Voice Encryption Overview
March 3, 2010Built from three components
Speech Compression – Encryption – Modem –
Hardware Based
. DSP with GSM or CELP Speech compression
. DSP modem
Software-based
. GSM or CELP in software
. External modem or TCP/IP network connection
Mostly built from off-the-shelf-part (GSM DSP, modem, DSP, software building blocks)
Typical Voice Encryption System
Speech compression
. GSM compression (high bandwidth)
. CELP compression (low-bandwidth)
Security
. DH key exchange
. DES (larger manufacturers)
. 3DES, IDEA, Blowfish (smaller manufacturers, software)
. Password/PIN authentication
Communications
. Built in modem (hardware)
. Internet communications (software)
Speak Freely,
http://www.fourmilab.ch/netfone/windows/speak_freely.html
. Typical software implementation
. Uses standard software components
. Portable across several operating systems
Problems
Latency issues (dropped packets)
Authentication/MITM attacks
NO standardization
GSM
GSM subscriber identify module (SIM) contains
. International mobile Subscriber Identity (IMSI)
. Subscriber identification key Ki
Used for authentication and encryption via simple challenge/response protocol using A3 and IMSI/Ki
. A3 and A8 algorithms provide authentication (usually combined as COMP128)
. A5 provides encryption
- Base station transmits 128 bit challenge RAND
- Mobile unit returns 32 bit signed response SRES via A3
- RAND and K are combined via A8 to give a 64 bit A5 key
- 114 bit frames are encrypted using the key and frame number as input to A5
Traffic Analysis
Monitors presence of communications and source/destination
. Most common is analysis of web server logs
. Search engines reveal information on popularity of pages
. The mere presence of communication can reveal information
. over the air queries to phone
GSM Security was Broken in April 1998
. COMP128 is weak, allows IMSI and Ki to be extracted
. directed access to SIM (cell-phone cloning)
. Over the air queries to phone
. Some cards were later modified to limit the number of COMP128 queries
. A5 was deliberately weakend by zeroing 10 key bits
. Even where providers don’t use COMP128, all shorten the key
. Claimed GSM fraud detection system doesn’t seem to exist
. Affects 80 million GSM phones
Storage Protection
Sensitive data is routinely stored in RAM, but
. RAM can be swapped to disk at any moment
. Users of one commercial product found multiple copies of their encryption password in the Windows swap file
. “Suspend to disk” feature in laptops is particularly troublesome
. Other processes may be able to read it from memory
. Data can be recovered from RAM after power is removed
Tempest Sources
Computer monitor/laptop screen
. Generally radiates huge amounts of signal (range of hundreds of metres)
. Most signal is radiated to the sides, little to the front and back
. Requires external horizontal/vertical sync, insertion, since sync frequencies are to low to be radiated
. Individual monitors can be picked out even when other similar monitors are in use
. Jamming is often ineffective for protection
. eavesdroppers can still zero in on a particular monitor
Tempest Protection
Extremely difficult to protect against
Stopping it entirely
. Extreme amounts of shielding on all equipment
. Run the equipment inside a faraday cage
Stopping it partially
. FCC Class B computers and equipment
. RF filters on power lines, phone lines
. Shield cables
. Ferrite toroids around cables to attenuate surface waves
. Radio hams have information on safely operating computers near sensitive comms gear
Printer and serial cables
Leakage into power lines
Coupling into power lines, phone lines, metal pipes
. Further radiation from there
Surface waves on coax lines
Keyboard
. Some keyboards produce distinct RF signatures for each key pressed
. Active monitoring
. Beam RF energy at the keyboard cable
. Reflected signal is modulated by absence/presence of electrical current
Ethernet
. UTP can be intercepted over some distance
Sometimes claimed to stand for Transient Electromagnetic Pulse Emission Standard
Known since the 1950’s, but first publicized by Van Eck in 1985
. Provided details on remote viewing of computer monitors
. Required about $15 worth of parts (for sync recovery)