How the Greek cellphone network was tapped.
Erik Tews
erik at debian.franken.de
Fri Jul 6 10:14:03 EDT 2007
Am Freitag, den 06.07.2007, 02:52 -0400 schrieb silvio:
> > http://www.spectrum.ieee.org/print/5280
>
> So what are the options these days (the article even mentions
> end-to-end
> encryption to make such an attack far more difficult)?
> Every "crypto-phone" offering seems to go stale and disappear after a
> while...perhaps related to the fact of being ridiculously expensive.
> Aren't run-of-the-mill cellphones these days powerful enough to use
> available software like OpenSSL to encrypt voice/datastreams?
> Again...what are the options for end-to-end cell encryption right now?
For example, I owne an Nokia E70 smartphone running symbian. There is an
application called fring, which is basically skype for symbian which
runs on the E70. Fring offers VoIP calls over skype with your mobile
phone. The data is send over the Cellular network (UMTS or so) or
Wireless LAN, which is supported by some phones too.
I don't know how much encryption Fring does (and I don't want to
speculate how secure it is here), but it shows, that you can do VoIP on
usual high end consumers hardware.
So writing an application, which does basically the same as fring and
uses extra cryptography should be possible. I have written some java
code for the E70, and I know that it can do AES, RSA and DH in a
reasonable time, even if all computations are done in Java.
But this is all just about end-to-end encryption, you could still try to
backdoor the phones firmware, or bug the phone itself (in hardware).
Additionally, you need some kind of public key infrastructure, if you
want to call arbitrary people securely.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list