PrivateGSM - Voice EncryptionTechnicalOverview<br />An overviewofPrivateGSM’sencryptiontechnologies and security<br />14/0...
2<br />Agenda <br /><ul><li>PrivateGSM Security Overview
PrivateGSM Voice Encryption Standards
Signaling Encryption
Media Encryption
End-to-End key exchange
End-to-Site key exchange</li></li></ul><li>3<br />Company Vision: Transparency, Usability and Security! <br />PrivateWave ...
PrivateGSM Mobile Voice Encryption<br /><ul><li>Software voice encryptionproductforsmartphones
Nokia S60 smartphones
Blackberry Bold9700, Bold 9000, BB 8520
iPhone 3GS, 4G
UseVoIP (UMTS, GPRS, WIFI)
Requireinstallation at bothparties
Extremely easy tobeused
Readyfororganization-widedistribution
IncreaseduseracceptancewithoutDedicated Hardware!</li></ul>PrivateGSM Security Overview<br />4<br />
Differentiated Security Model<br /><ul><li>Security model it’s highly relevant when defining policies for secure communica...
Specific information require specific security model
PrivateGSM support two security model
Protecting from everyone
Protecting from third party</li></ul>PrivateGSM Security Overview<br />
Protect from everyone<br />End To End Security<br /><ul><li>The information is encrypted at the source and decrypted at th...
Anyone except the caller and the called can acquire the communication.</li></ul>PrivateGSM Security Overview<br />
IP Network<br />Internet<br />End To End Security<br />MNO 1<br />MNO 2<br />Communication protected by ZRTP<br />Protect ...
Protect from third party<br />End To Site Security<br /><ul><li>The information is encrypted separately from the source to...
Anyone except the server, the caller and the called can acquire the communication.
The organization has the authority to eavesdrop it’s own communication</li></ul>PrivateGSM Security Overview<br />
Protect from third party<br />End To Site Security<br />MNO 1<br />PSTN<br />IP Network<br />Internet<br />Secure PBX<br /...
Security Approach<br /><ul><li>Certifiedtobesecure
Multiple independentresearch/industryinstitutionscertifyittobesecure
Open Source encryptioncodes
Upcoming SlideShare
Loading in...5
×

PrivateGSM - Voice Encryption Technical Overview

1,660

Published on

>PrivateGSM Security Overview
>PrivateGSM Voice Encryption Standards:
- Signaling Encryption
- Media Encryption
- End-to-End key exchange
- End-to-Site key exchange

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,660
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
67
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

PrivateGSM - Voice Encryption Technical Overview

  1. 1. PrivateGSM - Voice EncryptionTechnicalOverview<br />An overviewofPrivateGSM’sencryptiontechnologies and security<br />14/04/2011<br />Fabio Pietrosanti–CTO<br />http://www.privatewave.com<br />Tel: +39 340 180 1049<br />E-mail: fabio.pietrosanti@privatewave.com<br />
  2. 2. 2<br />Agenda <br /><ul><li>PrivateGSM Security Overview
  3. 3. PrivateGSM Voice Encryption Standards
  4. 4. Signaling Encryption
  5. 5. Media Encryption
  6. 6. End-to-End key exchange
  7. 7. End-to-Site key exchange</li></li></ul><li>3<br />Company Vision: Transparency, Usability and Security! <br />PrivateWave promotes the value of total transparency in all the applications developed, using only open source and public technologies, with a security certified and monitored by the biggest worldwide experts in this sector.  <br />PrivateWave develops and produces encryption products with a focus on the usability. Any user, even with no technical background, is able to communicate in a safe and secure way without any difficulty.<br />The company vision<br />PrivateGSM Security Overview<br />
  8. 8. PrivateGSM Mobile Voice Encryption<br /><ul><li>Software voice encryptionproductforsmartphones
  9. 9. Nokia S60 smartphones
  10. 10. Blackberry Bold9700, Bold 9000, BB 8520
  11. 11. iPhone 3GS, 4G
  12. 12. UseVoIP (UMTS, GPRS, WIFI)
  13. 13. Requireinstallation at bothparties
  14. 14. Extremely easy tobeused
  15. 15. Readyfororganization-widedistribution
  16. 16. IncreaseduseracceptancewithoutDedicated Hardware!</li></ul>PrivateGSM Security Overview<br />4<br />
  17. 17. Differentiated Security Model<br /><ul><li>Security model it’s highly relevant when defining policies for secure communications
  18. 18. Specific information require specific security model
  19. 19. PrivateGSM support two security model
  20. 20. Protecting from everyone
  21. 21. Protecting from third party</li></ul>PrivateGSM Security Overview<br />
  22. 22. Protect from everyone<br />End To End Security<br /><ul><li>The information is encrypted at the source and decrypted at the destination.
  23. 23. Anyone except the caller and the called can acquire the communication.</li></ul>PrivateGSM Security Overview<br />
  24. 24. IP Network<br />Internet<br />End To End Security<br />MNO 1<br />MNO 2<br />Communication protected by ZRTP<br />Protect from everyone<br />Secure Telephony Infrastructure PBX<br />PrivateGSM Security Overview<br />
  25. 25. Protect from third party<br />End To Site Security<br /><ul><li>The information is encrypted separately from the source to the server and from the server to the destination with two different operations.
  26. 26. Anyone except the server, the caller and the called can acquire the communication.
  27. 27. The organization has the authority to eavesdrop it’s own communication</li></ul>PrivateGSM Security Overview<br />
  28. 28. Protect from third party<br />End To Site Security<br />MNO 1<br />PSTN<br />IP Network<br />Internet<br />Secure PBX<br />Corporate PBX<br />IP Phone<br />Communication protected by SRTP/SDES<br />PrivateGSM Security Overview<br />
  29. 29. Security Approach<br /><ul><li>Certifiedtobesecure
  30. 30. Multiple independentresearch/industryinstitutionscertifyittobesecure
  31. 31. Open Source encryptioncodes
  32. 32. Subjectto public review ( www.zrtp.org )
  33. 33. Every security sensitive pieceof code can beinspected and reviewed
  34. 34. Full Protection
  35. 35. Protectfrom intelligence gatheringtroughphonecalllogs (signaling)
  36. 36. Politicallyneutral
  37. 37. Technologyresistantagainstpossiblepoliticalpressure on manufacturer</li></ul>PrivateGSM Security Overview<br />10<br />
  38. 38. Voice EncryptionStandards<br />11<br />PrivateGSM Security Overview<br />PrivateGSM Voice Encryption Standards<br />Signaling Encryption<br />Media Encryption<br />End-to-End key exchange<br />End-to-Site key exchange<br />Voice Encryption Standards<br />
  39. 39. SIP/TLS Security Standard<br /><ul><li>Signaling Encryption (like https but better than a browser)
  40. 40. Server side digital certificates for use by SSL/TLS
  41. 41. Strict TLS hardening for custom-CA configuration
  42. 42. Strict TLS Policy Handshake for safety (only strong ciphers)
  43. 43. Key Exchange (For example RSA or Diffie Hellman or Elliptic Curve DH or Ephemeral DH or ECC Ephemeral DH)
  44. 44. Key Signing (For example RSA or ECC keys)
  45. 45. Symmetric Encryption (For example DES, 3DES, RC4, AES128, AES256)
  46. 46. Hashing Algorithm (For example MD5, SHA1, SHA256, SHA384)</li></ul>Voice EncryptionStandards–SignalingEncryption<br />12<br />
  47. 47. SIP/TLS handshake<br />Voice EncryptionStandards–SignalingEncryption<br />13<br />
  48. 48. SIP/TLS Encryption Tech Summary<br /><ul><li>TLS Exchange Preferences:
  49. 49. TLS_RSA_WITH_AES_256_CBC_SHA
  50. 50. TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  51. 51. Symmetric algorithm: AES-128/256
  52. 52. Asymmetric algorithm:DHE / RSA
  53. 53. When negotiating DHE the SIP Signaling acquire Perfect Forward Secrecy (PFS) properties** Not all mobile platform support DHE for SIP/TLS</li></ul>Voice EncryptionStandards–SignalingEncryption<br />14<br />
  54. 54. Voice EncryptionStandards<br />15<br />PrivateGSM Security Overview<br />PrivateGSM Voice Encryption Standards<br />Signaling Encryption<br />Media Encryption<br />End-to-End key exchange<br />End-to-Site key exchange<br />Voice Encryption Standards<br />
  55. 55. SRTP Media Encryption Tech Summary<br /><ul><li>SRTP describe how to encrypt and guarantee the integrity of RTP packets
  56. 56. Encryption has been brought to IETF standard in March 2004 with SRTP (RFC3711)
  57. 57. Several Key Exchange methods has been standardized
  58. 58. SRTP support for symmetric encryption
  59. 59. AES128 / 256 Counter mode (CTR)
  60. 60. SRTP for integrity checking HMAC-SHA1 (32bit used)</li></ul>Voice EncryptionStandards–Media Encryption<br />16<br />
  61. 61. SRTP Media Encryption packet format<br />Voice EncryptionStandards–Media Encryption<br />17<br />
  62. 62. 18<br />PrivateGSM Security Overview<br />PrivateGSM Voice Encryption Standards<br />Signaling Encryption<br />Media Encryption<br />End-to-Site key exchange<br />End-to-End key exchange<br />Voice Encryption Standards<br />Voice EncryptionStandards–End-to-EndEncryption<br />
  63. 63. SRTP/SDES Security Standard<br /><ul><li>End-to-site encryption with digital certificate verification
  64. 64. Exactly same security architecture of HTTPS
  65. 65. Based on Digital Certificates and PKI
  66. 66. Standardized by Internet Engineering Task Force (IETF)
  67. 67. Diffused among major business VoIP desk phones manufacturer
  68. 68. Snom, Cisco, Asterisk, Avaya, etc
  69. 69. De Facto Enterprise Secure Telephony Standard</li></ul>Voice EncryptionStandards–End-to-SiteEncryption<br />
  70. 70. 20<br />SRTP/SDES end-to-site Example Architecture<br />Voice EncryptionStandards–End-to-SiteEncryption<br />
  71. 71. SRTP/SDES Security Standard<br />End To Site Security<br />MNO 1<br />Secure Telephony Infrastructure PBX<br />IP Network<br />Internet<br />IP Phone<br />(Snom)<br />Communication protected by SRTP/SDES<br />Voice EncryptionStandards–End-to-SiteEncryption<br />
  72. 72. SRTP/SDES Security Standard<br />Voice EncryptionStandards–End-to-SiteEncryption<br />
  73. 73. SRTP/SDES Encryption Tech Summary<br /><ul><li>Symmetric algorithm: AES-128 (CTR)
  74. 74. Asymmetric algorithm: TLS with x509v3
  75. 75. Typical server key size: RSA 2048
  76. 76. Open Source Secure Codes</li></ul>Voice EncryptionStandards–End-to-SiteEncryption<br />
  77. 77. Voice EncryptionStandards<br />24<br />PrivateGSM Security Overview<br />PrivateGSM Voice Encryption Standards<br />Signaling Encryption<br />Media Encryption<br />End-to-End key exchange<br />End-to-Site key exchange<br />Voice Encryption Standards<br />
  78. 78. ZRTPSecurity Standard<br /><ul><li>End-to-end encryption with man-in-the-middle protection
  79. 79. Invented by a group of famous international cryptographers leaded by Philip Zimmermann in 2006
  80. 80. Standardized by Internet Engineering Task Force (IETF)
  81. 81. Protocol with encryption algorithms recognized by most important international security bodies
  82. 82. Human authentication –No Automatic authentication process
  83. 83. Open source Release – http://www.zrtp.org ( ZORG Project )</li></ul>Voice EncryptionStandards–End-to-EndEncryption<br />
  84. 84. ZRTP HumanBasedAuthentication<br /><ul><li>PrivateGSM provide human based authentication with automatic key generation and agreement based on ZRTP</li></ul>Voice EncryptionStandards–End-to-EndEncryption<br />26<br />
  85. 85. ZRTP Security Standard<br />TODO – SLIDE SCHEMA ZRTP<br />Voice EncryptionStandards–End-to-EndEncryption<br />27<br />
  86. 86. ZRTPECC Security Review<br /><ul><li>ZRTP use ECC curves (P-384 / P-521) recognized by
  87. 87. ECC Brain pool - Germany
  88. 88. Standards for efficient cryptography group (SECG) – International
  89. 89. ECC Interoperability Forum – International
  90. 90. National Institute of Standard (NIST) – USA
  91. 91. Runtime detection of weak ECC curves
  92. 92. Implemented in secure open source code
  93. 93. ZRTP use encryption algorithms certified for TOP SECRET within NSA and NATO environment</li></ul>Voice EncryptionStandards–End-to-EndEncryption<br />
  94. 94. ZRTP Encryption Tech Summary<br /><ul><li>Symmetric algorithm: AES-256 (CTR)
  95. 95. Asymmetric algorithm: ECDH-384/521 (P-384/521)
  96. 96. Strength equivalence: RSA 7680 / 15360
  97. 97. Perfect Forward Secrecy (PFS): In the unfortunate “loss” event of your phone, no one will be able to access your keys even if used in the past
  98. 98. Open Source Secure Codes</li></ul>Voice EncryptionStandards–End-to-EndEncryption<br />
  99. 99. Voice Encryption Technology Summary<br />Voice EncryptionStandards<br />
  100. 100. PrivateGSM - Voice EncryptionTechnicalOverview<br />Fabio Pietrosanti– CTO<br />http://www.privatewave.com<br />Per info:<br />Tel: +39 340 180 1049<br />E-mail:fabio.pietrosanti@privatewave.com<br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×