Building a new totally free phone

Dr. H. Nikolaus Schaller hns at
Fri Aug 23 14:41:58 CEST 2013

> However, can GSM really be a base for secure communication anyway?  

IMHO the need for the GSM stack being open sourced is largely overestimated.

Security experts say that the question is how to secure communication over an unsecure communication medium.

Depending on which level you want to work, you can try to make GSM more secure because it is communicating over an inherently unsecure/open medium (electro-magnetical wave broadcast).

Or you can just use what others have built into a black box (i.e. a modem with some AT commands). They promise that it is "secure enough". But if you want to be really secure, just wrap the potentially unsecure channel and encrypt the data sent over it.

BTW: all the recent nsa/prism things have shown that it is not sufficient to make a fully transparent (aka open sourced) terminal - if it is easy enough to tap the network nodes. Or the servers you are communicating with. I.e. securing yourself is best done if you put yourself into eremitage...

So in my view, spending additional work to get an open sourced GSM or even UMTS firmware stack is a nice excercise for embedded and real time communication protocol engineering, but does not make anything more safe or secure than using a black box module, because it just tries to increase security of one small hop instead of end-to-end.

In other words: security measures must be done on the highest layers of the OSI reference model, not on the lowest ones. And that is the area of the application processor and OS. And of course documented schematics help to understand if there are potential backdoors to circumvent the OS or not. So we need a device where you have control over the OS, but not necessarily over the inner workings of all peripherals.

-- hns

More information about the community mailing list