SPEECH: Secure Personal End-to-End Communication with Handheld
Nowadays, there is a strong trend toward the integration of public communication networks. This is especially the case of the mobile phone networks and the Internet, which are becoming increasingly interconnected as to create a single unified network. One of the possible consequences of this integration is that the security issues, which already exist within each of these networks, become even more menacing in such an enlarged context. The possibility to operate voice calls is one of the most popular services that run on these networks. At the time of this writing, the user who calls another user by means of a mobile phone or a desktop computer equipped with Voice-over-IP software is subject to several threats. In this paper, we examine some of these threats and present SPEECH, a software system for making “secure” calls by using Windows Mobile 2003 powered handheld devices and a wireless data communication channel.
The notion of Security implemented by SPEECH is stronger than the one available in other secure conversation software, because it includes the mutual authentication of the endpoints of the conversation, the end-to-end digital encryption of the content of a conversation and the possibility to digitally sign the conversation content for non-repudiation purpose. SPEECH is able to operate on different types of networks and adapt its behaviour to the bandwidth of the underlying network while guaranteeing a minimal-acceptable quality of service (currently GSM and TCPIIP networks are supported). This has been achieved by adopting a very light communication protocol and by using a software codec explicitly optimized for the compression of voice data streams while retaining a good sampling quality. As a result, SPEECH is able to work in full-duplex mode, with just a slight delay in the conversation, even when using a 9600 bps communication channel, such as the one provided by GSM networks.
There are several application areas for SPEECH. For example, it can be used in an economic transaction conducted over a public phone line to verify the real identities of the parties who are participating to the transaction, to prevent the possibility for an eavesdropper to access the content of the conversation and to ensure that either party of the call could not deny the content of the conversation in a later moment.
KeywordsAdvance Encryption Standard Mutual Authentication Security Feature Secure Personal Mobile Phone Network
Unable to display preview. Download preview PDF.
- [BaBKO3]E. Barkan, E. Btham, N. Keller: “Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication”. In Proceedings of Advances in Cryptology-CRYPTO 2003, 2003, LNCS 2729, pp. 600–616, Springer-Verlag.Google Scholar
- [Casper]Casper Technology. Available from: http://www.caspertech.com/
- [Go1i97] J. D. Golic: “Cryptanalysis of alleged A5 stream cipher”. In Proceedings of Advances in Cryptology-EUROCRYPT’97: International Conference on Theory and Application of Cryptographic Techniques, 1997, LNCS 1233, pp. 239–255, Springer-Verlag.Google Scholar
- [ValiO6]J. M. Valin: Speex: Available from: http://people.xiph.org/~jm/papers/aes120_speex_vorbis.pdf
- [Gesell]Gesellschaft für Sichere Mobile Kommunikation mbH. Available from: http://www.cryptophone.de/
- [ShAt85]M. Schroeder, B. Atal: “Code-excited linear prediction (CELP): High-quality speech at very low bit rates”. In: Proceedings of the IEEE International Conference on Acoustics, Speech, and Signal Processing. 1985, Vol. 3, pp. 937–940.Google Scholar
- [GeDyC4]General Dynamics C4 Systems. Available from: http://www.gdc4s.com/.
- [Vectro]VectroTEL. Available from: http://www.vectrotel.chl
- [GTeckl]Global Teck. Available from: http://www.global-teck.com/
- [SeGSM]SecureGSM. Available from: http://www.securegsm.com/
- [NautSP]Nautilus Secure Phone. Available from: http://nautilus.berlios.de/
- [Skype]Skype. Available from: http://www.skype.com.
- [BDG+04]0. Benoit, N. Dabbous, L. Gauteron, P. Girard, H. Handschuh, D. Naccache, S. Socié, C. Whelan: Mobile terminal security. Available from “Cryptology ePrint Archive” as Report 2004/158 at: http://eprint.iacr.org/.
- [NISTO2]National Institute of Standards and Technology (NIST), “The Secure Hash Signature Standard. (FIPS PUB 180-2)”. August 2002. Available from: http://csrc.nist.gov/publications/fips/fipsl8O-2/fipsl8O-2withchangenotice.pdf.
- [DiAl99]T. Dierks, C. Allen: The TLS Protocol Version 1.0. IETF RFC 2246. 1999.Google Scholar
- [NISTO1]National Institute of Standards and Technology (NIST), “Advanced Encryption Standard (AES) (FIPS PUB 197)”. November 2001, Available from: http://csrc.nist.gov/publications/fips/fipsl97/fips-197.pdf
- [NatoC3]NATO Consultation, Command and Control Agency (NC3A). “Secure Communication Interoperability Protocol (SCIP)”. Available from: http://elayne.nc3a.nato.int/msec/scip/index.html.