Technical Sheet - PrivateGSM VoIP - english


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Technical Sheet - PrivateGSM VoIP - english

  1. 1. Technical Sheet - VoIP version Detailed overview of the technologies used by PrivateWave PrivateWave uses only standard protocols and technologies that have been reviewed and widely accepted by the security and scientific communities (ZRTP, SRTP, SIP/TLS) to guarantee a maximum security. Ask your security expert! PrivateGSM VoIP features Security Simplicity Flexible security model: Software only solution for smartphones - ZRTP for end-to-end voice encryption No change in the way you make secure calls: - SRTP for end-to-site voice encryption calls to anyone from address book - SIP/TLS for signaling protection by adding +801 secure prefix Use of only IETF standardized protocols Secure calling to landlines and VoIP phones Security compliant with FIPS, NIST and NSA with multiple certified secure PBX Based on open source technology Performance Low average Bandwith: Low latency (depends on network): - in standby: negligible - during conversation: (100-200 K/minute) Technology Wifi HSDPA UMTS EDGE GPRS Satellite International calls and worldwide roaming Call Delay Performance Extremely low battery drain Supported Technology Operating Systems: Supported Networks: - Symbian/Nokia S60 3rd and 5th edition - Any IP-enabled network - WiFi - iPhone 3.0 and higher - 2G (GPRS, EDGE, 1xRTT) - Satellite - Blackberry 4.6 and higher - 3G (UMTS, HSDPA, EV-DO) Encryption Algorithms Audio Codecs ECDH 256 bit / 384 bit (default) / 521 bit (Elliptic Curve AMR Narrowband 4.75 kbit/s Diffie-Hellman) AMR Narrowband 12.2 kbit/s AES256 (CTR) for ZRTP AES128 (CTR) for SRTP SIP/TLS with X509v3 digital certificates Copyright © 2005-2010 KHAMSA Italia Spa. All rights reserved.
  2. 2. Technical Sheet - VoIP Encryption protocols End to End (ZRTP) internet End to Site (SRTP) End-to-End encryption security (ZRTP) Security is established between the caller and the called phone without ability of any networking device in the middle to decipher the communication. End-to-end security is provided with ZRTP, the open IETF standard voice encryption system invented by Philip Zimmermann that requires human-based verification for the encryption of a call. End-to-Site encryption security (SRTP with SDES key exchange) SRTP is the open IETF standard voice encryption system to protect the communication between two peers sending the encryption keys of a phone call through the secure connection (SIP/TLS) that both peers have established with the VoIP PBX. It is defined as an end-to-site encryption, because the PBX decrypts and re-encrypts the audio flow exchanged between both parties of a phone call, so the PBX can observe and record the communication. This kind of security (end-to-site) is required for integration of secure communication into the existing traditional landline telephony network. Communication protocols We use only IETF (Internet Engineering Task Force) standard communication protocols to maximize compatibility, transparency and ROI for integration into existing infrastructure. For telephony signaling the SIP protocol (RFC3261) is used, which is protected by Transport Layer Security (RFC4346) communica- tion channel with server side x509v3 digital certificate verification. Standard RTP (RFC3550) protocol, along with the security extensions SRTP (RFC3711), are used to transport voice. A proprietary, very simple, protocol obfuscation system is provided in order to bypass eventual VoIP blocks. A ZRTP proprietary extension lets the traffic pass through PBX that otherwise may block it. Cryptography Encryption algorithms ZRTP, SRTP and SIP/TLS only use the best symmetric and asymmetric encryption and hashing algorithms. · ZRTP uses AES256 in counter mode (CTR) for symmetric encryption in compliance with FIPS 197 security requirements and ECDH 384bit for asymmetric encryption DH key exchange in compliance with USA NSA Suite B security requirements, NIST SP800-56A standard and ECDSA FIPS 186-3. It could be configured also to use other ZRTP supported encryption algorithms for compatibility with third party software supporting ZRTP. · SRTP employs AES128 in counter mode (CTR) key agreement system, with keys agreed by parties across the TLS protected SIP channel through the PBX. · TLS employs AES128 to encipher the SIP connection symmetrically given the verification of a x509v3 digital certificate whose RSA key is 2048bit. Random number generation The random number generation is seeded by an unpredictable physical source of entropy (voice audio sample recorded from microphone and free running counters available on ARM processors) that complies with FIPS-186-2-CR1 security requirements. It is further processed by a Deterministic Random Bit Generation, compliant with NIST SP800-90 security requirements. Open source All encryption related libraries and technologies used by PrivateGSM are provided 100% free of backdoor. The source code of the security library is provided for free in open source and it has been publicly reviewed by a wide number of scientific communities, following the Philip Zimmermann well recognized free and open approach. The open source solution guarantees a politically neutral solution and provides much easier source code review activities. Multimedia codec In order to provide a better voice quality for the right networking environment PrivateGSM supports extremely narrowband audio codecs that compress the voice that will be enciphered and then sent across the network. Supported codecs are AMR-NB 4.75 and AMR-NB 12.2. In order to reduce the required bandwidth and maximize the radio resource efficiency we employ voice activity detection (VAD) techniques that prevent the phone from sending full data while not speaking. Note: on some platforms, only certain codecs are supported because of the hardware limitation. More information at: