an introduction to mobile voice call interception and...
TRANSCRIPT
An Introduction to Mobile VoiceCall Interception and Security
Cellcrypt Security BriefAugust 2009
2
Table of Contents
1. Key Requirements............................................................................................................................ 3
2. Cryptography ................................................................................................................................... 4
3. Random Numbers............................................................................................................................ 5
6. Contact Cellcrypt:............................................................................................................................. 6
Figures
Figure 1: Cellcrypt Key Security Requirements...................................................................................... 3
Figure 2: Public-key Cryptography.......................................................................................................... 4
Figure 3: Symmetric Cryptography.......................................................................................................... 4
Figure 4: Hashing Algorithm.................................................................................................................... 4
Figure 5: Random Number...................................................................................................................... 5
3
1. KEY REQUIREMENTS
In order to provide a secure voice communication between two parties several requirements have to be
met. The list below displays the key requirements to establish a secure voice channel between Alice (A)
and Bob (B).
Requirement Details
Confidentiality The communication must be confidential. No 3rd party can listen to the communication between Alice and Bob.
Authentication Both parties need to be able to strongly authenticate each other. Alice must be sure she is speaking with Bob.
Integrity What Alice is communicating must be what Bob is listening to. No 3rd party must be able to alter the communication, without the change being detected by Bob.
Forward secrecy Past communications cannot be decrypted even if the private keys or session keys are leaked.
Figure 1: Cellcrypt Key Security Requirements
Cellcrypt uses internationally recognised encryption algorithms to maintain confidentiality.
eht – ycnetal wol eveihca ot si tnemeriuqer ecnamrofrep yek a ,stnemeriuqer ytiruces ot noitidda nI
delay between words spoken and words heard – to enable full-duplex conversations between callers.
High latency results in the undesirable effects of callers talking over each other or resorting to less
productive half-duplex conversations (“walkie-talkie style”).
Cellcrypt meets its security requirements at the same time as achieving very high performance by
implementing Encrypted Mobile Content Protocol (EMCP) developed by Cellcrypt to specifically solve
the performance issues associated with delivering encrypted real-time content between mobile devices
across wireless networks.
At a high level, EMCP addresses three areas:
High-speed mechanisms to establish encrypted data streams in real-time using standard
encryption algorithms.
Establishment of an end-to-end secure channel between mobile handsets, and authentication
and routing of encrypted data streams between them without the requirement for a key server
(or other technology that can be a security back door).
Mechanisms that ensure high performance data stream delivery over low bandwidth networks.
4
2. CRYPTOGRAPHY
Cellcrypt uses public key cryptography to authenticate Alice and Bob, and for secure key exchange to
establish a session key. The voice traffic is encrypted using symmetric algorithms, using a different
session key for each call.
Figure 2: Public-key Cryptography
Symmetric Cryptography
• AES with 256 bit key
• RC4 with 256 bit key
Description: Both encryption algorithms are used at the same time. The data packet is first encrypted with RC4 and the crypto-data is then encrypted again with AES, in Counter Mode (CTR). Both algorithms are initialized with different session keys derived from the exchanged secrets. The first 4096 bytes are discarded from the key stream to prevent state initialization attacks.
Figure 3: Symmetric Cryptography
Hashing Algorithm
• SHA384 used with ECDSA
• SHA512 used with RSA
• SHA512, MD5 used for session key derivation
Description: Hash functions are used in the generation of random numbers and in the authentication algorithms.
Figure 4: Hashing Algorithm
Asymmetric (Public-key) Cryptography
• RSA with 2048 bit key
• ECDSA using NIST approved curves p-384, with 384-bit prime modulus
• ECDH using NIST approved curves p-384, with 384-bit prime modulus
Description: RSA and ECDSA are used to mutually authenticate parties in each call. The key pairs are generated on the handset when the application is installed, so are unique to each phone. A private key is never shared. Elliptic Curve Diffie-Hellman (ECDH) is used for key exchange to generate a session key that is valid for only one phone call. The application securely destroys the session key after use. On BlackBerry, the software uses RIM’s BlackBerry Cryptographic Kernel libraries.
5
3. RANDOM NUMBERS
The quality of cryptographic keys underpins the security of all cryptography. Good keys must be
unpredictable which only results from use of a high-quality source of random numbers.
Random numbers are also essential to ensure that protocol messages are unique, thereby protecting
against man-in-the-middle and playback attacks. Good random numbers must be derived from
physically random sources that have inherent unpredictability, and be distributed uniformly across a
range of values.
Random Number
• 2048 bit seed pool
• Microphone noise
Description: A 2048 bit seed pool is generated during the installation. The seed pool is periodically updated. The initial seed is derived from the microphone input.
Figure 5: Random Number
