Seriously Secure Mobile Voice With Custom Crypto - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud // Cloud Storage
News
2/25/2012
03:31 PM
Connect Directly
Twitter
Facebook
Google+
LinkedIn
RSS
E-Mail
50%
50%

Seriously Secure Mobile Voice With Custom Crypto

KoolSpan's mobile phone voice encryption products create a secure point-to-point channel for voice or other high-value communications.

We all have security needs, but at the top of the heap are those who need a secure line and self-destruct capabilities. There may not be an app for that, but there is a fascinating hardware solution.

KoolSpan accomplishes this level of protection through a different kind of hardware add-on: A microSD card with an embedded system that does hardware AES-256 cryptography, including over-the-air key management.

My first question about it was: How do they run a coprocessor of any kind through a microSD card interface? This part is clever. The TrustChip and the TrustCall Secure Voice app communicate through the storage on the microSD card. Like TrustCall, any application can use the TrustAPI to communicate over the secure channel.


The KoolSpan TrustChip is a full crypto coprocessor in the phone.

Obviously the encrypted communications use data, not voice bandwidth, but KoolSpan says that it is designed for low bandwidth consumption, about 16-Kbps full duplex, little enough to work on GSM Edge networks. KoolSpan says that they discarded the idea of using SIP/RTP and wrote a proprietary VoIP protocol that was more frugal with bandwidth and connections.

Also obvious is that there needs to be KoolSpan hardware and software on each phone in the conversation. Currently only two parties are supported. They believe they will eventually support multi-party calls, but there are bandwidth issues to face.

As shown in the diagram below, encryption and authentication are performed peer-to-peer between the phones, but a relay server is used for call setup and device discovery. It also shows how, after the discovery, the phones use an SMS message as a further part of the call initiation process.


Initiating a call using TrustCall and TrustChip hardware involves several steps, but the call and encryption themselves are direct peer-to-peer.

The initial setup and deployment process for the phone involves a one-time tethering for key exchange. After that, all key exchange is over the air and secure.

Because the user may also be asked for a password, TrustCall is automatically a two-factor authentication device, as the microSD card is (in authentication parlance) "something you have."

The KoolSpan approach doesn't just plug into any phone architecture. The most obvious problem is on the iPhone, which has no microSD card. External dongles on the 30-pin connector were just too clumsy. The iPhone market is too big not to try for, though, so they do plan to keep trying.

Finally, in the realm of physical security, the remote management system can not only remotely disable the TrustCard (by resetting the password to something nobody knows) but has a self-destruct mode that can be invoked remotely to make the TrustCard unusable. It's also possible to bind a TrustCard to a particular SIM card so that it can't be stolen and reused. And maybe the NSA could pull something useful out of the physical card itself, but probably not.

The administration of the system can be run in-house by an enterprise or as a service by KoolSpan. In this sense it is something like a trusted certificate authority, validating parties to a conversation.

This is not the kind of security that everyday people and businesses need, but the market for people with such serious requirements is not small.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll