Check out this 'secure phone in a briefcase' used by NSA operatives in the 1980's. It uses Linear Predictive Encoding (LPC) for encryption. LPC is better suited to compression rather than encryption, so I'm sure the Soviets had a good laugh at that.
It's already apparent that for my own Crypto-phone that I won't be able to encrypt calls over the voice RF channel of the mobile device. The reason for this is straightforward- mobile manufactures invest heavily in hardware design and related software API's for their RF baseband; they're unlikely to share that Intellectual Property unless they expect to make some money from it. This is a pity, but understandable. Thus the remaining avenue is to implement VOIP (Voice over IP) on the mobile devices in a secure manner. VOIP has some well understood protocols (H.323, SIP, RTP etc.), and even some IETF RFC's for secure versions of these protocols. While I could go ahead and implement my own proprietary protocols for exchange voice calls, I think it makes sense to use the standards. As it happens, as far as I can tell, this has not been done on mobile device, at least not in an open manner. There are, however a number of non-secure VOIP clients ported to mobile devices, some open source. Thus the plan-of-attack is to choose appropriate secure VOIP protocols, evaluate them from a security and performance perspective, and implement them on an existing non-secure VOIP client. That almost sounds easy!
0 comments:
Post a Comment