=rtpmap:18 g729/8000a=rtpmap:4 g723/8000a=rtpmap:101 telephone-event/8000a=fmtp:101 0-16a=ptime:20a=encryption:optionala=sendrecv


mailto:[email protected]






SRTP/SDES Encryption Tech Summary

• Symmetric algorithm: AES-128 (CTR)

• Asymmetric algorithm: TLS with x509v3

• Typical server key size: RSA 2048

• Open Source Secure Codes


24





Media Encryption




ZRTP Security Standard

• End-to-end encryption with man-in-the-middle protection

• Invented by a group of famous international cryptographers leaded by Philip Zimmermann in 2006

• Standardized by Internet Engineering Task Force (IETF)

• Protocol with encryption algorithms recognized by most important international security bodies

• Human authentication –No Automatic authentication process

• Open source Release – http://www.zrtp.org ( ZORG Project )


http://www.zrtp.org/

• PrivateGSM provide human based authentication with automatic key generation and agreement based on ZRTP

26

ZRTP Human Based Authentication


ZRTP Security Standard

TODO – SLIDE SCHEMA ZRTP

27Voice Encryption Standards – End-to-End Encryption

ZRTP ECC Security Review

• ZRTP use ECC curves (P-384 / P-521) recognized by

ECC Brain pool - Germany

Standards for efficient cryptography group (SECG) – International

ECC Interoperability Forum – International

National Institute of Standard (NIST) – USA

• Runtime detection of weak ECC curves

• Implemented in secure open source code

• ZRTP use encryption algorithms certified for TOP SECRET within NSA and NATO environment


ZRTP Encryption Tech Summary

• Symmetric algorithm: AES-256 (CTR)

• Asymmetric algorithm: ECDH-384/521 (P-384/521)

• Strength equivalence: RSA 7680 / 15360

• Perfect Forward Secrecy (PFS): In the unfortunate “loss” event of your phone, no one will be able to access your keys even if used in the past

• Open Source Secure Codes


Voice Encryption Technology Summary

Tech Open Source

Public Specificatio

n

Standard

Peer Reviewe

d

Security Model

Level

ZRTP YES YES YES YES END-TO-END TOP-SECRET

SRTP/SDES

YES YES YES YES END-TO-SITE SECRET


Fabio Pietrosanti – CTO

http://www.privatewave.com

Per info:Tel: +39 340 180 1049E-mail: [email protected]

PrivateGSM - Voice Encryption Technical Overview