RSS Alerts

Related Links

Related Stories

  • Technical Theatre Agenda
    Covering Information Security issues and technical advances.
  • Many voice encryption systems are hackable says anonymous researcher
    Many voice encryption products currently available are hackable through the use of a trojan being planted on the host PC, an IT security researcher has claimed.
  • Infosecurity Europe: President Obama's Blackberry revealed
    The guys on the Blackberry stand at the Infosecurity Europe show weren't willing to talk specifically about it, but it looks like the White House has taken delivery of a custom Blackberry smartphone for President Obama.
  • Skype - not as secure as you might think
    Although VOIP afficionadoes are wont to promote the encrypted nature of Skype Internet telephony calls, it's now becoming accepted that the use of a compressed data mode within Skype opens the gates to pattern recognition and slow, but steady, text-based decoding of the voice transmissions as a result.
  • Zero Day of the Dead
    The data load that has accompanied the globalization of trade would make even Atlas stagger. And that’s without the added burden of counter-terrorisAs you read this, zombie programs are flitting across the internet like a pestilence to infect and drain the life from innocent computer systems. Yet, for all the aggravation and grief they cause, you may never know you are part of a global invasion of the system snatchers, says William Knight. Unless…

News

PGP founder talks about VOIP security at ITWeb

20 May 2009

Phil Zimmerman, the founder of PGP - and inventor of the Pretty Good Privacy technology after which the firm is named - will be speaking about voice over internet protocol (VOIP) security at the ITWeb Security Summit in Johannesburg, South Africa next week.

Zimmerman, who sold his company back in 2002, has devoted much of his efforts to his Zfone project, which centres on a secure internet telephony technology.

His presentation in South Africa will, Infosecurity notes, be on the subject of VOIP technology and how, despite what some government agencies are claiming around the world, the system is reasonably wiretap-friendly.

The bad news, Zimmerman will announce, is that because VOIP calls can be eavesdropped upon, organised crime can tap in to the resource on a global and remote basis.

Interestingly, according to South African newswire reports, Zimmerman is quoted as saying that many of the current security vulnerabilities of internet telephony services are related to denial-of-service attacks.

Zimmerman says that law enforcement agencies will be concerned that encrypted VOIP will block many of their lawful intercepts, but he also notes that, if internet telephony calls are not encrypted, there could also be repercussions.

This, he says, is because if criminals VOIP-wiretap prosecutors and judges, they can discover details of current and planned investigations, which is good news for criminals, but not so good for society as a whole.

This is where Zimmerman's Zfone technology enters the frame and, whilst the secure VOIP technology runs on top of existing session internet protocol (SIP) session internet protocol and real time transport protocol (RTP) applications software, it is wholly compatible with systems based on these internet telephony standards.

Because it is a software-based technology, Zfone is billed as turning many existing VOIP clients into secure phones.

The software runs in the internet protocol stack on any Windows XP, Mac OS X, or Linux PC, and intercepts and filters all the VOIP packets as they go in and out of the machine - and, says Zimmerman, secures the call on the fly.

When the Zfone software detects when the call starts, it initiates a cryptographic key agreement between the two parties, and then proceeds to encrypt and decrypt the IP voice packets in real time.

Infosecurity notes that the Zfone client has its own separate graphical user interface, advising the user if the call is secure.

According to Zimmerman, Zfone acts as if it were a "bump on the wire", sitting between the VOIP client and the internet, but implemented in software in the protocol stack.

 

This article is featured in:
Application Security Encryption Internet and Network Security Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water