Public Key Addressing?

Bill Stewart bill.stewart at pobox.com
Sat Nov 16 02:24:06 EST 2002


Abstract: Maybe he's saying that phone calls could be implemented
like remailers or onion routers, or at least like ipsec tunnels,
where the contents of the call are kept separate from the
signalling information, so the ISPs only see what they need to.

At 01:05 PM 11/13/2002 +0100, Hadmut Danisch wrote:
>   "When doing a phone call, phone numbers must be
>   transmitted, and signals about the state of the
>   connection as well."
>Now a german professor of computer science, who
>claims to be a cryptographer, denied this in
>a way which I translate to english like this:
>   "This is a wrong statement about the technical details.
>   It is wrong to claim, that, when doing phone
>   calls, phone numbers must be transmitted. The author
>   seems to take only the currently practiced ISDN protocols
>   into consideration and ignored that, e.g. in particular
>   for Packet Switched Networking with Public Key Addressing,
>   as researched by Donald Davies as the original fundament
>   for the introduction of Packet Switched Networks, especially
>   this problem was to be bypassed/avoided."
...
>Does anybody have any idea, even an absurd one, what could
>the professor have driven to this conclusion and what he
>could have meant with Public Key Addressing?

I can think of a couple of things, some of which I even understand :-)

Please excuse the brief explanation of telephony terms first:
There have been several popular approaches to telephone signalling
over the years, which have different security levels against
eavesdropping and manipulation by different users
- Step-by-step transmits the signalling along with the call,
         and each piece of equipment uses a digit to route the
         audio channel for the call to the next piece of equipment,
         but ignores everything else except call tear-down signals.
         (Nobody does this any more....)  Phone Phreaks liked this.
         Eavesdroppers can listen to future signalling and audio.
- Stored-program-control in-band signalling sends the call setup
         information in the same channel as the call (either as
         audio tones or electrical dial pulses, or "robbed bits" in the US),
         but the first switch receives all the digits,
         makes some decision about where to send the call,
         and if the next step is a stored-program switch,
         sends the (possibly translated) signalling information
         to the next switch, followed by the audio call.
         (If the next step is a phone, it sends ring tones,
         and if the next step is step-by-step, it sends
         individual step signals at a standard speed.)
         Phone Phreaks liked this also!
- Common-channel signalling sends call-setup instructions along
         a data network, which tells the control interfaces of
         voice switches to connect an audio channel.
         This obviously requires stored-program-control switches.
         Phone phreaks didn't like this unless they were really expert.
         Signalling System 7 (SS7), CCIS, and CCS were versions of this.
         Most modern telephone company switches work this way.
- ISDN has signalling protocols that use data carried along with a
         group of audio-or-user-data channels.  (1 or 2 data + 2, 23 or 30 
voice.)
         In telephone company networks, ISDN is commonly used as an
         interface from the user to the telephone company,
         which uses common-channel signalling to complete the call
         to its destgination (or at least to the last intelligent
         common-channel signalling switch in the path,
         then either ISDN or in-band audio or step-by-step,
         depending on how obsolete the phone switches at the destination are.)
         In customer-owned networks, such as business PBXs,
         the trunks between switches might also be ISDN,
         which would carry the signalling in the data channels
         in the same group as the voice channels.

Another digression - in US wiretapping law, a "pen register" is
a device that detects the signalling information on a customer's
telephone line, and records the signalling but not the audio.
(Originally, this used moving pens and paper to show the electrical
impulses from pulse dials.)  Unfortunately, US courts decided that
pen registers don't record private information, because the user
is telling the telephone company who they want to talk to,
which is therefore "public" information, so it should not receive
the same legal protection as wiretaps that actually listen to the
speech part of a telephone call.  Another unfortunate consequence
is that every time somebody develops a new technology for
eavesdropping or wiretapping, the police try to claim that it is
like a pen register, not a real wiretap, and every time somebody
develops a new communication medium, the police try to claim that
it's not like a private telephone call that has some legal protection,
or a person-to-person conversation or personal papers that have
more legal protection, but instead is only like radio which is public,
or like the parts of a telephone system that only need a pen register,
not a real wiretap.

So here is my guess about what the professor might mean:
- In a normal telephone call, the caller tells the phone company
         what telephone number he wants to call, and everybody
         who helps set up the call can see that caller and called person,
         even if they are only in the middle and not connected to
         either the caller or the called person.  Also, eavesdroppers
         who can see one part of the signalling know everything.
         (Similarly, with unencrypted email, everybody who carries it
         can see the origin and destination in the message body,
         though some equipment only sees the destination.)

- If you wanted to, you could build a telephone system where
         the signalling used public-key crypto, where the
         address used to send call setup information to a
         switch is different from the addressing that that switch
         sends to the next switch, so each piece only knows the
         next hop and not the whole path, but unlike the old
         step-by-step switches, eavesdroppers who compromise
         one switch or one trunk can't see the unencrypted
         signalling information, and therefore don't know
         which call they're tapping.  Furthermore, the forward
         direction of a phone call can be isolated from the
         reverse direction of a call, so eavesdroppers only see
         half a phone call.  This makes it much harder
         to use wholesale wiretaps to look for Usual Suspects,
         and means that wiretapping somebody's line may tell you
         when they receive a phone call but not who it's from.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list