Voice of VOIPSA

The other day at the IET Secure Mobile conference in London, Steve Babbage, Vodafone’s Group Chief Crypographer (great job title) gave the keynote, and I was fortunate to speak to him afterwards about his ideas.  One interesting area was “security through obscurity”, where he maintained that in some situations it makes sense to make an attacker’s job as difficult as possible through the use of secret algorithms.  I hope I can do the argument justice here. 

The World has changed today, and generally governments do not try to interfere in the issues of what crypto gets used in commercial mobile networks.  However, when GSM was born, 40bit encryption was a (rather weak) standard that governments agreed should be used.  In this environment, Steve Babbage maintains, the cellcos would have been mad to release all the details of the algorithm to the public, since the added obscurity would make it even harder for an attacker to get a foothold.  In the context of SIM attacks (being physically in contact with the SIM to decrypt it,  a so-called “side-channel attack”), sometimes attackers can gain knowledge about the secret key by measuring the power usage of the chip under attack.  On the other hand, if the algorithm is secret, then it is impossible for an attacker to map power fluctuations against a model, since all he has is a seemingly patternless output from an engine of unknown design. 

The use of secret algorithms is generally thought of these days as a “bad thing”, since if the algorithm is openly published it means that academics and researchers can test the thing to death and publish vulnerabilities that they find.  This should result in better algorithms and fewer defects in the long term.  Babbage doesn’t argue in favour of “cobbling something together in secret”, but rather he is saying that if you take a proven good thing like AES/Rijndael, and then add a further secret component to the algorithm, then the intellectual rigour is still there, with an added component to defeat foes.  

What do you think about security via obscurity?

I just stumbled across an interesting article about the use of VoIP in the battlefield. Looking at it from a security point-of-view, you can see that they have all the problems of civilian VoIP, but the consequences of failure could be much higher.

To take some examples: A successful denial-of-service attach could disable battlefield communication; Defeating the encryption system could result in eavesdropping, and the gathering of strategic intelligence; Failures in authentication could result in an enemy posing as your troops, inserting their own disinformation, or perhaps they could make accredited troops fail to attach to the voice network. Network hijacking could also be a problem, where they piggyback on your network to use its resources and equipment to pass their own data.

Certainly a lot of threats to counter. I’ve heard it said that military technology is 10 years ahead of civilian technology. I’m hoping that’s true in this case, and that there’s a lot of good stuff that we can benefit from in the next few years.

According to news in PC Pro magazine, authorities in Switzerland have come up with an unorthodox plan to tackle call tapping of Skype and other VoIP users.  VoIP calls can be end-to-end encrypted, which means that tapping on the Internet itself is often not practical.  For example Skype use an undisclosed encryption algorithm and key exchange system.  Phil Zimmermann’s Zfone employs perfect secrecy so that the conversation cannot even be listened to later offline when the encryption key has been obtained.

So the Swiss plan?  Tap the calls on the PC, by means of installing some kind of trojan to tap into the audio stream before it is encrypted.  It would be installed either by the authorities or remotely by the ISP.

Now, this is a daft idea on so many different levels that it’s hard to know where to begin.  In an ordered society like Switzerland you could expect a high level of compliance with this kind of procedure.  Unfortunately, the ones that won’t comply (for example malevolent hackers; gangsters; terrorists) are probably the ones that you are most interested in gathering intelligence about.  Secondly, it’s a gift for criminals, since if you leave a backdoor open, the PC already compromised, then someone will likely exploit this for criminal purposes.

With the right software in place, audio could be relayed in from elsewhere, allowing criminals to make calls “on your phone”, possibly implicating you in a crime.  Similarly, audio could be relayed out, so that those outside the government service could tap your phone, a boon to tabloid newspapers and blackmailers.

Finally, in a world of ever more mobile users, is this approach even practical?  Mobile users with GPRS in their phone or PDA can connect to the Internet without even touching a Swiss ISP.  Crime doesn’t necessarily stop at borders these days, couldn’t criminals just be in and out of the country before the G-Man sneaks some tapping software onto their laptop?

 

 

We’ve written here before about Phil Zimmermann’s Zfone and the ZRTP protocol, but what exactly does an encrypted phone call sound like?  Well, here is a sample, captured with Wireshark and converted to MP3 for your audio pleasure with Goldwave.

Now, if only Mr. Schwarzenegger can find a way to apply the same encryption to all of his MP3 recordings… 

 

Catching up on my reading, I see that Dr Dobb’s Journal honoured crypto guru Bruce Schneier in their April edition with an excellence in programming award.  I’ve been a fan of DDJ since I first came across the magazine in the 1980’s, and (with my software developer hat on) once even had the thrill of contributing to DDJ.

Congratulations, Bruce, coming from one of the World’s top-rank developer publications, I think this is an accolade to really enjoy. 

On the Infoworld Zero Day Security page, Garza talks a little about the VoIP Phreaking session at the Black Hat conference, which is on right now in Las Vegas.  I’m looking forward to the promised podcast with The Grugg, who led that class.

On the Black Hat website is an archive of presentations from previous conferences, and the ones from the current conference should pop-up there in the coming weeks. 

Skype and Sandisk recently made a joint announcement about shipping USB flash drives preloaded with Skype.  The idea behind it is that you can carry the stick in your pocket, and then wherever you go, plug it into an available PC, and be able to make calls with Skype, with all your contacts at your fingertips.  Great idea, very convenient, but of course a security nightmare.

First of all, corporate security people don’t like these flash disks anyway, bringing as they do risks of walking in unwanted stuff, like Trojans, and allowing people to carry out large amounts of data copied from internal servers.

Secondly, some of these devices are bootable and therefore vulnerable to carrying viruses.  A  friend of mine has a USB key smaller than the top part of a thumb, which he carries around on a key ring.  When he plugs it in, it boots the PC for Linux and allows him to remote control his machines back at work from wherever he happens to be.  Now security managers can also worry about strangers coming in, poking in their Sandisk sticks and Skypeing out from the corporate net, regardless of what the policy on Skype might be.

But losing data on flash drives must be a major security concern, since the devices are so small and light, and easy to lose.  Periodically, in the UK, we hear stories about government employees or even people in the security services, who lose their laptop, or have it stolen while they are out of the office.  In the old days, taking data out of the office just wasn’t allowed.  For example there’s the story about Malcolm Williamson, who worked for GCHQ (one of the intelligence departments in the UK), in the 1970’s.  Then the rule was that no materials could be taken out of GCHQ, and nothing about work should be written down while people were outside of work.  Incredibly, Williamson thought up an algorithm for secure key exchange over dinner without making any notes.  This algorithm is now known as Diffie Hellman.

These days, James Bond and all his chums can take their laptops home.  God forbid that they should be given flash drives as well.  These would be sure to fall out of your pockets while you parachuted, scuba-dived and karate-kicked your way through the day job.  It would be bad news to find out that you’ve dropped your Sandisk key, containing the Skype details of all your fellow field officers.

It would seem that Microsoft and Yahoo! have decided to work together and create an inter-operable messaging platform that will support both the Microsoft Live Messenger and Yahoo Instant Messanger clients and protocols, and combining their separate user-bases into one that is close to 350 million users strong, easily eclipsing the 100 million that Skype boasts.

With a clear road map to VoIP services and to adding IM services to mobile phones, both of which Yahoo!’s service already offers via it’s service, as well as the ability to make PC to PSTN calls via Yahoo!’s “Phone Out” service, it’s clear that the target is being drawn squarely on Skype. It will be interesting to see if the security aspect of Skype’s closed product approach or the apparent lack of strong encryption in the Microsoft or Yahoo! protocols (at least in their default configurations) will play any part in the upcoming shootout for subscribers.

The new unified platform is currently in beta and is available for trial.

In VoIP Security it seems we owe a double debt to Claude Shannon.  Shannon is probably best known for the Nyquist-Shannon sampling theorem, which underlies the whole of digital sampling of analog signals.  The elevator version of this idea is that when you sample something into digital form, you have to do this at least twice the frequency of the highest frequency that you want to reproduce.  This is why CDs only have an audible frequency range of 22kHz (due to the 44 kHz sampling rate), which comfortably covers the range of frequencies that I can now hear, although perhaps not my childrens’. 

But Claude Shannon also coined the term perfect secrecy, as he did a lot of work related to cryptography.  In a nutshell, perfect secrecy means that you have no more information about the plaintext after seeing the ciphered version than you did before seeing it, i.e. it’s perfectly secret if the ciphered text gives you no clues and all plaintexts are equally probable.  I would highly recommend reading Shannon’s biography at the Wikipedia site.

Actually, reading this page made me think about Richard Feynmann (also  biog’ed at Wikipedia), one of my great heroes. 

The two men were about the same age: Shannon combined a serious academic career with juggling, unicycling and with roulette weekends in Las Vegas;  Feynmann, a brilliant physicist and educator, had hobbies of bongo drumming, painting and safe cracking.  I wonder if the two of them ever met?

In an interestingly eerie parallel to a discussion that has recently cropped up on the VoIPSec forum regarding peer-entity authentication vs. data-origin authentication, Skype announced yesterday that it intends to address the issue of user-identification within their VoIP service.

Part of Skype’s “wish list” for further expansion into the business market is to enhance username authentication for business customers, the voice over Internet Protocol company said Wednesday.

Skype’s system currently automatically authenticates users itself, based on certificates from it’s own encrypted Public Key Infrastructure (PKI). Because it does this automatically and transparently to the user, the users themselves have no way of authenticating the identity of the person they are communicating with.

“Skype is a public key infrastructure, which means nothing if you don’t know who you are identifying at the other end,” Sauer said.

You can read more detail at News.com.com.