SecuVOICE SNSMastering interoperability challenges with              Secure Voice
SecuVOICE SNSOutline     The Need for End-to-End Security in Secure Voice      The Compatibility Challenge of End-to-End S...
SecuVOICE SNSThe Need for End-to-End Securitythreads to voice and SMScommunication     Interception on the air interface  ...
SecuVOICE SNSThe Need for End-to-End Securitysecure voice needs more than justencryption     End-to-End encryption of voic...
SecuVOICE SNSThe Interoperability Challenge of E2ESecuritythe “mobile” island
SecuVOICE SNSThe Interoperability Challenge of E2ESecuritysecure mobile to landlinecommunication                      Secu...
SecuVOICEThe Interoperability Challengesecure enterprise voice communication                            TC                ...
SecuVOICE SNSThe Interoperability Challenge of E2ESecuritymanufacturer-independent                             TC         ...
SecuVOICE SNSThe Interoperability Challenge of E2ESecuritynetwork-independent                                     TC      ...
SecuVOICE SNSThe Interoperability Challenge of E2ESecurityfuture proof                IP / PSTN                           ...
SecuVOICE SNSThe SNS Standard:Secure Network-independent Speechcommunication     Open standard published by the German Fed...
SecuVOICE SNSThe SNS standard is leading the wayin interoperable secure communication.     SNS protocol supports the defin...
SecuVOICE SNSThe SNS standard defines amandatoryinteroperability mode based on “BOS Digital”     Elliptic curve public key...
SecuVOICE SNSThe SNS standard enables E2E securecommunicationover a variety of networksOne of the mandatory interoperabili...
SecuVOICE SNSThe SNS standardimplementation challengesMuch like NATO-SCIP the implementation of the SNS-Standardimposes se...
SecuVOICE SNSSecuVOICE SNSsecure mobile voice communicationsSecure encrypted conversations,authenticated conversation part...
SecuVOICE SNSSecuVOICE SNSsecure SMS text messagesWorldwide protection with end-to-end encryption,authenticated senders an...
SecuVOICE SNSSecuGATE SNSsecure landline voice calls                      SecuGATEHardware-encrypted conversations,       ...
SecuVOICE SNSSecuVOICE & SecuGATEas comfortable as always, more securethan ever.     Usual user-friendliness     Secure te...
SecuVOICE SNSSecuVOICE & SecuGATEcompatible, interoperable and approved     Approved for VS-NfD security level     (Classi...
SecuVOICE SNSSecusmart Security CardSecure microSD card with embeddedSmartcard     4GB flash memory     Embedded Smartcard...
SecuVOICE SNSTechnical Background –Landline     SecuGATE Crypto Gateways:         SecuGATE LI 1 – for 1 ISDN S0 connection...
Upcoming SlideShare
Loading in …5
×

Secuvoice SNS - Christoff Erdman

2,009 views

Published on

Published in: Business, Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,009
On SlideShare
0
From Embeds
0
Number of Embeds
554
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Secuvoice SNS - Christoff Erdman

  1. 1. SecuVOICE SNSMastering interoperability challenges with Secure Voice
  2. 2. SecuVOICE SNSOutline The Need for End-to-End Security in Secure Voice The Compatibility Challenge of End-to-End Security The SNS Standard: Secure Network-Independent Speech Communication SecuVOICE SNS – Mastering the Interoperability Challange
  3. 3. SecuVOICE SNSThe Need for End-to-End Securitythreads to voice and SMScommunication Interception on the air interface Passive: breaking A5/1 encryption Active: IMSI-Catcher (Dis-)lawful interception in the land transmission network Voice and SMS data are transmitted in clear text Call-ID spoofing Attacker transmits false caller ID Cheap and effective
  4. 4. SecuVOICE SNSThe Need for End-to-End Securitysecure voice needs more than justencryption End-to-End encryption of voice and SMS data Protection against interception Certificate-based authentication of the users Protection against man-in-the-middle attacks Protection against Call-ID spoofing
  5. 5. SecuVOICE SNSThe Interoperability Challenge of E2ESecuritythe “mobile” island
  6. 6. SecuVOICE SNSThe Interoperability Challenge of E2ESecuritysecure mobile to landlinecommunication SecuGATE LI 1
  7. 7. SecuVOICEThe Interoperability Challengesecure enterprise voice communication TC Installation PSTN + SecuGATE LI 4 / LI 30 SecuGATE LI 1
  8. 8. SecuVOICE SNSThe Interoperability Challenge of E2ESecuritymanufacturer-independent TC Installation PSTN + SecuGATE LI 4 / LI 30 + SecuGATE LI 1
  9. 9. SecuVOICE SNSThe Interoperability Challenge of E2ESecuritynetwork-independent TC Installation PSTN + SecuGATE + LI 4 / LI 30 TETRA / PSTN SecuGATE LI 1
  10. 10. SecuVOICE SNSThe Interoperability Challenge of E2ESecurityfuture proof IP / PSTN TC Installation PSTN + SecuGATE + LI 4 / LI 30 TETRA / PSTN SecuGATE LI 1
  11. 11. SecuVOICE SNSThe SNS Standard:Secure Network-independent Speechcommunication Open standard published by the German Federal Office for Information Security (BSI) Defines a network-independent protocol for end-to- end secure voice and SMS communication Makes no assumptions on the underlying channel other than a minimum bit rate of ca. 7 kbit/s facilitates compatibility of manufacturer-independent solutions
  12. 12. SecuVOICE SNSThe SNS standard is leading the wayin interoperable secure communication. SNS protocol supports the definition of various national and proprietary modes Each mode defines: voice codec, crypto scheme and signalling plan Negotiation of the best possible mode at the beginning of each call Mandatory interoperability mode based on TETRA ACELP voice codec and “BOS Digital” crypto scheme
  13. 13. SecuVOICE SNSThe SNS standard defines amandatoryinteroperability mode based on “BOS Digital” Elliptic curve public key cryptography available only in Smart Cards (NXP SmartMX P5CT072) Certificate-based key management based on BOS public key infrastructure (BOS PKI) Authenticated ECDH key negotiation of a new traffic encryption key (TEK) for each new call Voice traffic encryption using symmetric key stream cipher based on AES-128 key stream generation performed inside the smart card Even the TEK never leaves the smart card
  14. 14. SecuVOICE SNSThe SNS standard enables E2E securecommunicationover a variety of networksOne of the mandatory interoperability modes allows E2E securevoice and SMS communication between SNS devices in PSTNand TETRA radio devices in German TETRA-BOS network BOS-Digital cryptography (voice encryption, SDS/SMS encryption and key management) Voice Codec: TETRA ACELP (ETSI EN 300 395-2) Voice signalling plan compatible with TETRA (via transparent PSTN/TETRA gateway)
  15. 15. SecuVOICE SNSThe SNS standardimplementation challengesMuch like NATO-SCIP the implementation of the SNS-Standardimposes several challenges particularly when consideringcurrent mobile device platforms Design-In of BOS Smartcard Secusmart Security Card (4GB microSD Card with embedded BOS Smartcard) Integration of TETRA ACELP voice codec on application processor Implementation of SNS protocol stack for each mobile platform
  16. 16. SecuVOICE SNSSecuVOICE SNSsecure mobile voice communicationsSecure encrypted conversations,authenticated conversation partners Unencrypted telephone calls also possible SecuGATE LI 1
  17. 17. SecuVOICE SNSSecuVOICE SNSsecure SMS text messagesWorldwide protection with end-to-end encryption,authenticated senders and recipients Unencrypted text messages also possible
  18. 18. SecuVOICE SNSSecuGATE SNSsecure landline voice calls SecuGATEHardware-encrypted conversations, LI 1authenticated conversation partners SecuGATE TC Installation SecuGATE LI 4 / LI 30 LI 1Unencrypted also possibletelephone calls
  19. 19. SecuVOICE SNSSecuVOICE & SecuGATEas comfortable as always, more securethan ever. Usual user-friendliness Secure telephone conferences Excellent voice quality Quick call set-up Global accessibility (GSM networks)
  20. 20. SecuVOICE SNSSecuVOICE & SecuGATEcompatible, interoperable and approved Approved for VS-NfD security level (Classified – for official use only) Internationally approved up to NATO Restricted security level Compatible with TETRA-BOS Compatible with SNS standard Supplying German federal authorities since 2009 Supplying German state authorities since 2010
  21. 21. SecuVOICE SNSSecusmart Security CardSecure microSD card with embeddedSmartcard 4GB flash memory Embedded Smartcard Chip (NXP SmartMX P5CT072) BOS-Digital Cryptography Secure key storage (protected against unauthorized access) PKI co-processor High speed AES co-processor Energy saving design
  22. 22. SecuVOICE SNSTechnical Background –Landline SecuGATE Crypto Gateways: SecuGATE LI 1 – for 1 ISDN S0 connection SecuGATE LI 4 – for up to 4 ISDN S0 connections SecuGATE LI 30 – for 1 ISDN S2M connection (up to 30 voice channels) Works with all commercial ISDN telephones and ISDN telephone systems

×