Voice of VOIPSA

News broke last week about Session Border Controller manufacturer Newport Networks, which has run into cash-flow problems waiting for deals to close.  Newport Networks was started by serial entrepreneur Sir Terry Matthews, reportedly Wales’s first billionaire, who also founded Newbridge (now part of Alcatel) and Mitel.

Last year Newport were lined up to supply their 1460 Session Border Controller to troubled equipment supplier Marconi.  Marconi themselves failed to become prime NGN suppliers to British Telecom, which ultimately resulted in the failure of the company.  The rump of Marconi has now been absorbed into Ericsson.

Newport have announced layoffs, as reported at ZDNet and in the UK Guardian Newspaper, in an attempt to reduce cash burn while waiting for the business to arrive.  It’s ironic with CALEA in the headlines and telcos rolling out NGNs that a provider of the enabling technology should have run onto the rocks.  Let’s hope the Newport investors can keep their nerve. 

I sent a message the other day on ebay, and came across a new feature: to submit a message you now have to prove you are not spammer but human (these being opposites) with a Turing test or CAPTCHA.  Ok, these things are common on web systems these days, but the new slant here was that if you could not read the graphic, you could click on a link and download an audio version to listen to instead.  This is also one of the proposed strategies for dealing with SPIT (SPAM over Internet Telephony) in our VoIP systems of the future, i.e. interact with the bona fide caller or spammer and present them with some kind of test or quiz before they get put through.  This could be as simple as “Press 8 to speak to Martyn or 0 for voicemail.”

But there is also an arms race aspect to this, for the smart spammer might also employ automatic speech recognition (ASR) technology, which is increasingly cheap and effective due to increasing CPU performance and falling hardware prices.  Their ASR server could be programmed to understand digits, and so have a fair stab at giving the correct answer to the CAPTCHA. 

It interested me that on ebay, the audio file downloaded did not have a pristine recording of the digits being read out, but instead had a variety of noises in the background: white noise; some fragments of speech.  Naturally it’s quite easy for a human to extract the digits from the background noise, but this is just the kind of chaff that might confuse the enemy radar, so to speak, of the spammer’s ASR system.

Happy July 4th to those of you in the USA, and welcome back all our friends that just celebrated Canada Day.

In VoIP Security it seems we owe a double debt to Claude Shannon.  Shannon is probably best known for the Nyquist-Shannon sampling theorem, which underlies the whole of digital sampling of analog signals.  The elevator version of this idea is that when you sample something into digital form, you have to do this at least twice the frequency of the highest frequency that you want to reproduce.  This is why CDs only have an audible frequency range of 22kHz (due to the 44 kHz sampling rate), which comfortably covers the range of frequencies that I can now hear, although perhaps not my childrens’. 

But Claude Shannon also coined the term perfect secrecy, as he did a lot of work related to cryptography.  In a nutshell, perfect secrecy means that you have no more information about the plaintext after seeing the ciphered version than you did before seeing it, i.e. it’s perfectly secret if the ciphered text gives you no clues and all plaintexts are equally probable.  I would highly recommend reading Shannon’s biography at the Wikipedia site.

Actually, reading this page made me think about Richard Feynmann (also  biog’ed at Wikipedia), one of my great heroes. 

The two men were about the same age: Shannon combined a serious academic career with juggling, unicycling and with roulette weekends in Las Vegas;  Feynmann, a brilliant physicist and educator, had hobbies of bongo drumming, painting and safe cracking.  I wonder if the two of them ever met?

The German mobile telephony reseller eteleon has presented a new offering for a VoWLAN bundle featuring the Nokia E60, E61 and E70 smartphones with WLAN and VoIP capabilities. The offering is for use both in the GSM network as well as with Hotspots (or simply with the WLAN at home or in the office). Roaming from WLAN to GSM during a call is nevertheless not an option before the arrival of UMA (Unlicensed Mobile Access). The SIP clients of the Nokia models are delivered preconfigured for use with the VoIP service of the dus.net provider. The interesting thing about it: dus.net is already offering free SRTP encryption as part of its VoIP service. Though the Nokia SIP client doesn’t seem to support it, this is only a small step towards secure mobile VoIP. Should someone tell them?

You can find out more at heise and eteleon (both in German).

In contrast to T-Mobile’s antipathy  towards VoIP services, I see that UK-based WiFi hotspot provider The Cloud is actually in partnership with Skype and Vonage, so clearly they see VoIP as an important component of their business. However, as has been discussed in recent weeks on our VOIPSEC list, security of VoIP is only as good as the security of the platform itself and of the network that carries the VoIP traffic.

The latest security worries for WiFi have just been aired in a Computer World article.  Some researchers will give a talk at the Black Hat conference on how to crash or hack WiFi drivers.  In particular, they have used a fuzzing technique (which David Endler wrote about recently) using a tool called LORCON to expose flaws in the WiFi driver.  The article suggests that LORCON is even a tool simple enough to use for script kiddies.

The life of WiFi has been punctuated by stories of insecurity, including Evil Twinning (where criminals impersonate a bona fide WiFi service), the use of Netstumbler to find unsecured WLANs and endless stories about the insecurity of WEP.  But as Virgil Gligor said at the recent VoIP Security Workshop, the history of computing is full of examples of new technologies that are used for a long period, perhaps ten years, before all of the related insecurities get found and fixed.

Cable Hastens Telco Phone Line Losses

Cable Digitial News, who recently sold themselves to the parent of Light Reading, recently put up an interesting article saying that cable now has 62% of the 6 million customer residential VoIP market; up from 52% a year ago.  The telcos have been seeing an erosion north of 8 million lines per year and claim to be reducing the churn to closer to 6 million this year.  I scratch my head at that one.  I see the trend going in the other direction now that Comcast and Charter have launched cable VoIP products in most of their footprint.  That’s almost 50% of the US market that didn’t have a cable VoIP option a year ago.  I see the churn to cellular-only picking up speed, too.

The article couldn’t resist taking a pot shot at Vonage… the poster child of failed IPOs.  Like everybody else, I’ve been watching it crater.  The FCC news this week that Vonage is going to be required to pay into Universal Service Fund just further erodes their price advantage against the telco wireline product and the cable VoIP product.  This after rulings about CALEA and 911 requirements.  I think the company will end up being worth their cash plus about $100 per subscriber. 

It’s unfortunate that the lay person now thinks VoIP == Vonage and the brand is associated with low quality and a gigantic stockmarket failure.  The cable VoIP product has quality parity with the telco wireline product.  It just goes to show that if you set out to build a quality product rather than take advantage of regulatory arbitrage, you end up winning in the end.

An interesting factoid I’ve picked up recently is that when cable companies sell or trade properties to other cable operators, they value each customer who takes their VoIP product $1000 more than one who doesn’t.  I think this is going to be a big incentive for cable operators to roll out VoIP in their smaller markets since those are the properties that tend to be traded around frequently.  I’ll refrain from talking about my own company but Nortel just announced a scaled down version of their product called the CS 1500 that is clearly targeted at smaller markets. 

Obligatory mention of VoIP Security:

I’ve found myself deluged both from executives within my company and from the cable-oriented trade press about the Net2Phone theft of service hacker case.  There were all kinds rumors flying around that our product was somehow involved.  I had to run through the littany of layers of security that protect cable VoIP. 

• DOCSIS is encrypted with 56-bit DES
• Cable modem chips can only listen on the downstream.  You need a $10K piece of test equipment to sniff the upstream
• The media terminal adapter (MTA) has a digitial certificate burned into it
• The MTA authenticates with a Kerberos Key Distribution Center as part of the boot & provisioning sequence
• The MTA is bound to a single Cable Modem Termination System so a cloned MTA will only work in a small geographical area
• PacketCable Softswitches sit behind firewalls
• Nobody turns on signaling or media security today but all the products support it and are conformance tested at CableLabs
• With a simple port blocking strategy, you could make the Softswitch and MTA invisible on their signaling port

 I did get extensively quoted in one article but they mis-spelled my name.  So far, I’ve only consumed a few nanoseconds of my 15 minutes of fame.

A patent filed by Nintendo for a “messaging service” in the US was discovered yesterday, which may provide clues into what Nintendo may be up to with VoIP and messaging systems between their gaming consoles. The patent describes an IM type environment using presence information and user activity information, such as which game the user is currently playing. IGN writes: “Will we be sending messages and chatting during games of Bonk’s Adventure? Or more impressively, does this mean a DS user on the go could text- or voice-chat with a friend at home playing Wii? What about DS-to-DS communication? Nintendo seems to have wide ambitions here, and the possibilities are striking.” As with most new VoIP implementations the security implications should be interesting, especially considering that the Wii when connected to broadband Internet service will be “always on.”

What are the essential elements of a human conversation that a VoIP system would capture and convey to be ideal ?

To consider this, let us imagine a conversation between three or more people.

What do each of these people know ?

The list would certainly include the following elements:

- physical presence, including turning away and leaving
- focus, when any person turns to one, a few or all to speak
- visual cueing including pointing, nods of agreement, objections, interest, and lack of interest
- displays of valuable emotion
- content of words spoken

What else might be added ?

Let’s say the converation continues and the subject of authority comes up. The list might then extend to:

- identity beyond physical presence, voice and appearance
- authority as offered by voice or proved by other factors
- policy as for example by custom or rule for the type of meeting

Again let’s ask: what else might be added ?

After considering further, let’s now let’s imagine that the conversation ends and that you have have been invited to diagram it.

Maybe you choose to show it as a storyboard of transaction diagrams. Maybe you see a better way to draw it.

Is there a sensible way of classifying the quality of a conversation as it departs from the ideal ?

Now let’s turn this on its head and ask what happens if we augment human conversation and improve what we have been calling the ideal.

The point is that a VoIP system, or at least a VoIP client, can be classified according to the complexity of the expression that it conveys and this is either equal to, less than or better than face-to-face converation.

So parity with the PSTN is still undershooting what people expect when they meet and certainly less than what is possible if you have faith that computing can improve conversation beyond human vision and speech.

There is no one VoIP performance target. It’s a diagram with curves.