How the Greek cellphone network was tapped.
John Ioannidis
ji at tla.org
Fri Jul 6 18:20:27 EDT 2007
silvio wrote:
> Aren't run-of-the-mill cellphones these days powerful enough to use
> available software like OpenSSL to encrypt voice/datastreams?
> Again...what are the options for end-to-end cell encryption right now?
Mobile phones have had spare cycles for doing strong crypto for a very
long time. There are two classes of reasons why this is not happening
and is (unfortunately) never going to happen:
1. Practically no users ask for it, so the handset vendors prefer to
use development resources to build even more flashy features, rather
than allocate resources to developing E2E security. No user would ever
brag about how secure their phone is, but they would brag about how they
can play video games or take pictures or whatever, or how small it is.
2. E2E crypto on mobiles would require cross-vendor support, which would
mean that it would have to go into the standard. Unfortunately,
standards in the mobile world are heavily influenced by governmnets, and
the four horsemen of the apocalypse (drug dealers, paedophiles, spies,
and terrorists) are still being used by government types to nix any
attempts at crypto they can't break or intercept.
Unfortunately, it's not so easy to roll your own on top of a 3G-enabled
smartphone. The "broadband" channel does not have the tight jitter and
throughput guarantees that voice needs, and some providers (Verizon in
the USA for example) consider running voice traffic over their
"broadband" network a violation of the usage agreement (no need to blame
the government for that, their own greed is adequate explanation).
There are lots of other technical and human-factors issues that have
been covered to great extent in this and other fora.
/ji
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list