phone encryption technology becoming popular in Italy

Dave Korn dave.korn at artimi.com
Wed May 2 13:12:31 EDT 2007 

On 02 May 2007 16:16, Ali, Saqib wrote:

> A notable mention is http://www.cryptophone.com/ . They are the only
> secure phone provider that allows for independent review of the source
> code.

  Interesting, but of course they're still a good way from 100% secure.  It's
really great that they issue the source, but unless they also issue the
toolchain, and the source to the toolchain, so that anyone who wants can
recompile and reflash their phone, it's less than secure.

  From http://www.cryptophone.com/background/published_source/index.html:

"  How can I make sure that the firmware on my CryptoPhone is compiled form
the same source that you publish and have reviewed?

We take a number of steps to ensure that you really get the correct firmware.
The source code repository for all CryptoPhones is held on a computer that
only our trusted developers can make changes to, and that is secured against
physical access. After the security review by outside experts, but before each
version of the firmware is released and used in the production of
CryptoPhones, the source is compiled by a number of security experts who then
publish the secure cryptographic SHA256-hash of the binary and of the source
it is compiled from.  "


  Of course, as anyone who's read "Reflections on trusting trust" knows, there
is no guarantee that the compiler actually genuinely compiles the source code
it is fed with and doesn't backdoor it or otherwise tamper with it!

  And in fact, they really need to release their circuit diagrams and parts
specs.  After all, just because you built your own code and downloaded it to
the phone, you have no guarantee that it really accepted the download into its
flash memory - it might have a second flash with trojan code in it, or the
download-and-reflash code in the phone itself might have tampered with the
binary and backdoored it.

  If you wanted to be /really/ certain, I guess you'd have to take the tops
off all the ICs inside and look at them under an EM, to make sure they really
were the parts they claimed to be and don't have any extra circuitry or hidden
functions built in....


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list