Voice Encryption for Mobile Phones and PDAs

Let's remove some stigma from encryption. It is not the domain of the so-called "tin-foil hat-wearers". It is not the least bit paranoid to want privacy for your communication. It is, instead, a basic human right. Also, to desire that your communications, be they in the form of email, text messaging, or voice calls, to be made impenetrable does not mean that you have something to hide.

In this age of wireless communication, it is more possible than ever to intercept data of any kind. Every conversation one has over a mobile device could be overheard by any third party nearby with the proper equipment. Voice encryption is no longer the exclusive concern of spies and civil libertarians, but a basic, daily need for any institution or even individual. Consider that you frequently have to punch in your credit card number over the phone, for instance. For another example, when was the last time you had to instruct someone at work for some errand, and you had to tell them an ID and password to type in?

The wireless era has given rise to what we call a "man-in-the-middle" attack, abbreviated to MITM. This is when a third party intercepts a data transmission for some nefarious purpose. In the case of Internet web page browsing, frequently a MITM will take the initiative of impersonating one or both parties, so you think you're talking to your bank account when you're really talking to the attacker.

For mobile phones and PDAs, the most common standard is GSM, which stands for "Global System Mobile". It is the standard promoted by the GSM Association, and is in use by over 80% of the global mobile phone market. A security product, SecureGSM, is a software encryption system for mobile devices. Based out of Melbourne, Australia, SecureGSM is currently available for the Windows smartphone and PDAs, with more devices expected to pick it up in the near future. SecureGSM performs its encryption on-the-fly, with no user interaction required.

Now, it is true that GSM itself was designed with some security in mind. But we know how that goes, right? GSM uses either the A5/1 or the A5/2 stream ciphers, the difference being that A5/1 is used in the United States and Europe, and A5/2 is used everywhere else. Both algorithms have been found to have serious flaws and weaknesses. Since security technology is constantly evolving, it is impractical for an international standard to incorporate a strong security system, since international standards take a long time to set up, while encryption algorithms are good for maybe a few years before somebody breaks them.

So it is best to turn to the private sector for security needs. A private company with software-level security can ensure that a given system stays up to date. In the case of SecureGSM, they use redundant layers of cryptography, with a triple cypher. In a triple cypher system, three seperate methods of encryption are used, so that even if one algorithm is broken, the other two protect the system while a new algorithm is found to replace the compromised one. It's like a triple-deadbolt lock on the door.

Whoops, there's that paranoid feeling again! Triple-locks on doors... has it come to this? Well, yes. Technology security is an arms race. Many people who aren't even criminals at all play with breaking algorithms and building new ones for the sport of it. If you want to have some real fun, attend a security conference some time, especially the ones which are mentioned in the same sentence with "black hat". Just leave your devices home when you do... otherwise you'll likely be greeted at the door by somebody telling you your email address, password, and security question!

Filed Under: Mobile Computing • PDAs