300 likes | 416 Views
Secure VoIP based mobile communication for Android ™ phones. Secfone. INTRODUCTION. Security is facing more and more popularity and becoming the focus of technology:. Extreme viruses Sophisticated spy applications Thousands of malwares +
E N D
Secure VoIP based mobile communication for Android™ phones Secfone
INTRODUCTION • Security is facing more and more popularity and becoming the focus of technology: • Extreme viruses • Sophisticated spy applications • Thousands of malwares • + • Easily accessible and cheap spy hardwares from internet web stores More and more company tries to reply and develop its own application choosing from good available encrypting mechanisms, however inadequate utilization involve more serious vulnerability and false safety feeling
INTRODUCTION • To be secured and protected: • Best available encryption technology has to be used • Hidden and real secure authenticated method has to be used • Have to be ensured that softwares cannot access to encryption keys • Have to ensured that encryption method cannot be deciphered • Have to be ensured that 3rd party application cannot use our device and by-pass applied security The solution is MVCN™ based security devices
The MVCN™ network Secfone is part of MVCN product line…
The MVCN™ layer • Patented 3 level key exchange mechanism: • 2048bit RSA keys for Authentication • 1024bit RSA keys for communication key exchange • 448bit Blowfish CBC for voice/data encryption (variable) with constantly changing keys Hardware based encryption and authentication
Role of MVCN™ layer • Authentication • Authenticates an ensures the participants • Encryption • Encrypt and decrypt dataflow with continuously changing keys between communicating devices • Privacy • No 3rd party device, no server, no central application can access to user communication Hardware based Hardware based
Hardware encryption device No known method can access to keys (x-ray, electron-microscope, etc.) CRYPTOCARD Keys and encryption method never revealed to application TPM chip in: Secbox Secbox H Secbox Industrial Rabbit Cryptocard: Secfone Red Secfone Orange iSecfone SecBerry
MVCN™ - key exchange w Burned into MVCN™ server Stored on MVCN™ server • Server decoding key • SF1 encoding key • SF2 encoding key SF1 IP address, encoding key request Connection request to SF2 Server response SF1 IP address, SF1 encoding key Server response: SF2 IP address, SF2 encoding key Secfone 1 (SF1) Secfone 2 (SF2) Connection request from SF1 to SF2 Stored on Crypto card Stored on Crypto card • Server encoding key • Server encoding key • SF2 IP address, encoding key • SF1 IP address, encoding key Server response: SF2 IP address, SF2 encoding key Burned into Crypto card Burned into Cypto card • SF1 decoding key • SF1 decoding key
VoIP communication • Calls are VoIP based: • Encrypted communication is working on almost any kind of IP based network (Wi-Fi, WiMAX, LTE, HSDPA, UMTS, EDGE, etc.) • 3 VoIP layer: • Session Initiation Protocol • Session Description Protocol • Realtime Transport Protocol
Session Initiation Protocol in Secfone • SIP protocol • IETF defined signaling protocol • Opens communication sessions over IP network • The protocol enables to open, modify and close two or multiparty sessions • Secfone uses modified SIP protocol: • Basic SIP P2P call (through MVCN network) • Basic SIP signaling (ringing, ringtone, busy tone, waiting tone, etc.) • Caller name and number display • Call waiting, muting • Voice compressing and time fragment size (packet time) negotiation through SDP • Missed calls and call history • Local user directory • Volume control
Session Description Protocol • Session Description Protocol (SDP) • A format for describing streaming media initialization parameters in an ASCII string. • SDP is used inSecfone in conjunction with the SIP and RTP protocols • Constrained to general session and connection description parameters. • The media section of the SDP protocol is used for media attributes negotiation: • The speech codec to be used by both peers during the negotiated session • The RTP packet time (ptime) to be used by both peers during the negotiated session
Applied speech codecs • Automatic and optimized speech codec selection by network quality • 3G(ptime: 100ms): • Speex8(15 kbps) • Speex7(15 kbps) • BroadVoice16(16 kbps)+the complete EDGE offer • EDGE(ptime: 140ms): • Speex6(11 kbps) • Speex5(11 kbps) • Speex4(8 kbps)+ the complete GPRS offer • GPRS (ptime: 180ms): • AMR_NB 4.75(4.75 kbps) • Speex4(8 kbps) • WiFi(ptime: 60ms): • Speex10(24.6 kbps) • Speex9(18.2 kbps)+ the complete 3G offer BEST AVAILABLE VOICE QUALITY • Narrow Band Adaptive Multirate Codec (AMR-NB) is applicable • Speech codecs are user selectable • AMR-NB 4.75 kbps • AMR-NB 5.15 kbps • AMR-NB 5.90 kbps • AMR-NB 6.70 kbps • AMR-NB 7.40 kbps • AMR-NB 7.95 kbps • AMR-NB 10.2 kbps • AMR-NB 12.2 kbps • Speech codecs are changed during calls by network quality • AMR codec rate changes during calls by network quality
Realtime Transport Protocol • The Real-time Transport Protocol (RTP) • defines a standardized packet format for delivering audio and video over IP networks Altering network characteristics would result in non-enjoyable voice quality RTP jitter control was developed for Secfone *note that „jitter” comes from that latency which is the delay of receiving and playing the sound – not network latency Low latency playback with a low packet rejection rate, ensuring both high quality sound and good conversation properties
Secfone infrastructure and characteristics Encryption/decryption by HARDWARE Nothing can access to encryption keys CRYPTOCARD Authentication and encryption protocol is MVCN™ Adaptive and safety software application for : Best quality voice communication over IP networks 3rd party spy application detection Continuous and hidden key changing during communication
Secfone infrastructure and characteristics Voice SMS File sharing Secured data/voice communication through Secbox Secured data/voice communication in industrial environment Secured voice/data communication with other Secfones Printer Computer File sharing Etc. Survaillence Camera systems Monitoring Etc.
Minimal data requirement for Secfone Requriements: • The device needs to have a functional MicroSD Card slot • Minimum CPU requirement of the device is 1 GHZ • Minimum RAM requirement is 512 MB • Minimum free space on the phone: 6.3 MB Supported devices: • HTC Desire Android 2.2 Sense • HTC Desire S Android 2.3.3 Sense • HTC Incredible S Android 2.3.3 Sense • HTC Sensation • Samsung Galaxy S Android 2.1/2.2 • Samsung Galaxy S (NTT Docomo) Android 2.3.3 • Samsung Galaxy S II • LG p350 Android 2.2.2
P2P communication In case the Secfones are behind a firewall type not supported by MVCN they use proxy
Retail server options for customers • Private Server • The server is installed by Navayo and hosted by the customer • One time fee • Absolutely private infrastructure • Hired server • The server is installed and hosted by Navayo • Monthly fee • Navayo guaranteed service
Secure telephone conferencing • Secfone enables secure teleconferencing for a large number of users at the same time • Conference rooms can be accessed through Secbox connection • Up to 500 participants atone time depending onhardware set-up • Voice messages can beleft in the conferencerooms
Secfone secure mail service • E-mail server is connected to the Internet through Secbox network security device • Proxy is set on the Secfone device to enable connection to the e-mail server • E-mail traffic is encyripted between the device and the e-mail server • 3rd party SCB technology allows logging of Administrator activity providing added security • The phone’s default e-mail client is used