A survey of voice and communication protection solutions against wiretapping

https://doi.org/10.1016/j.compeleceng.2019.05.008Get rights and content

Abstract

This paper categorizes, presents and evaluates a set of schemes and solutions that provide end-to-end encryption for voice communications. First, we analyze the research works that propose new schemes that enable the transfer of encrypted speech over the voice channel of the 2nd generation mobile network. Next, we analyze a set of popular widespread software applications that use Voice over IP technology to provide secure communications, and finally, we investigate commercial solutions, which are hardware-based and offer voice encryption for both 2nd generation and Voice over IP communications. After the presentation of the existing solutions, we evaluate them based on the following criteria: (i) security level provided, (ii) possible performance issues and (iii) usability. We conclude this work by providing future research directions. To the best of our knowledge, this is the first paper that categorizes and provides a comprehensive evaluation of end-to-end voice encryption schemes for mobile networks.

Introduction

Nowadays, mobile networks are interconnected systems of various technologies and networks. Older technologies like Global System for Mobile Communications (GSM), interoperate with new generation networks such as Universal Mobile Telecommunications System (UMTS) and Long-Term Evolution (LTE) to combine coverage and high data rates. In parallel to the evolution of radio access technologies, attacks in mobile networks have become also more sophisticated; from impersonation attacks, due to the lack of mutual authentication in GSM, to advanced persistent threats in UMTS and new attack vectors in LTE networks. Thus, security is still a major concern of mobile users, since several security loopholes have been exploited in the past by adversaries. As a matter of fact, confidential voice communications, which is one of the most important privacy requirements of mobile users, has become a prime target of perpetrators in the past [1].

In GSM, call interception can be achieved by breaking the voice encryption. This can be accomplished relatively easily, since the A5/1, a 64-bit encryption stream cipher responsible for confidentiality preservation on GSM air interface, is vulnerable to brute force attacks. As a solution, the GSM specifications have introduced a new stronger algorithm, named A5/3 to replace A5/1. A5/3 is based on the same algorithm that UMTS voice encryption has also adopted called KASUMI. 3GPP advocates that KASUMI provides strong security guarantees for the confidentiality of the transmitted voice, while there are no attacks discovered so far, except for theoretical ones [2]. However, the adoption of the A5/3 by mobile operators seems to be slow in many countries as shown in the GSMmap website,1 leaving their subscribers vulnerable to attacks. Moreover, even if A5/1 is replaced by A5/3, downgrade attacks are possible, where the attacker can enforce the mobile device to use weak encryption algorithms (i.e., A5/1 or A5/2) or even totally disable the encryption. All the above attacks can be easily achieved using IMSI catchers, which are fake base stations under the possession of the attacker that can lure the mobile equipment to connect to them. In this way, the attacker achieves a Man-in-The-Middle (MiTM) position between the user and the legitimate base stations. From this point, the attacker can break the A5/1 key or try to downgrade the security capabilities. An alarming fact is that nowadays IMSI catchers can be built with easily accessible hardware such as Universal Software Radio Peripheral (USRP) that costs less than 700€, along with a free open source software named OpenBTS, which implements the three lower layers of the GSM protocol stack. On the other hand, the security architecture of the UMTS and LTE networks has been redesigned and fortified to defeat many of the attacks that can be performed in GSM networks. However, these new generation mobile networks are not impenetrable and share their own set of security flaws [3]. Moreover, downgrade attacks are also possible, where an attacker can enforce the user to use the insecure GSM network, instead of UMTS or LTE networks. Therefore, the privacy of the users in next generation networks is still not guaranteed.

Regardless of the security flaws of GSM, UMTS or LTE networks, the security architecture of mobile networks has an inherent characteristic that undermines the privacy of users: That is, voice encryption is not provided in an end-to-end manner. Thus, the user is enforced to place trust to the mobile operators, which he/she is subscribed to. The above important remarks are also pinpointed in a recent report in 2017 [4] by the Department of Homeland Security (DHS) in consultation with the National Institute of Standards and Technology (NIST), clearly mentioning that (pp 55 – Table 4): “Due to the nature of carrier networks no voice or data should depend solely on the network for confidentiality or integrity protection”. Moreover, the report points out that a proper defense to mitigate all possible attacks on mobile network is the following: “Ensure devices use end-to-end encryption for all communications paths”. Therefore, protecting from call interceptions is a timely topic both for the research community and the industry and new solutions are required to improve the privacy of mobile users.

This survey categorizes, presents and evaluates a set of schemes and solutions that provide end-to-end encryption for voice communications. The categorization we followed relies on the implementation level: (i) research works that have been validated through the means of simulation/emulation, (ii) commercial software-based solutions, and (iii) commercial hardware-based solutions. More specifically, in the first category we analyze research results, as these have been documented in published papers in the field. All the considered papers propose new schemes that enable the transfer of encrypted speech over the voice channel of the GSM mobile network. As GSM is highly insecure and call interceptions are feasible, the solutions of this category try to improve the privacy of GSM mobile subscribers. Every proposed scheme in this category tries to overcome the restrictions imposed by the GSM voice channel pertaining to limited bandwidth. In the second category, we examine commercial solutions that are software-based and do not require additional equipment, or alterations on the already existing hardware in order to operate. To this end, we analyze a set of popular widespread software applications that use VoIP technology to provide secure communications. Applications of this category take advantage of the available bandwidth in next generation mobile network (i.e., UMTS, LTE), and are built with privacy and security by design features. The last category includes commercial solutions, which rely on the use of specialized hardware, such as an external headset, to offer voice encryption for both GSM and VoIP communications.

The rest of the paper is structured as follows. Section 2 provides the background by analyzing the GSM voice processing steps, as well as protocols and technologies used for voice transmission over IP. Next, Section 3 includes the threat model, as well as the security and functionality requirements. Section 4 analyzes schemes for transmission of voice over the GSM voice channel. Section 5 describes applications for VoIP security, while Section 6 presents commercial hardware products for secure communications. Finally, Section 7 evaluates the presented solutions, mainly, in terms of security, performance and usability, while Section 8 discuss possible research directions. Finally, Section 9 concludes the paper.

Section snippets

Background

In mobile networks, voice calls have been supported using circuit-switched (CS) technology, where a dedicated voice channel is established for the transmission of voice traffic. This is the case for GSM and UMTS networks, where voice is transmitted through CS network (note that GSM has also a dedicated data channel named Circuit Switched Data (CSD), which is not suitable for voice transmission – see Section 4.1). However, UMTS networks also employ packet-switched (PS) technology for data

Threat model

Threat modeling allows us to identify every possible threat category against the system. One effective method to accomplish this step is by recognizing the capabilities of the adversary who is susceptible/prone to perform the attacks. We assume that the adversary has the following security capabilities:

  • (1)

    Man-in-The-Middle (MiTM): The adversary has the ability to have a MiTM position in the communication path between two mobile users typically by setting a false base station. In this way, the

Voice encryption limitations in GSM voice channels

As discussed above, the only solution to preserve the confidentiality of user data across the mobile telecommunication networks is the deployment of end-to-end encryption. In order to achieve that, a new encryption/decryption module has to be added in the existing transmission process that encrypts speech signal at user end, before it enters the GSM air interface.

In GSM, in order for a mobile user to make a voice call, the following procedure takes place. First, the originating mobile user will

Software solutions for voice encryption using VoIP

VoIP solutions traverse only data networks and therefore they do not experience the limitations of the previous solutions, which are based on the GSM voice channel as the transmission medium. For this reason, VoIP solutions can be built with advanced security features as they do not face performance issues as their GSM counterparts. As we mentioned in Section 2.2.1, the SIP protocol is a standard for multimedia applications that use VoIP. It is a signaling protocol to establish a session

Hardware-based solutions for voice encryption

In this section, we describe commercial voice encryption solutions, which rely on the use of an extra hardware device. We have identified three types of such devices: (i) A headset or a dedicated device that is connected between a headset and mobile phone; (ii) A Secure Element (SE) in the form of a microSD implementation or a Trusted Execution Environment (TEE); and (iii) A specialized mobile phone. It is important to mention that the list of the solutions that we analyze is not exhaustive.

Solutions for voice encryption over GSM voice channel

First, we analyze the proposed solutions for transmission of voice over GSM voice channel (Table 1 summarizes the most representative works of this category). The first observation is that several solutions propose either the use of insecure and outdated encryption algorithms or suggest the adoption of non-standardized methods, which are not compliant with well-established and widely accepted security guidelines (e.g., NIST). To exemplify, insecure algorithms that are utilized in these works

Research directions

In this section we present the identified research directions. More specifically, in light of our analysis, we believe that the future work in this area should deal with one or more of the following research issues:

  • First, future work should try to optimize data transmission over the GSM voice channel using strong encryption algorithms. The use of outdated, insecure or non-standardized encryption algorithms should be avoided by any means.

  • The evaluation of any work should take into account not

Conclusions

This paper presented and evaluated a set of end-to-end voice encryption solutions for mobile users. We identified three categories of voice encryption solutions: (i) research works that propose schemes that enable the transfer of encrypted speech over the 2nd generation mobile network voice channel; (ii) software applications that use Voice over IP technology; (iii) hardware-based commercial solutions. Our analysis showed that several solutions have a false sense of security, as they propose

Acknowledgments

This work was supported in part by the FutureTPM project of Horizon H2020 Framework Programme of the European Union, under GA number 779391, and by the H2020-MSCA-RISE-2017 SealedGRID project, under GA number 777996.

Conflicts of interest

The authors declare no conflict of interest.

Christoforos Ntantogian received his Ph.D. from the University of Athens (Department of Informatics and Telecommunications). Currently, he is an adjunct lecturer at the Department of Digital Systems of the University of Piraeus for the “Digital Systems Security” Postgraduate Programme. His research interests lie in the intersection system/software security, applied mathematics and data analysis to develop practical systems with security intelligence.

References (35)

  • B. Kotnik et al.

    Data transmission over GSM voice channel using digital modulation technique based on autoregressive modeling of speech production

    Digit Signal Process

    (July 2009)
  • H.B. Wolfe

    The mobile phone as surveillance device: progress, perils, and protective measures

  • S. Nobuyuki et al.

    New integral characteristics of KASUMI derived by division property

  • C.-Y. Li et al.

    Insecurity of voice solution volte in lte mobile networks

  • “Study on mobile device security,” Department of Homeland Security (DHS),...
  • A. Castiglione et al.

    SECR3T: secure end-to-end communication over 3G telecommunication networks

  • M. Boloursaz et al.

    Secure data communication through GSM Adaptive multi rate voice channel

  • N. Katugampala et al.

    Real-time end-to-end secure voice communications over GSM voice channel

  • M. Rashidi et al.

    Data Mapping onto speech-like signal to transmission over the GSM voice channel

  • B. Boloursaz et al.

    Secure data over GSM based on algebraic codebooks

  • M.A. Ozkan et al.

    Secure voice communication via GSM network

  • Y. Yang et al.

    A Transmission scheme for encrypted speech over GSM network

  • C.K. LaDue et al.

    A data modem for GSM voice channel

    IEEE Trans Veh Technol

    (2008)
  • A. Shahbazi et al.

    A novel speech-like symbol design for data transmission through GSM voice channel

  • A. Shahbazi et al.

    Data transmission over GSM adaptive multi rate voice channel using speech-like symbols

  • V.V. Sapozhnykov et al.

    A low-rate data transfer technique for compressed voice channels

    J Signal Process Syst

    (2012)
  • M. Boloursaz et al.

    A data modem for GSM adaptive multi rate voice channel

  • Cited by (9)

    • VoIPChain: A decentralized identity authentication in Voice over IP using Blockchain

      2023, Computer Communications
      Citation Excerpt :

      SAS authentication is a method of authenticating by reading a value between VoIP users. However, this method is ineffective and vulnerable to MITM attacks or forgery threats [15]. For this reason, both users in a call must be authenticated by a robust platform to provide secure key distribution for SRTP protocol.

    • A survey on registration hijacking attack consequences and protection for session initiation protocol (SIP)

      2020, Computer Networks
      Citation Excerpt :

      Unlike H.323, SIP is a much lighter protocol depend on HTML. SIP is an application-layer control protocol that can establish, modify, and terminate multimedia sessions (conferences) such as Internet phone calls with call flows and simple messages [4,35]. Confidentiality means safeguard secret inside information.

    • End-to-end encrypted communication security technology for mobile terminals

      2021, International Journal of Autonomous and Adaptive Communications Systems
    View all citing articles on Scopus

    Christoforos Ntantogian received his Ph.D. from the University of Athens (Department of Informatics and Telecommunications). Currently, he is an adjunct lecturer at the Department of Digital Systems of the University of Piraeus for the “Digital Systems Security” Postgraduate Programme. His research interests lie in the intersection system/software security, applied mathematics and data analysis to develop practical systems with security intelligence.

    Eleni Veroni received her B.Sc. degree in “Digital Systems” and M.Sc. degree in “Digital Systems Security”, both from University of Piraeus, Greece. She is currently pursuing the Ph.D. degree in Digital Systems Security at the Department of Digital Systems, University of Piraeus. Her research interests lie in the areas of identity management, access control, mobile and wireless network security.

    Georgios Karopoulos received his Ph.D. in Computer Network Security in 2009, from the University of the Aegean, Greece. Currently, he is a Scientific Officer at the Joint Research Center (JRC), Italy. His research interests are in the areas of network security, smart grid security and Critical Infrastructure protection.

    Christos Xenakis received his Ph.D. from the University of Athens (Department of Informatics and Telecommunications). Since 2007 he is a faculty member of the Department of Digital Systems, University of Piraeus, Greece, where currently is an Associate Professor and director of the Postgraduate Programme, “Digital Systems Security”. His research interests are in the field of systems, networks and applications security.

    This paper is for regular issues of CAEE. Reviews processed and approved for publication by the Editor-in-Chief. Dr. M. Malek.

    1

    This work was performed while the author was with the department of Informatics and Telecommunications of the University of Athens, Greece.

    View full text