Phone Call Security
Matthew S. Hamrick
mhamrick at cryptonomicon.net
Sun Jun 3 18:03:15 CEST 2007
Encrypted voice calls is a question that's been around for a while.
When I worked for RSA and later Certicom, we had frequent discussions
about the strength (or lack thereof) of the LFSR-based encryption
that was then in frequent use in GSM phones.
I should probably mention that GSM and CDMA provide over the air
authentication and confidentiality services. So if you're worried
about bad guys cloning or eavesdropping on your phone calls (or text
messages), you're safe already.
Now... if your definition of "bad guys" includes the people who have
operational control over the GSM network, then the story gets a
little more complicated. Now, before you start saying, "oh, Matt's
just being paranoid" or "oh, Matt's going to say something that will
help the terrorists," let me just remind you that outside the US,
there's some pretty clear evidence that national governments are
eavesdropping on the conversations of traveling tech company
executives and passing economic intelligence along to competing
companies in their own nations. So end-to-end encryption is an issue
that's near and dear not only to the hearts of the bleeding heart
liberals at the EFF, but also the uber-industrialists of the far right.
"End to end" security is the term used to describe confidentiality
and origin integrity services that provide assurance that the two
endpoints in a communication are a) really talking to the person they
think they're talking to, and b) the content of the call is not being
intercepted by a malicious eavesdropper. This is distinct from the
existing GSM security services which protect only the over the air
portion of the comm link.
Approaches to end to end security on GSM phones started with layering
voice data over the GSM data channel. There are some significant
issues with this approach. First is obviously that you've got to have
a phone that can be programmed to channel encrypted voice data across
the GSM data channel. But, this message is going out to a community
that groks this concept, so the only thing I'll say is... if we do
something like this, let's fully specify what we do so people working
on other programmable phones can interoperate with us.
Next is the issue of carrier support. I don't know if it's still an
issue, but in the olden days it seemed that Cingular required you to
call them up and explicitly activate your GSM data line. Then at the
end of the month, they would turn it off requiring you to call up and
get it activated again. But that's less of an issue these days as we
move into an era where we have EDGE now and HSDPA on the horizon.
But... the issue of latency is important. The GSM data channel has
terrible latency characteristics. Products like the CryptoPhone
(http://cryptophone.de/ ) suffer from this. If your latency is too
high, the delay makes a normal conversation virtually impossible. You
wind up having to say "over" after each thing you say to tell the
other person it's okay for them to speak. This is okay if you're a
whacked out cypherpunk who gets off on acting like a spy, but having
been in the military already, it's just annoying for me to have a
half duplex channel.
EDGE latency characteristics can be better than GSM data, but there's
a fair amount of variability in EDGE latency. Sometimes it's high,
sometimes it's low. Ditto for EVDO.
A couple years ago Nick Lane-Smith gave a presentation at DefCon
about doing putting encrypted voice over "data over GSM voice." More
The last I heard about this project, they discovered they couldn't
get enough throughput to maintain a voice channel, encrypted or
All this and we haven't even talked about SIP over DTLS and SRTP...
On Jun 3, 2007, at 6:08 AM, Mikko Rauhala wrote:
> su, 2007-06-03 kello 07:08 +0200, Ortwin Regel kirjoitti:
>> IIRC there has been lots of discussion about this a few months back.
>> Take a look at the mailing list archives or the wiki if you can find
> Spesifically, see subjects "Voice over GPRS?" and "Encrypting
> voice communications" in the February archive page at
> Summary: Possible to code support for this using GSM data calls
> (not GSM
> voice calls due to GSM chip restrictions), which come with the quality
> of service GPRS lacks. May cost a bit extra depending on your
> Compatibility with cryptophone.de probably possible, since their
> protocol seems to be up for reimplementation. Either way, at least
> Moko-to-Moko encrypted calls are quite possible to implement, just
> somebody (TM) needs to do the work.
> Mikko Rauhala <mjrauhal at cc.helsinki.fi>
> University of Helsinki
> OpenMoko community mailing list
> community at lists.openmoko.org
More information about the community