PrivateGSM
Technical and Security sheet
Versione 9.0 - 2009

PrivateGSM technical and security overview
Standard Call
PrivateGSM is a software that lets its users place and receive
encrypted end to end phone calls.
The high level of end to end security is provided by the IETF
standard ZRTP encryption protocol, designed and implemented by
Philip Zimmermann.
Each call is protected with a unique session key, witch destroys
itself at the end of the communication.
By using GSM CSD (data) calls, the communication is carried out
directly between the caller and the called, without the need to
enter any intermediate server on its way.
PrivateGSM can be installed on all Nokia S60 3rd edition phones as
a Symbian certified and digitally signed software package.
PrivateGSM Call
1

PrivateGSM Technical and Security summary
Cryptographic protocol ZRTP/S (Extension of ZRTP for GSM telephony)
Asymmetric crypto ECDH 384 bit (Elliptic Curve Diffie Hellman)
Symmetric crypto AES 256 bit (Advanced Encryption Standard)
Security standards and compliances FIPS 120 1 / 197 / 198 1 / 186 2 / 186 3
NIST SP800 64A / SP800 900
NSA Suite B security requirements
Voice compression codec AMR 4.75 (standard GSM quality)
Required data channel CSD (Circuit Switched Data)
CSD bandwith required 9.6kb/s
Link latency Between 650ms and 1.5s (like satellite phone calls)
Mobile network support GSM (2G) and UMTS (3G)
Supported phones Nokia S60 3rd Edition (updates on http://support.privategsm.com)
Software Compliance Auditor SOGETI HT (Capgemini group)
Security peer review Philip Zimmermann
Software integrity Symbian Certified Signed
2

PrivateGSM Security
When evaluating a voice security product the buyer must ask himself:
“How secure is this product and who guarantees it?”
Answering such questions is very difficult for any business in the field of voice security, but
not for KHAMSA.
PrivateGSM uses the ZRTP security protocol, the only available standard technology for
end to end voice encryption, designed and implemented by the worldwide renowned
security expert Philip Zimmermann.
ZRTP was audited and verified to be secure by the entire worldwide security community,
including the Internet Engineering Task Force, Universities, Research and Government
Agencies, Security Companies and Mathematicians. You can see for yourself on
http://zfoneproject.com/zrtp_ietf.html
The ZRTP protocol (libzrtp) used in PrivateGSM is directly implemented by Philip
Zimmermann himself, and its source code is public so all can see for themselves that there
is absolutely no hidden backdoor or vulnerability. You can download the open source
cryptographic engine from http://zfoneproject.com. A true no backdoors guarantee.
Philip Zimmermann is part of KHAMSA’s Board of Advisors and he works closely with the
security and engineering team to guarantee the security and trustworthiness of
PrivateGSM.
3

PrivateGSM end user security
Easy. To avoid human error.
End to End trust How users verify security
PrivateGSM does not rely on any third party Below is an example on how security is verified
trust mechanism like certification authorities or directly by the end users.
other independent entrusted third parties.
The authentication, encryption and the overall
security mechanism is completely in the hands
and control of the prime user.
Human based verification
Each ZRTP secured phone call generates a
unique pair of words that represents the
current secure call fingerprint.
Caller and called need to verify that the code
displayed on their phones is the same one.
The parties will verify the code by voice, which
is the only safe way to authenticate the
speakers.
1. Caller: Giacomo Gervasoni 2. Called: Adelio Rezonico
4

Security requirements of PrivateGSM
Security standards compliance of each component
Cryptographic codes Libraries and codes are provided 100% free of backdoors. The source code of the security library is an open source, publicly reviewed by
P.Zimmermann and by a vast scientific community. Everyone can download and analyze the code from http://zfoneproject.com
User authentication ZRTP standard SaS (short authentication string) procedure with code verification by human voice
Cryptographic hash SHA 256 bit algorithm with well know and widely used implementation in compliance with FIPS 180 2 (Federal Information Processing
Standard) security requirements
Symmetric encryption AES 256 bit algorithm with well known and widely used implementation in compliance with FIPS 197 (Federal Information Processing
Standard) security requirements
Perfect Forward Secrecy If secured conversation are recorded and a PrivateGSM equipped device is compromised, nothing can be recovered because of the PFS
feature of ZRTP
Asymmetric encryption ECC 256 and DH3072 cryptographic method are in compliance with USA National Security Agency Suite B security requirements, US
National Institute of Standard SP 800 56A standard and ECDSA FIPS 186 3
Key HMAC HMAC is compliant with FIPS 198 1 (Federal Information Processing Standard)
Random Number Generator The RNG uses the RANROT algorithm, seeded by unpredictable physical sources of entropy (free running counters available on ARM
processors) that comply with FIPS 186 2 CR1 security requirements, further processed by a Deterministic Random Bit Generator compliant
with National Institute of Standard SP800 90 security requirements
Application integrity The PrivateGSM application cannot be tampered nor modified by third parties due to the Symbian OS Trusted Operating System
mechanism and the Symbian Ltd certification and digital signing process
Application certification The PrivateGSM application does not contain malicious code as certified by Symbian Ltd testing partner, part of the Capgemini group.
Every access to sensitive operating system functions is explicitly authorized and verified by the Capgemini group company.
5

Communication and networking
PrivateGSM uses standard GSM data calls to place and To place a PrivateGSM data call the user has to enable
receive secure phone calls, to provide a direct connection outgoing CSD calls.
without intermediate servers. Usually, they are already enabled on all SIM cards.
GSM (2G) and UMTS (3G) data calls are technically referred To receive a PrivateGSM data call the user has to ask his
to as CSD (Circuit Switched Data) and HSCSD (High Speed GSM operator for an additional data number bound to
Circuited Switch Data) calls, and provide a direct data path the same SIM card but limited to receiving data calls only.
between caller and callee. This is usually available as a separate service for
subscriptions, but it is normally not available for prepaid
PrivateGSM only requires a minimum speed of 9.6kb/s of cards.
standard CSD, so it will work on GSM-only (2G) networks
equally well. KHAMSA works closely with customers to rapidly identify
the correct kind of subscription with the right operators.
Browse http://support.privategsm.com
for more information on GSM operator support
6

PrivateGSM Extended Security FAQ
What if someone wiretaps a PrivateGSM call? Special equipment is required to wiretap data calls. However, if someone is able to wiretap the data
call, only a random, encrypted stream of bits will be recorded.
Basically they will only end up with a file of non understandable, encrypted bits.
What if someone first records my encrypted calls PrivateGSM protects all ZRTP encrypted calls, even calls performed and intercepted before the mobile
and then steals the mobile phone where phone with PrivateGSM is stolen.
PrivateGSM is installed? This feature is called Perfect Forward Secrecy (PFS) and it’s part of the ZRTP security protocol.
The same party now holds both the encrypted
calls and the encryption keys.
Is my privacy compromised?
A competing product claims to have lot of ‘bits’ in Security and cryptography are a complex matter, requiring high skills in computer security
their security facts sheet. It seems to have more and mathematics. Using “more bits” does not mean “more security”, it’s a marketing ploy.
‘bits of strength’ than your product. The best security can only be provided by the right Company, with the right people,
Does that mean that it’s more secure than with the right skills, and the right security technologies. In concluding, the product will only be widely
PrivateGSM? considered trustworthy if this entire process is completed with a high degree of transparency, as done
by KHAMSA.
Who guarantees that you did not put a backdoor Philip Zimmermann made the security peer review, all the security components are compliant with
in the product even if the encryption engine is an NIST, NSA and FIPS security standards and the encryption engine is an open source.
open source? KHAMSA is, on the basis of special business deals, further available for an independent peer review of
the entire source code, software quality and production processes.
7

Future releases and improvements
Product codename Features Platform
Added support of VoIP with ZRTP
PrivateGSM VoIP Symbian
3G & WiFi IP network support
Faster GSM call setup.
PrivateGSM CSD Symbian
Configurable GSM/security parameters
PrivateGSM VoIP Support Windows Mobile for VoIP secure calls Windows Mobile
PrivateGSM CSD Support Windows Mobile for GSM secure calls Windows Mobile
PrivateGSM zFone Secure VoIP on Windows PC Windows
8

See the privategsm.com website to download a trial version. For any technical or security inquiry refer to our support website
www.privategsm.com http://support.privategsm.com
The present document cannot be used, modified, published or copied in any matter or means without prior consent of Khamsa SA.