SlideShare a Scribd company logo

Secuvoice SNS - Christoff Erdman

Fox-IT
Fox-IT
BusinessTechnologyEducation
1 of 22
SecuVOICE SNS Mastering interoperability challenges with Secure Voice
SecuVOICE SNS Outline The Need for End-to-End Security in Secure Voice The Compatibility Challenge of End-to-End Security The SNS Standard: Secure Network-Independent Speech Communication SecuVOICE SNS – Mastering the Interoperability Challange
SecuVOICE SNS The Need for End-to-End Security threads to voice and SMS communication Interception on the air interface Passive: breaking A5/1 encryption Active: IMSI-Catcher (Dis-)lawful interception in the land transmission network Voice and SMS data are transmitted in clear text Call-ID spoofing Attacker transmits false caller ID Cheap and effective
SecuVOICE SNS The Need for End-to-End Security secure voice needs more than just encryption End-to-End encryption of voice and SMS data Protection against interception Certificate-based authentication of the users Protection against man-in-the-middle attacks Protection against Call-ID spoofing
SecuVOICE SNS The Interoperability Challenge of E2E Security the “mobile” island
SecuVOICE SNS The Interoperability Challenge of E2E Security secure mobile to landline communication SecuGATE LI 1
SecuVOICE The Interoperability Challenge secure enterprise voice communication TC Installation PSTN + SecuGATE LI 4 / LI 30 SecuGATE LI 1
SecuVOICE SNS The Interoperability Challenge of E2E Security manufacturer-independent TC Installation PSTN + SecuGATE LI 4 / LI 30 + SecuGATE LI 1
SecuVOICE SNS The Interoperability Challenge of E2E Security network-independent TC Installation PSTN + SecuGATE + LI 4 / LI 30 TETRA / PSTN SecuGATE LI 1
SecuVOICE SNS The Interoperability Challenge of E2E Security future proof IP / PSTN TC Installation PSTN + SecuGATE + LI 4 / LI 30 TETRA / PSTN SecuGATE LI 1
SecuVOICE SNS The SNS Standard: Secure Network-independent Speech communication Open standard published by the German Federal Office for Information Security (BSI) Defines a network-independent protocol for end-to- end secure voice and SMS communication Makes no assumptions on the underlying channel other than a minimum bit rate of ca. 7 kbit/s facilitates compatibility of manufacturer-independent solutions
SecuVOICE SNS The SNS standard is leading the way in interoperable secure communication. SNS protocol supports the definition of various national and proprietary modes Each mode defines: voice codec, crypto scheme and signalling plan Negotiation of the best possible mode at the beginning of each call Mandatory interoperability mode based on TETRA ACELP voice codec and “BOS Digital” crypto scheme
SecuVOICE SNS The SNS standard defines a mandatory interoperability mode based on “BOS Digital” Elliptic curve public key cryptography available only in Smart Cards (NXP SmartMX P5CT072) Certificate-based key management based on BOS public key infrastructure (BOS PKI) Authenticated ECDH key negotiation of a new traffic encryption key (TEK) for each new call Voice traffic encryption using symmetric key stream cipher based on AES-128 key stream generation performed inside the smart card Even the TEK never leaves the smart card
SecuVOICE SNS The SNS standard enables E2E secure communication over a variety of networks One of the mandatory interoperability modes allows E2E secure voice and SMS communication between SNS devices in PSTN and TETRA radio devices in German TETRA-BOS network BOS-Digital cryptography (voice encryption, SDS/SMS encryption and key management) Voice Codec: TETRA ACELP (ETSI EN 300 395-2) Voice signalling plan compatible with TETRA (via transparent PSTN/TETRA gateway)
SecuVOICE SNS The SNS standard implementation challenges Much like NATO-SCIP the implementation of the SNS-Standard imposes several challenges particularly when considering current mobile device platforms Design-In of BOS Smartcard Secusmart Security Card (4GB microSD Card with embedded BOS Smartcard) Integration of TETRA ACELP voice codec on application processor Implementation of SNS protocol stack for each mobile platform
SecuVOICE SNS SecuVOICE SNS secure mobile voice communications Secure encrypted conversations, authenticated conversation partners Unencrypted telephone calls also possible SecuGATE LI 1
SecuVOICE SNS SecuVOICE SNS secure SMS text messages Worldwide protection with end-to-end encryption, authenticated senders and recipients Unencrypted text messages also possible
SecuVOICE SNS SecuGATE SNS secure landline voice calls SecuGATE Hardware-encrypted conversations, LI 1 authenticated conversation partners SecuGATE TC Installation SecuGATE LI 4 / LI 30 LI 1 Unencrypted also possible telephone calls
SecuVOICE SNS SecuVOICE & SecuGATE as comfortable as always, more secure than ever. Usual user-friendliness Secure telephone conferences Excellent voice quality Quick call set-up Global accessibility (GSM networks)
SecuVOICE SNS SecuVOICE & SecuGATE compatible, interoperable and approved Approved for VS-NfD security level (Classified – for official use only) Internationally approved up to NATO Restricted security level Compatible with TETRA-BOS Compatible with SNS standard Supplying German federal authorities since 2009 Supplying German state authorities since 2010
SecuVOICE SNS Secusmart Security Card Secure microSD card with embedded Smartcard 4GB flash memory Embedded Smartcard Chip (NXP SmartMX P5CT072) BOS-Digital Cryptography Secure key storage (protected against unauthorized access) PKI co-processor High speed AES co-processor Energy saving design
SecuVOICE SNS Technical Background – Landline SecuGATE Crypto Gateways: SecuGATE LI 1 – for 1 ISDN S0 connection SecuGATE LI 4 – for up to 4 ISDN S0 connections SecuGATE LI 30 – for 1 ISDN S2M connection (up to 30 voice channels) Works with all commercial ISDN telephones and ISDN telephone systems

Recommended

Ict encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosantiIct encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosantiPrivateWave Italia SpA
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateWave Italia SpA
 
Technical Sheet - PrivateGSM VoIP - english
Technical Sheet - PrivateGSM VoIP - englishTechnical Sheet - PrivateGSM VoIP - english
Technical Sheet - PrivateGSM VoIP - englishPrivateWave Italia SpA
 
Security in bluetooth, cdma and umts
Security in bluetooth, cdma and umtsSecurity in bluetooth, cdma and umts
Security in bluetooth, cdma and umtsAnkit Gupta
 
Portable wireless MESH network node
Portable wireless MESH network nodePortable wireless MESH network node
Portable wireless MESH network nodeErin Qiu
 
Roxtec Cable & Pipe Transits - Telecoms
Roxtec Cable & Pipe Transits - TelecomsRoxtec Cable & Pipe Transits - Telecoms
Roxtec Cable & Pipe Transits - TelecomsThorne & Derrick International
 
Network and internet security
Network and internet securityNetwork and internet security
Network and internet securityKaviya452563
 
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Siddharth Rao
 

Recommended

Ict encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosantiIct encryption agt_fabio_pietrosanti
Ict encryption agt_fabio_pietrosantiPrivateWave Italia SpA
 
PrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateGSM - Voice Encryption Technical Overview
PrivateGSM - Voice Encryption Technical OverviewPrivateWave Italia SpA
 
Technical Sheet - PrivateGSM VoIP - english
Technical Sheet - PrivateGSM VoIP - englishTechnical Sheet - PrivateGSM VoIP - english
Technical Sheet - PrivateGSM VoIP - englishPrivateWave Italia SpA
 
Security in bluetooth, cdma and umts
Security in bluetooth, cdma and umtsSecurity in bluetooth, cdma and umts
Security in bluetooth, cdma and umtsAnkit Gupta
 
Portable wireless MESH network node
Portable wireless MESH network nodePortable wireless MESH network node
Portable wireless MESH network nodeErin Qiu
 
Roxtec Cable & Pipe Transits - Telecoms
Roxtec Cable & Pipe Transits - TelecomsRoxtec Cable & Pipe Transits - Telecoms
Roxtec Cable & Pipe Transits - TelecomsThorne & Derrick International
 
Network and internet security
Network and internet securityNetwork and internet security
Network and internet securityKaviya452563
 
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Siddharth Rao
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...EC-Council
 
The known unknowns of SS7 and beyond
The known unknowns of SS7 and beyondThe known unknowns of SS7 and beyond
The known unknowns of SS7 and beyondSiddharth Rao
 
2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)Fabio Pietrosanti
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallFortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallShilaThak
 
Voice&Video Client Framework for Public Safety over LTE
Voice&Video Client Framework for Public Safety over LTEVoice&Video Client Framework for Public Safety over LTE
Voice&Video Client Framework for Public Safety over LTEMitchell Smith
 
Profinet security and safety update - Peter Brown
Profinet security and safety update - Peter BrownProfinet security and safety update - Peter Brown
Profinet security and safety update - Peter BrownPROFIBUS and PROFINET InternationaI - PI UK
 
FortressFone Overview 012915
FortressFone Overview 012915FortressFone Overview 012915
FortressFone Overview 012915Tom Malatesta
 
Signaling network vulnerabilities exposed, protection strategies for operator...
Signaling network vulnerabilities exposed, protection strategies for operator...Signaling network vulnerabilities exposed, protection strategies for operator...
Signaling network vulnerabilities exposed, protection strategies for operator...Xura
 
Ippbx for apartment
Ippbx for apartmentIppbx for apartment
Ippbx for apartmentKISHOREKUMAR V
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...Cisco Canada
 
Norton antivirus
Norton antivirusNorton antivirus
Norton antivirusPC Tech Support
 
Sec16 paper garcia
Sec16 paper garciaSec16 paper garcia
Sec16 paper garciaAndrey Apuhtin
 
LTE Masterclass: “Signaling network vulnerabilities and protection strategies...
LTE Masterclass: “Signaling network vulnerabilities and protection strategies...LTE Masterclass: “Signaling network vulnerabilities and protection strategies...
LTE Masterclass: “Signaling network vulnerabilities and protection strategies...Xura
 
Attack presentation
Attack presentationAttack presentation
Attack presentationFrikha Nour
 
SMB Communications - is VoIP secure?
SMB Communications - is VoIP secure?SMB Communications - is VoIP secure?
SMB Communications - is VoIP secure?Unified Communications Online
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hackingHarshit Varshney
 
Webinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWebinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWestermo Network Technologies
 
Shteinfinance
ShteinfinanceShteinfinance
ShteinfinanceValentina Pavlova
 
Cd213 percy-audiocodes
Cd213 percy-audiocodesCd213 percy-audiocodes
Cd213 percy-audiocodesTran Thanh
 
festival ICT 2013: Mobile Network Security: stato dell’arte e oltre
festival ICT 2013: Mobile Network Security: stato dell’arte e oltrefestival ICT 2013: Mobile Network Security: stato dell’arte e oltre
festival ICT 2013: Mobile Network Security: stato dell’arte e oltrefestival ICT 2016
 
Shteinfinance
ShteinfinanceShteinfinance
ShteinfinanceValentina Pavlova
 
Voice securityprotocol review
Voice securityprotocol reviewVoice securityprotocol review
Voice securityprotocol reviewFabio Pietrosanti
 

More Related Content

What's hot

LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...EC-Council
 
The known unknowns of SS7 and beyond
The known unknowns of SS7 and beyondThe known unknowns of SS7 and beyond
The known unknowns of SS7 and beyondSiddharth Rao
 
2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)Fabio Pietrosanti
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallFortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallShilaThak
 
Voice&Video Client Framework for Public Safety over LTE
Voice&Video Client Framework for Public Safety over LTEVoice&Video Client Framework for Public Safety over LTE
Voice&Video Client Framework for Public Safety over LTEMitchell Smith
 
FortressFone Overview 012915
FortressFone Overview 012915FortressFone Overview 012915
FortressFone Overview 012915Tom Malatesta
 
Signaling network vulnerabilities exposed, protection strategies for operator...
Signaling network vulnerabilities exposed, protection strategies for operator...Signaling network vulnerabilities exposed, protection strategies for operator...
Signaling network vulnerabilities exposed, protection strategies for operator...Xura
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...Cisco Canada
 
LTE Masterclass: “Signaling network vulnerabilities and protection strategies...
LTE Masterclass: “Signaling network vulnerabilities and protection strategies...LTE Masterclass: “Signaling network vulnerabilities and protection strategies...
LTE Masterclass: “Signaling network vulnerabilities and protection strategies...Xura
 
Attack presentation
Attack presentationAttack presentation
Attack presentationFrikha Nour
 
Webinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWebinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWestermo Network Technologies
 
Cd213 percy-audiocodes
Cd213 percy-audiocodesCd213 percy-audiocodes
Cd213 percy-audiocodesTran Thanh
 
festival ICT 2013: Mobile Network Security: stato dell’arte e oltre
festival ICT 2013: Mobile Network Security: stato dell’arte e oltrefestival ICT 2013: Mobile Network Security: stato dell’arte e oltre
festival ICT 2013: Mobile Network Security: stato dell’arte e oltrefestival ICT 2016
 

What's hot (20)

LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
 
The known unknowns of SS7 and beyond
The known unknowns of SS7 and beyondThe known unknowns of SS7 and beyond
The known unknowns of SS7 and beyond
 
2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)2009: Voice Security And Privacy (Security Summit - Milan)
2009: Voice Security And Privacy (Security Summit - Milan)
 
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation FirewallFortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
FortiGate 1500D Series Delivers High-Performance Next-Generation Firewall
 
Voice&Video Client Framework for Public Safety over LTE
Voice&Video Client Framework for Public Safety over LTEVoice&Video Client Framework for Public Safety over LTE
Voice&Video Client Framework for Public Safety over LTE
 
Profinet security and safety update - Peter Brown
Profinet security and safety update - Peter BrownProfinet security and safety update - Peter Brown
Profinet security and safety update - Peter Brown
 
FortressFone Overview 012915
FortressFone Overview 012915FortressFone Overview 012915
FortressFone Overview 012915
 
Signaling network vulnerabilities exposed, protection strategies for operator...
Signaling network vulnerabilities exposed, protection strategies for operator...Signaling network vulnerabilities exposed, protection strategies for operator...
Signaling network vulnerabilities exposed, protection strategies for operator...
 
Ippbx for apartment
Ippbx for apartmentIppbx for apartment
Ippbx for apartment
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
 
Norton antivirus
Norton antivirusNorton antivirus
Norton antivirus
 
Sec16 paper garcia
Sec16 paper garciaSec16 paper garcia
Sec16 paper garcia
 
LTE Masterclass: “Signaling network vulnerabilities and protection strategies...
LTE Masterclass: “Signaling network vulnerabilities and protection strategies...LTE Masterclass: “Signaling network vulnerabilities and protection strategies...
LTE Masterclass: “Signaling network vulnerabilities and protection strategies...
 
Attack presentation
Attack presentationAttack presentation
Attack presentation
 
SMB Communications - is VoIP secure?
SMB Communications - is VoIP secure?SMB Communications - is VoIP secure?
SMB Communications - is VoIP secure?
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hacking
 
Webinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communicationsWebinar how to prepare for the sunset of 2G and 3G cellular communications
Webinar how to prepare for the sunset of 2G and 3G cellular communications
 
Shteinfinance
ShteinfinanceShteinfinance
Shteinfinance
 
Cd213 percy-audiocodes
Cd213 percy-audiocodesCd213 percy-audiocodes
Cd213 percy-audiocodes
 
festival ICT 2013: Mobile Network Security: stato dell’arte e oltre
festival ICT 2013: Mobile Network Security: stato dell’arte e oltrefestival ICT 2013: Mobile Network Security: stato dell’arte e oltre
festival ICT 2013: Mobile Network Security: stato dell’arte e oltre
 

Similar to Secuvoice SNS - Christoff Erdman

Voice securityprotocol review
Voice securityprotocol reviewVoice securityprotocol review
Voice securityprotocol reviewFabio Pietrosanti
 
2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different thingsVOIP2DAY
 
Why use NET in LYNC Deployment
Why use NET in LYNC DeploymentWhy use NET in LYNC Deployment
Why use NET in LYNC DeploymentScanSource, Inc.
 
How To Successfully Implement IP Video
How To Successfully Implement IP VideoHow To Successfully Implement IP Video
How To Successfully Implement IP VideoVideoguy
 
Shahnshah Sarker 072802556
Shahnshah Sarker 072802556Shahnshah Sarker 072802556
Shahnshah Sarker 072802556mashiur
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 
Ims architecture white_paper
Ims architecture white_paperIms architecture white_paper
Ims architecture white_paperPrashant Sengar
 
Ims architecture white_paper
Ims architecture white_paperIms architecture white_paper
Ims architecture white_paperDivyansh Gupta
 
Ims architecture white_paper
Ims architecture white_paperIms architecture white_paper
Ims architecture white_paperHema Makani
 
Cisco 2900 series router, more benefits, high performance
Cisco 2900 series router, more benefits, high performanceCisco 2900 series router, more benefits, high performance
Cisco 2900 series router, more benefits, high performanceIT Tech
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionADVA
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec bigchill29
 
Design of Transparent Distributed IMS Network: Security Challenges Risk and S...
Design of Transparent Distributed IMS Network: Security Challenges Risk and S...Design of Transparent Distributed IMS Network: Security Challenges Risk and S...
Design of Transparent Distributed IMS Network: Security Challenges Risk and S...ijngnjournal
 
Case study about voip
Case study about voipCase study about voip
Case study about voipelmudthir
 

Similar to Secuvoice SNS - Christoff Erdman (20)

Shteinfinance
ShteinfinanceShteinfinance
Shteinfinance
 
Voice securityprotocol review
Voice securityprotocol reviewVoice securityprotocol review
Voice securityprotocol review
 
2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things
 
Why use NET in LYNC Deployment
Why use NET in LYNC DeploymentWhy use NET in LYNC Deployment
Why use NET in LYNC Deployment
 
How To Successfully Implement IP Video
How To Successfully Implement IP VideoHow To Successfully Implement IP Video
How To Successfully Implement IP Video
 
Shahnshah Sarker 072802556
Shahnshah Sarker 072802556Shahnshah Sarker 072802556
Shahnshah Sarker 072802556
 
ECE 6570 Class01
ECE 6570 Class01ECE 6570 Class01
ECE 6570 Class01
 
I psec cisco
I psec ciscoI psec cisco
I psec cisco
 
Ims architecture white_paper
Ims architecture white_paperIms architecture white_paper
Ims architecture white_paper
 
Ims architecture white_paper
Ims architecture white_paperIms architecture white_paper
Ims architecture white_paper
 
Ims architecture white_paper
Ims architecture white_paperIms architecture white_paper
Ims architecture white_paper
 
Linkedin
LinkedinLinkedin
Linkedin
 
Cisco 2900 series router, more benefits, high performance
Cisco 2900 series router, more benefits, high performanceCisco 2900 series router, more benefits, high performance
Cisco 2900 series router, more benefits, high performance
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Download
DownloadDownload
Download
 
Download
DownloadDownload
Download
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec
 
Voip
VoipVoip
Voip
 
Design of Transparent Distributed IMS Network: Security Challenges Risk and S...
Design of Transparent Distributed IMS Network: Security Challenges Risk and S...Design of Transparent Distributed IMS Network: Security Challenges Risk and S...
Design of Transparent Distributed IMS Network: Security Challenges Risk and S...
 
Case study about voip
Case study about voipCase study about voip
Case study about voip
 

Recently uploaded

Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfOrient Homes
 
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfCatalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfOrient Homes
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneVIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 

Recently uploaded (20)

Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)KestrelPro Flyer Japan IT Week 2024 (English)
KestrelPro Flyer Japan IT Week 2024 (English)
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
 
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdfCatalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
Catalogue ONG NƯỚC uPVC - HDPE DE NHAT.pdf
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service PuneVIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Kirti 8617697112 Independent Escort Service Pune
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 

Secuvoice SNS - Christoff Erdman

  • 1. SecuVOICE SNS Mastering interoperability challenges with Secure Voice
  • 2. SecuVOICE SNS Outline The Need for End-to-End Security in Secure Voice The Compatibility Challenge of End-to-End Security The SNS Standard: Secure Network-Independent Speech Communication SecuVOICE SNS – Mastering the Interoperability Challange
  • 3. SecuVOICE SNS The Need for End-to-End Security threads to voice and SMS communication Interception on the air interface Passive: breaking A5/1 encryption Active: IMSI-Catcher (Dis-)lawful interception in the land transmission network Voice and SMS data are transmitted in clear text Call-ID spoofing Attacker transmits false caller ID Cheap and effective
  • 4. SecuVOICE SNS The Need for End-to-End Security secure voice needs more than just encryption End-to-End encryption of voice and SMS data Protection against interception Certificate-based authentication of the users Protection against man-in-the-middle attacks Protection against Call-ID spoofing
  • 5. SecuVOICE SNS The Interoperability Challenge of E2E Security the “mobile” island
  • 6. SecuVOICE SNS The Interoperability Challenge of E2E Security secure mobile to landline communication SecuGATE LI 1
  • 7. SecuVOICE The Interoperability Challenge secure enterprise voice communication TC Installation PSTN + SecuGATE LI 4 / LI 30 SecuGATE LI 1
  • 8. SecuVOICE SNS The Interoperability Challenge of E2E Security manufacturer-independent TC Installation PSTN + SecuGATE LI 4 / LI 30 + SecuGATE LI 1
  • 9. SecuVOICE SNS The Interoperability Challenge of E2E Security network-independent TC Installation PSTN + SecuGATE + LI 4 / LI 30 TETRA / PSTN SecuGATE LI 1
  • 10. SecuVOICE SNS The Interoperability Challenge of E2E Security future proof IP / PSTN TC Installation PSTN + SecuGATE + LI 4 / LI 30 TETRA / PSTN SecuGATE LI 1
  • 11. SecuVOICE SNS The SNS Standard: Secure Network-independent Speech communication Open standard published by the German Federal Office for Information Security (BSI) Defines a network-independent protocol for end-to- end secure voice and SMS communication Makes no assumptions on the underlying channel other than a minimum bit rate of ca. 7 kbit/s facilitates compatibility of manufacturer-independent solutions
  • 12. SecuVOICE SNS The SNS standard is leading the way in interoperable secure communication. SNS protocol supports the definition of various national and proprietary modes Each mode defines: voice codec, crypto scheme and signalling plan Negotiation of the best possible mode at the beginning of each call Mandatory interoperability mode based on TETRA ACELP voice codec and “BOS Digital” crypto scheme
  • 13. SecuVOICE SNS The SNS standard defines a mandatory interoperability mode based on “BOS Digital” Elliptic curve public key cryptography available only in Smart Cards (NXP SmartMX P5CT072) Certificate-based key management based on BOS public key infrastructure (BOS PKI) Authenticated ECDH key negotiation of a new traffic encryption key (TEK) for each new call Voice traffic encryption using symmetric key stream cipher based on AES-128 key stream generation performed inside the smart card Even the TEK never leaves the smart card
  • 14. SecuVOICE SNS The SNS standard enables E2E secure communication over a variety of networks One of the mandatory interoperability modes allows E2E secure voice and SMS communication between SNS devices in PSTN and TETRA radio devices in German TETRA-BOS network BOS-Digital cryptography (voice encryption, SDS/SMS encryption and key management) Voice Codec: TETRA ACELP (ETSI EN 300 395-2) Voice signalling plan compatible with TETRA (via transparent PSTN/TETRA gateway)
  • 15. SecuVOICE SNS The SNS standard implementation challenges Much like NATO-SCIP the implementation of the SNS-Standard imposes several challenges particularly when considering current mobile device platforms Design-In of BOS Smartcard Secusmart Security Card (4GB microSD Card with embedded BOS Smartcard) Integration of TETRA ACELP voice codec on application processor Implementation of SNS protocol stack for each mobile platform
  • 16. SecuVOICE SNS SecuVOICE SNS secure mobile voice communications Secure encrypted conversations, authenticated conversation partners Unencrypted telephone calls also possible SecuGATE LI 1
  • 17. SecuVOICE SNS SecuVOICE SNS secure SMS text messages Worldwide protection with end-to-end encryption, authenticated senders and recipients Unencrypted text messages also possible
  • 18. SecuVOICE SNS SecuGATE SNS secure landline voice calls SecuGATE Hardware-encrypted conversations, LI 1 authenticated conversation partners SecuGATE TC Installation SecuGATE LI 4 / LI 30 LI 1 Unencrypted also possible telephone calls
  • 19. SecuVOICE SNS SecuVOICE & SecuGATE as comfortable as always, more secure than ever. Usual user-friendliness Secure telephone conferences Excellent voice quality Quick call set-up Global accessibility (GSM networks)
  • 20. SecuVOICE SNS SecuVOICE & SecuGATE compatible, interoperable and approved Approved for VS-NfD security level (Classified – for official use only) Internationally approved up to NATO Restricted security level Compatible with TETRA-BOS Compatible with SNS standard Supplying German federal authorities since 2009 Supplying German state authorities since 2010
  • 21. SecuVOICE SNS Secusmart Security Card Secure microSD card with embedded Smartcard 4GB flash memory Embedded Smartcard Chip (NXP SmartMX P5CT072) BOS-Digital Cryptography Secure key storage (protected against unauthorized access) PKI co-processor High speed AES co-processor Energy saving design
  • 22. SecuVOICE SNS Technical Background – Landline SecuGATE Crypto Gateways: SecuGATE LI 1 – for 1 ISDN S0 connection SecuGATE LI 4 – for up to 4 ISDN S0 connections SecuGATE LI 30 – for 1 ISDN S2M connection (up to 30 voice channels) Works with all commercial ISDN telephones and ISDN telephone systems