[liberationtech] Recommended Software for Encrypted Blackberry Voice Calls
Chris Palmer
chris at eff.org
Tue Jan 25 10:18:04 PST 2011
My point in this email is not to nay-say, but to caution. It's important for everyone to understand just how hard these problems are. If they were easy, they would have been solved more cheaply; Blackberry (and, hopefully someday, Three Laws of Mobility) is expensive for a reason.
A good voice encryption system uses ephemeral keys, such that an attacker who seized the phone can only impersonate the owner during new calls but not decrypt old calls. TLS has this property, for example. It uses long-lived key(s) to establish identity and to negotiate short-lived session keys for bulk encryption. The session keys are never used again.
http://en.wikipedia.org/wiki/Perfect_forward_secrecy
Adding proper disk encryption to Android requires building it into the distribution. Adding it on later as a third party is doomed to be insecure and/or hard to use, if it works at all. Fortunately, as Nathan points out, Android gives us the ability to at least try to do this. For example, you could build the feature into CyanogenMod or some other Android fork project.
https://www.eff.org/deeplinks/2011/01/dont-sacrifice-security-mobile-devices
However, there is still the problem of key material: Where do you get any? Not from a short PIN or password or passphrase typed into the phone at boot. It is even harder to provide a large enough secret on a phone than it is on a real keyboard. This problem applies for both whole disk encryption, post-boot filesystem encryption, and per-app data encryption. You always need good key material, and it is always hard to find. And do you adhere to the discipline of turning the phone completely off every time you might not have 100% physical control over it?
And can you deploy LUKS on a phone in a way that is safe against the Evil Maid attack?
http://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html
Normally, you'd boot from a USB drive that you keep physically safe, like in your pocket, so that the evil maid can't get it. Does anyone have a phone that can boot from external media? Anyway, the whole point of phones is that they are always in your pocket; hopefully the evil maid can never get ahold of it. So the phone is no more or less safe than the USB token you boot your laptop from. Keeping the device on your person is the best storage security mechanism anyway: as safe and as usable as a wallet.
iPhone's encryption system is not an encryption system, it is a mechanism to enable remote wipe. Google [ jonathan zdziarski iphone encryption ]. It'd be great if Android had as good a remote wipe feature.
--
Chris Palmer
Technology Director, Electronic Frontier Foundation
More information about the liberationtech
mailing list