Embed Size (px)
Citation preview
Technical Sheet - CSD version
Copyright © 2005-2010 KHAMSA Italia Spa. All rights reserved.
Detailed overview of the technologies used by PrivateWave
PrivateWave uses only standard protocols and technologies that have been reviewed and widely accepted by the security and scientific communities (ZRTP, SRTP, ZRTP/S) to guarantee a maximum security.
Ask your security expert!
100% end-to-end encrypted solution:- ZRTP for key exchange and encryption - ZRTP/S for CSD transport
Only use IETF standardized securitySecurity compliant with FIPS, NIST and NSABased on open source technology
PrivateGSM CSD features
Software only solution for smartphonesNo change in the way you make secure calls: calls to anyone from address book by adding +801 secure prefix No need to install ICT infrastructureJust call the other party GSM CSD data number
Operating System: - Symbian/Nokia S60 3rd (soon 5th edition)
Supported Networks:- GSM/2G CSD/HSCSD - SAT Thuraya (custom project) - ISDN/PSTN (custom project)
Security
Supported Technology
Simplicity
CSD networking improvements:- Automatic switch roaming operator - Automatic switch data mode- Low bandwidth 5700 bit/s
Low level tuning of Nokia CSD stack for improved network compatibility
Non-Transparent RLP (radio link protocol)Data mode: V.32 / V.34 / V.110 (default) / V.120 Speed: 9600 bps
Improved roaming support Circuit Switched Data Networking support
ECDH 256 bit / 384 bit (default) / 521 bit (Elliptic Curve Diffie-Hellman)AES256 (CTR) for ZRTP/S
AMR Narrowband 4.75 kbit/s
Encryption Algorithms Audio Codec
Technical Sheet - CSD
More information at: [email protected] www.privatewave.com
Encryption protocols
We only use open, transparent and standard encryption protocol. End-to-end security between phones is provided by ZRTP, the open IETF standard voice encryption system invented by Philip Zimmermann that requires human-based verification for the encryption of a call. Security is established between the caller phone and the called one without any ability of any networking.
Communication protocols
Since there was encryption standard just for Packet Switched telecommunication technologies (Internet/IP, VoIP, ZRTP, SIP, RTP, SRTP), but not for securing Circuit Switched ones (GSM CSD/HSCSD, ISDN, PSTN, SAT), we invented, in partnership with Philip Zimmermann, ZRTP/S, a way to use ZRTP over a non-IP communication channel. ZRTP/S provides transport of ZRTP and SRTP packet along with identification and capability exchange of peers of a phone call over a 9600bps channel without IP. The communication could be easily described as a “RS323 serial connection between two phones over the telephony network” on top of which ZRTP/S exchanges ZRTP-encrypted voice packets.
Cryptography
Encryption algorithms ZRTP and ZRTP/S use only the best symmetric and asymmetric encryption and hashing algorithms.
· ZRTP uses ECDH 384bit for asymmetric encryption DH key exchange in compliance with USA NSA Suite B security requirements, NIST SP800-56Astandard and ECDSA FIPS 186-3. It could be configured also to use other ZRTP/S supported encryption algorithms for compatibility with third party software supporting ZRTP/S.
· ZRTP/S employs AES256 in counter mode (CTR) for symmetric encryption in compliance with FIPS 197 security requirements. The ZRTP/S payload is compatible with the SRTP protocol and its standard security features.
Random number generation The random number generation is seeded by an unpredictable physical source of entropy (voice audio sample recorded from microphone and free running counters available on ARM processors) that complies with FIPS-186-2-CR1 security requirements. It is further processed by a Deterministic Random Bit Generation, compliant with NIST SP800-90 security requirements.
Open source
All encryption related libraries and technologies used by PrivateGSM are provided 100% free of backdoor. The source code of the security library is provided for free in open source and has been publicly reviewed by Philip Zimmermann and by a vast number of scientific communities. The open source solution guarantees a politically neutral solution and provides much easier source code review activities.
Multimedia codec
In order to operate over ultra-narrowband communication channels like GSM CSD, running at 9600bps, PrivateWave employs AMR audio codec that compresses the voice that will be enciphered and then sent across the network. The Adaptive Multi Rate codec, running at 4750bit/s, reduces the amount of data to be sent across the network, thus reducing the impact of cell handover on CSD calls. In order to reduce further the required bandwidth and to maximize the radio resource efficiency, we employ voice activity detection (VAD) techniques that prevent the phone from sending full data while not speaking.
CSD additional data number
To place a PrivateGSM data call, the user has to enable CSD calls (data & fax) and he/she needs to ask his/her mobile operator which is the additional data number assigned to his/her SIM card (the same SIM used for standard calls). This service is usually available through subscriptions, and is not always available through prepaid cards. Note that most 3G operators do not provide it.
Automatic roaming
GSM operators have a quite heterogeneous support for GSM Circuit Switched Data calls. While travelling abroad, for instance, the roaming operator may not support CSD calls properly. PrivateGSM, if a connection error occurs, automatically redials the call by reconnecting across all roaming available mobile operators.
