[liberationtech] Recommended Software for Encrypted Blackberry Voice Calls
Moxie Marlinspike
moxie at thoughtcrime.org
Tue Jan 25 10:54:26 PST 2011
On 01/25/2011 01:18 PM, Chris Palmer wrote:
> My point in this email is not to nay-say, but to caution. It's
> important for everyone to understand just how hard these problems
> are. If they were easy, they would have been solved more cheaply;
> Blackberry (and, hopefully someday, Three Laws of Mobility) is
> expensive for a reason.
It's true that these problems are hard, just as any kind of effective
security is, but I don't believe they have to be expensive as a result.
Or at least, I don't believe that the price points we've seen up until
now are reasonable.
Whisper Systems is positioning itself as a competitor to existing
old-world mobile security solutions, and what we have so far isn't only
easier and faster, but also dramatically cheaper. Based on the
direction that we're headed and what little information we've seen from
3LM, we'll probably be competing with them as well.
> A good voice encryption system uses ephemeral keys, such that an
> attacker who seized the phone can only impersonate the owner during
> new calls but not decrypt old calls. TLS has this property, for
> example. It uses long-lived key(s) to establish identity and to
> negotiate short-lived session keys for bulk encryption. The session
> keys are never used again.
It's worth noting that most of the TLS cipher suites are not forward
secure, and that a good voice encryption protocol also makes it
difficult to impersonate new calls.
> However, there is still the problem of key material: Where do you
> get any?
This is where clever engineering comes in. The interesting thing about
mobile devices is that bringing security to them isn't just a matter of
porting existing solutions directly into the mobile environment. It
requires a transformational shift. Whisper Systems has some interesting
stuff going on here.
> iPhone's encryption system is not an encryption system, it is a
> mechanism to enable remote wipe. Google [ jonathan zdziarski iphone
> encryption ]. It'd be great if Android had as good a remote wipe
> feature.
This, to me, is just one of the major advantages of FDE. Doing a secure
delete of flash storage in a hardware-neutral way is not entirely
straightforward. But having nothing but encrypted data on the disk
makes the problem a little easier.
- moxie
--
http://www.whispersys.com
More information about the liberationtech
mailing list