Abstract
Nowadays, there is a strong trend toward the integration of public communication networks. This is especially the case of the mobile phone networks and the Internet, which are becoming increasingly interconnected as to create a single unified network. One of the possible consequences of this integration is that the security issues, which already exist within each of these networks, become even more menacing in such an enlarged context. The possibility to operate voice calls is one of the most popular services that run on these networks. At the time of this writing, the user who calls another user by means of a mobile phone or a desktop computer equipped with Voice-over-IP software is subject to several threats. In this paper, we examine some of these threats and present SPEECH, a software system for making “secure” calls by using Windows Mobile 2003 powered handheld devices and a wireless data communication channel.
The notion of Security implemented by SPEECH is stronger than the one available in other secure conversation software, because it includes the mutual authentication of the endpoints of the conversation, the end-to-end digital encryption of the content of a conversation and the possibility to digitally sign the conversation content for non-repudiation purpose. SPEECH is able to operate on different types of networks and adapt its behaviour to the bandwidth of the underlying network while guaranteeing a minimal-acceptable quality of service (currently GSM and TCPIIP networks are supported). This has been achieved by adopting a very light communication protocol and by using a software codec explicitly optimized for the compression of voice data streams while retaining a good sampling quality. As a result, SPEECH is able to work in full-duplex mode, with just a slight delay in the conversation, even when using a 9600 bps communication channel, such as the one provided by GSM networks.
There are several application areas for SPEECH. For example, it can be used in an economic transaction conducted over a public phone line to verify the real identities of the parties who are participating to the transaction, to prevent the possibility for an eavesdropper to access the content of the conversation and to ensure that either party of the call could not deny the content of the conversation in a later moment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
E. Barkan, E. Btham, N. Keller: “Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication”. In Proceedings of Advances in Cryptology-CRYPTO 2003, 2003, LNCS 2729, pp. 600–616, Springer-Verlag.
Casper Technology. Available from: http://www.caspertech.com/
[Go1i97] J. D. Golic: “Cryptanalysis of alleged A5 stream cipher”. In Proceedings of Advances in Cryptology-EUROCRYPT’97: International Conference on Theory and Application of Cryptographic Techniques, 1997, LNCS 1233, pp. 239–255, Springer-Verlag.
J. M. Valin: Speex: Available from: http://people.xiph.org/~jm/papers/aes120_speex_vorbis.pdf
Gesellschaft für Sichere Mobile Kommunikation mbH. Available from: http://www.cryptophone.de/
M. Schroeder, B. Atal: “Code-excited linear prediction (CELP): High-quality speech at very low bit rates”. In: Proceedings of the IEEE International Conference on Acoustics, Speech, and Signal Processing. 1985, Vol. 3, pp. 937–940.
General Dynamics C4 Systems. Available from: http://www.gdc4s.com/.
VectroTEL. Available from: http://www.vectrotel.chl
Global Teck. Available from: http://www.global-teck.com/
SecureGSM. Available from: http://www.securegsm.com/
Nautilus Secure Phone. Available from: http://nautilus.berlios.de/
M. Rahnema: “Overview of the GSM System and Protocol Architecture”. In: IEEE Communications Magazine. 1993, Vol. 31, pp. 92–100.
Adi Shamir: “How to share a secret”. In: Communications of the ACM. 1979, Vol. 22 no.1, pp. 612–613.
Skype. Available from: http://www.skype.com.
0. Benoit, N. Dabbous, L. Gauteron, P. Girard, H. Handschuh, D. Naccache, S. Socié, C. Whelan: Mobile terminal security. Available from “Cryptology ePrint Archive” as Report 2004/158 at: http://eprint.iacr.org/.
National Institute of Standards and Technology (NIST), “The Secure Hash Signature Standard. (FIPS PUB 180-2)”. August 2002. Available from: http://csrc.nist.gov/publications/fips/fipsl8O-2/fipsl8O-2withchangenotice.pdf.
T. Dierks, C. Allen: The TLS Protocol Version 1.0. IETF RFC 2246. 1999.
National Institute of Standards and Technology (NIST), “Advanced Encryption Standard (AES) (FIPS PUB 197)”. November 2001, Available from: http://csrc.nist.gov/publications/fips/fipsl97/fips-197.pdf
W. Diffie, M. Hellman: “New Directions In Cryptography”. In: IEEE Transactions on Information Theory. 1976, vol. 22 no. 6, pp. 644–654.
H. Schulzrinne, J. Rosenberg: “Internet telephony: Architecture and protocols-an IETF perspective”. In: Journal of Computer Networks. Elsevier Science B.V., 1999, vol. 31, no. 3, pp. 237–255.
NATO Consultation, Command and Control Agency (NC3A). “Secure Communication Interoperability Protocol (SCIP)”. Available from: http://elayne.nc3a.nato.int/msec/scip/index.html.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2006 Friedr. Vieweg & Sohn Verlag | GWV-Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Castiglione, A., Cattaneo, G., De Santis, A., Petagna, F., Ferraro Petrillo, U. (2006). SPEECH: Secure Personal End-to-End Communication with Handheld. In: ISSE 2006 — Securing Electronic Busines Processes. Vieweg. https://doi.org/10.1007/978-3-8348-9195-2_31
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9195-2_31
Publisher Name: Vieweg
Print ISBN: 978-3-8348-0213-2
Online ISBN: 978-3-8348-9195-2
eBook Packages: Computer ScienceComputer Science (R0)