Newbee ..- encrypted calls/SMS

[Crane, Matthew]

Yea, fair enough.  After listening to you guys I think I definitely like
the idea better of the GSOC project with PGP SMS used to initate a VPN,
which could then do a VOIP session.  

If the two phones are both connected to wifi then a SMS initated VPN
would end up ringing the other end, if it was automated.  An attacker
would have no info on who called who, from where, and for how long.  All
information that would normally be available to "the man" (in the
middle) if it was a cellular conversation. 

Matt


-----Original Message-----
From: community-bounces at lists.openmoko.org
[mailto:community-bounces at lists.openmoko.org] On Behalf Of David Pottage
Sent: Friday, April 25, 2008 11:39 AM
To: List for Openmoko community discussion
Subject: RE: Newbee ..- encrypted calls/SMS



On Fri, April 25, 2008 2:18 pm, Crane, Matthew wrote:

> Yes, I understand that, that is why I'm thinking of this approach.  My
> idea was to use analog voice transforms and their inverse with
> properties that would preserve most of the codec performance.  But it
> would be awfully difficult to sync up the inverse on the other end
> without a data connection, I expect that with voice calls that delay
can
> be added and removed without warning.

I don't think this is a practical idea, even if it would work (which I
doubt). The problem is that unlike cyphers like PGP, analogue audio
cyphers are fairly easy to break with modern computers, and anyone
attempting to eavesdrop on your voice call will quite well resourced.

Analogue audio scramblers are probably helpful for wired phone calls
where
you might be worried about a low tech attack such as a Hotel telephonist
recording your phone call to your mistress, and then using it to
blackmail
you, but for GSM calls, the air interface between your handset and the
base station is usually encrypted using the A5 cypher. So the only way
someone can listen to your call is by having access to the telephone
company switch. This could be via hacking, a corrupt employee, or lawful
intercept. Either way the eavesdropper is likely to have access to all
the
equipment he needs to decrypt a simple voice scrambled call.

The way I see it, the only way you can get encrypted voice calls is
either
to wait until both you and the other party are near WiFi access points,
and do it over VOIP, or to do VOIP over GSM, and put up with the huge
latency, which will give you a walke-talkie like connection.

-- 
David Pottage

Error compiling committee.c To many arguments to function.


_______________________________________________
Openmoko community mailing list
community at lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community