article: german secure phone

Don Davis dtd at world.std.com
Sat Jun 2 22:11:46 EDT 2001 

http://www.newscientist.com/dailynews/news.jsp?id=ns9999819

Portable privacy

A mobile phone that protects transmissions from
sophisticated eavesdropping is launched in Germany

A mobile phone that protects transmissions from
sophisticated eavesdropping has been launched in
Germany.

Communications company Rohde Schwarz created the TopSec
GSM phone by fitting military grade encryption hardware
into an ordinary S35i Siemens mobile phone.

The company expects the device to appeal to businessmen
who want to protect themselves against industrial
espionage and government representatives concerned
about spying. "In both cases communications have to be
secure," says a company representative.

Ex-Nato technical expert Brian Gladman told New
Scientist: "If done correctly, the encryption would be
effectively attack-proof."

Although the GSM standard does protect transmissions by
encoding them, a number of weaknesses have been
discovered with the system. These could allow
sophisticated eavesdroppers to listen in. The TopSec
GSM phone is designed to provide an extra, robust layer
of security.

The phone may not be for everyone, however. Each device
costs £1800 and so far only 500 handsets have been
created. These must also be bought directly from Rohde
Schwarz.

Private keys

The handset works like any normal GSM mobile phone. But
users can establish a secure communications channel
when "Crypto" is selected from the customised display
menu. When a number is dialled and the Crypto function
selected, the phone checks to see if the device at the
other end is compatible. Currently, the phone works
only with other TopSec mobile phones and ISDN phones
produced by Rohde Schwarz.

If the device at the other end is compatible, each
phone opens a data channel and exchanges its public
encryption key. Using mathematically-linked private
keys, the phones then establish a shared code for
securing voice communications at speed.

It is theoretically possible to decipher messages
encrypted in this way by trying all possible keys in
succession. But in practice this would require a
formidable amount of computational power. Rohde Schwarz
estimates that it would take 100 average desktop
computers 10 years to decrypt a 10-minute phone call.

Attack-proof

Although the encryption itself may be secure, Gladman
says it might be possible to trick the phones into
giving up their secrets using a "man in the middle"
attack. This would involve carrying out a dummy key
exchange with both parties and creating two secure
channels. Each party would be communicating securely,
but only through a third eavesdropper.

This technique would be beyond most industrial spies.
Gladman says it might be within the capabilities of
some government intelligence agencies, however.

Devices that work along similar lines are already used
by the US military. And this is not the first attempt
to make a commercial encryption phone. US company
Starium has created a device that can be attached to
standard phone lines in order to secure voice
communications with encryption.

Web link:
Rohde Schwarz  http://www.rohde-schwarz.com/

1630 GMT, 31 May 2001



-





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list