Slashdot Mirror
PGP Creator's Zfone Encrypts VoIP
Philip Zimmermann, creator of PGP wrote in to tell me about
Zfone, his new system for encrypting any SIP VoIP voice stream. His first release is Mac & Linux only. I tested it with him using Gizmo as our client and it was pretty trivial to use. While it should work on most any SIP compatible VoIP client, he hopes that clients like OpenWengo and Gizmo will incorporate Zfone directly into the UI.
Zfone has no centralization, and has been submitted to the IETF.
He hasn't yet determined a license, but he believes strongly in releasing source code for all encryption products. A windows client is forthcoming.
>His first release is Mac & Linux only.
you misspelled Windows.
oh... that makes a refreshing change.
...is that the US (yes, I live there) will use security fears relating to terrorism to ban or severely restrict this technology. Some elements of our government seem almost Luddite (http://en.wikipedia.org/wiki/Luddite) these days.
Sad, because this kind of encryption would permit greater use of this technology in medicine under HIPPA privacy regulations.
Using plain ol' text since 1968
This is important stuff as more and more phone traffic is routing open in the internet. While most people do not believe their emails are totally private, when it comes to talking on the phone I believe there is a perception (and assumption) that no one else is listening. SIP, Asterisk and all the flavors of VOIP is changing telecom and encryption is necessary.
Quality Hosting e3 Servers
For some reason I got to thinking about Phill Zimmerman and DVD John [Johansen]. Both seem to pop up now and then and give us all reasons to smile.
Hmm... I wonder if Phil could come up with security that Jon couldn't find a way around?
It would also almost totally negate any ISP's attempt at shaping VOIP traffic to try and get people to buy their service instead. This has been somewhat of a question in recent months, but if you can encrypt your stream, then there's not much chance they can slow your packets. I'm all for the increased security as well. Now if we can only get them to cut down on the spam....
If he releases the sources won't companies like Vonage that are being subjected to voip packet throttling from copetitive ISPs just take it and use this technology for free?
Visit my site @ http://www.madtorrent.com
Encrypting phone calls would be worse than committing a stnank. Do so and Trogdor will burninate yo' ass!
No... there's no easter egg... I don't feel like it.
PK-SIP ?
Sheesh, Phil, now that would have made me laugh!
The MIT Website has taken it down, but I remember it working somewhat well between two IP address.
Was it just too far ahead of its time?
Would it be useful to have the option, for those of us who have friends' PGP keys, to do the Zfone key handshake via PGP encryption that rather than verifying something by voice? It's fantastic from a "getting people to use it" perspective that it does not rely on PKI, but those who have already taken the plunge shouldn't be punished :)
But Phil Zimmerman and his organization are not based outside the US. I'm not a lawyer, but I don't think (and maybe I'm talking out of my ass) it would matter any. If there are laws, I bet he'd be breaking them wherever he released it. He can't just put it in his pocket and walk across the border and call it good, the Black Helicopter Guys won't buy that.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
We know the network is hostile and retrofitting encryption onto something after the fact doesn't always work either because too many people using the unencrypted protocol, it's too hard to configure (as opposed to being mostly automatic like ssh connections), or just general security ignorance. What's really holding us back?
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
great idea, this is very much needed. I don't know how secure this actually is, the writer (phillip zimmermann) said he builds the encryption into tcpstack of whatever operating system the user is running and the key exchange is done automatically between hosts.. he also makes the statement that this technology/standard (zfone) would be integrated into the end-user software, in the near future. I'm not sure why he's so confident, it's nice but who's to guarantee any sip softphone end-points or better yet, hard telephones, will actually have this built in.
hmm.. i wonder if I have linux nat router running this (and it being my default gateway, if it will automatically encrypt any sip sessions if the end system is running the zphone gui. I mean this apparently works at the network layer (like tcpdump, promiscuously), I wonder if it has to be running on the same system the sip session is originating from. oh dear, i really need to replace my dlink router these days.
You know - I appreciate exactly what you're saying. This really isn't a bad country in a lot of ways, but it's always easier to complain about the things that are broken than to fix them. I'm trying to do better at that, but...
You remind me of the Churchill quote. You know, the one about democracy being the worst system of government except for all the others.
Using plain ol' text since 1968
Because encryption is very difficult to do correctly. And we should all know by now that a false sense of security is worse than no security at all.
There's also the not insignificant fact that encryption is complex to use and administer. Adding in robust encryption is not free from a user-friendliness perspective. Much thought has to be put into reducing the user-visible complexity as much as possible so that the user base will actually use the encryption, and use it in such a way that security is preserved. Not trivial.
As there is no cryptographic signature on the package, these are my sums
as received. Please compare and post if yours are different.
SHA1 (zfone-linux.tar.gz) = aa9ac66a5dce43cff2639787f30e939078b47ebe
MD5 (zfone-linux.tar.gz) = c6a47feca0fd5cb5bf72a8f6a1e8f207
PRZ, please sign your packages! Thanks, World.
The jedi mind trick doesn't work too well when it's typed. Try again next time. You are not a winner.
What's the difference between this and SRTP?
Hopefully, this will be the straw that breaks the camel's back.
Ultimately, ALL traffic should be encrypted, whether it is VOIP, email, web browsing, whatever.
The guy is right when on his home page he talks about how it is so difficult to implement this sort of stuff as an add-on for emails, managing keys and the like. It's why no one does it. Of course, there has always been a computing overhead, also, which is why only pages that "need" to be secured currently are. But as horsepower goes up, those limitations should go away.
Ultimately, it should be a matter of course before all traffic that goes in our out of your computer is encrypted by default.
Hopefully this is the start of something huge!
Steve
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
I can remember Phil's PGPfone which was released before VoIP was "the next big thing." It used GSM speech compression and 3-DES/CAST/Blowfish cryptography "to give you the ability to have a 'real-time' secure telephone conversation" (directly over 14.4 Kbps (or faster) modem-to-modem, through the Internet, or through AppleTalk).
That died. It is good to see a new alternative that has adopted newer standards.
Another "oldy but goody" was Speak Freely.
It's about time someone finally followed the EFF's advice!
There was a presentation from another group (wasn't Phil, although he was there) at DefCon 13 relating to reverse-engineering the GSM voice compression so that data could be fed through a GSM voice link accoustically with almost no overhead (in other words, at close to the GSM native digital bandwidth). The intent being to provide a means to attach accoustic peripherals (handsfree headset for example) that could perform encryption and send the encrypted, digitized voice over the GSM link accoustically (to be recieved and decoded by a similar device on the other end), thus allowing encrypted voice communication over an untrusted and unmodified cell phone without the need to install any software.
Igpay atinlay isway ethay estbay ayway otay encryptway ouryay onversationcay!
Could Phil microwave a burrito so hot even Jon couldn't eat it?
Any Ekiga (formerly GnomeMeeting) devs care to comment on whether they'll support this?
SIP is just a protocol that sets up connectivity and media control; the stream itself is not covered by the SIP protocol. For that, you need something that supports Secure RTP (SRTP), which encrypts the payloads of all RTP streams. If you've managed to encrypt SIP, all you're doing is encrypting call setup and feature requests. Your conversation is not encrypted.
I'm thinking MSN Messenger and Google Talk should add this to their VoIP features. Right now talking with VoIP unencrypted over the 'net makes me a bit uneasy.
However, though encrypting your VoIP communications might make them more secure, they're also much more likely to be flagged by systems like ECHELON, which automatically tag traffic that is encrypted as suspicious.
ermm.... unless the traffic were going over totally standard ports... which it still is.
Tangentially, let's not forget that sometimes one *wants* to be able to shape traffic. If you can't tell a voip call from an evercrack connection, they both get equal priority, and that's bad news for your mom and 911.
--Naomi
Philip Zimmermann has apparently vanished from the face of the earth. Film at 11.
WWJD?
JWRTFM!
Grumberto? Is that you?
-Peter
I know the API isn't the greatest and the documentation completely sucks but someone with OpenSSL knowledge could put together a SIP-friendly API in a couple hours.
At least then you're using a public, well hammered on API and would have a multitude of algorithms to choose from. I mean OpenSSL is used in tons of stuff and gets lots of field testing.
I have never understood the point of PGP with its proprietary crap formats when there are open, standardized formats for the stuff it is typically used for (S/MIME, X509, PKCS#12, etc.) and that are supported in standard applications rather than require some goofy PGP add-on.
The ratio of people to cake is too big
Nope, just an abuse Red Steckled Elbermung (Sr.) At least I get some good The Chekts to eat when Grond Sad eats all of the pizza and Crisps.
Indeed. And that hardware SIP devices start adopting it (some should be able to adopt it via firmware, not that the hardware manufacturers will actually DO that).
I hope my ATA has the grunt to do both the codec work and the crypto and they adopt this if it is ratified. I've seen some tables which outline the approximate CPU requirements of various codecs against various CPU architectures often used in embedded (like MIPS). Those tables are apparently intended for choosing CPU's for VoIP devices. I hope my ATA designers were not too cheap to have this crypto.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
Let's be honest -- this guy needs to go to jail NOW. Privacy is almost as treasonous as sharing or questioning your leaders.
This is kind of a major problem since PKI infrastructure hassle is one of the main reason that most people don't use encrypted email, although the means for doing this has been around for years now.
I don't live in the US but I live very close and almost all of my IP traffic travels through the US at some point and my worry is that any business information collected by the US/CIA/FBI or other US agency would be made available to US companies. There have been court cases in the past of US sponsored spying benefiting US companies. They say they are after terrorist but who knows? With the knowledge of past activities of US spies and the current computing power of the US agencies all foreign businesses would be well advised to encrypt all sensitive information.
r eyfuss.html
. pdf
t m
http://www.motherjones.com/news/feature/1994/05/d
http://web.nps.navy.mil/~relooney/4141_Spring2002
http://www.commondreams.org/headlines/070200-02.h
Not using encryption is to believe GWB when he says "Trust me"
Methinks Phil needs a Linux box!
hehehe j/k.
Has _anyone_ got this thing to build?
Hey Phil,
Pretty good response time from the last time I paged you about whether you'd get this out before it was banned/in time.
Glad to see its finally out.
Now, just so I get to use this before I get Asterisk working...and so that a lot of other people start using it by default...
Are we going to see a Vonage version? I'm sure there are problems...how about placing a computer between the incoming router and the Vonage phone adapter? With the subnet provided by my isp, that's my current setup, a dsl modem that also routes the subnet, then linksys routers at each public ip address, plus the Vonage router/adapter at its own public ip address. So I can talk to computers on the lan behind the linksys router, the web server is behind another linksys/ip, and the Vonage adapter on its own ip behind the adsl router and switch distributing to each linksys/Vonage adapter. It would be simple with this setup to place a computer between the Vonage adapter and the switch.
That's assuming your technology would work between the Vonage adapter and any switch or adsl router/modem.
If not, can we expect an update that includes Vonage capability? With the number of Vonage customers, it would provide a much larger userbase for adoption of your tech, so a lot more individual voip users would have their end encrypted.
I'm not holding my breath for Vonage to adopt your tech. They won't. They already made it clear that they are the man in the middle, and therefore they are already intercepting calls for the government. Adopting your technology will throw a monkey wrench in the works, and Vonage will be under pressure to keep providing access to calls, even though competitive pressure may demand some encryption scheme. If they had to encrypt because your tech becomes widely adopted, I still fully expect them to use an alternate encryption scheme, where they retain their man in the middle capability and capability to sniff calls for the government. Or to use an encryption scheme like skype uses, where they refuse to release the source code so it can be independently evaluated for robustness/holes/weaknesses.
Adding Vonage to your market base will help your project, and everyone concerned about security of phone conversations. Please consider it. Thanks for your efforts to date, for everything. Keep it up.
Why do some people jump all over protocol-specific encryption as helping terrorists, or other such nonsense?
There is a great deal of concern over Skype being encrypted. People say it can be used by terrorists for encrypted communication. The thing is, throw up a VoIP server of some kind (Even the free ones like Ventrilo or TeamSpeak), and connect to it using something like Hamachi. Bam! All your UDP voice traffic is encrypted.
Heck, you can even do it with TCP. SSH tunnels encrypting two-way Shoutcast streams. Huzzah! Encrypted two-way voice communication! Heck, pump the shoutcast stream over HTTPS and that'd be encrypted too.
So, this is why I don't get it. Why complain about Skype when there will always be ways to encrypt voice traffic over the internet? Programs like Hamachi (Encrypted P2P VPN solution with an IM-like interface) make it insanely easy to set up more secure solutions than Skype, and there is always SSH tunnels as a fallback.
So how does this relate to the current situation? Well, people are sure to complain that this new program somehow helps terrorists. So I'm just saying that that is BS.
Hmmmmm, could one use this method to get around some of these pesky Quality Of Service restrictions? Because we all know the carriers like to enforce these things to keep you from getting quality from your VoIP service.
"I bow to no man" - Riddick
Because it isn't always needed.
VNC? What if I'm only using it over a Cat-5 cable on a private network? Who am I encrypting it from?
You've always got FreeNet. But you aren't using it are you?
Get your Unix fortune now!
I have a 22 year old sister that I'd like to introduce him to.
I NEED a guy like this in the family.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Stop embarrasing us.
-a Madison resident
Meanwhile, is the name zFone or Zfone? It may be trivial, but from a marketing point of view I believe it matters. The application's "zFone" menu doesn't even seem to know (there are two menu items that say "zFone" and two with "Zfone").
And I can mitigate MITM risk, ssh style by having each host generate an asymmetric key pair, storing remote host's public key the first time I talk to it, and warning the user when the key changes. This does add a little bit of user complexity, of course.
Zfone does something slightly different: The reason is that Zfone does not store any keys: Simple Diffie Hellman exchenge is what is being done by some bittorrent clients for instance (Azureus, among others). In that case authentication is irrelevant, since we are talking to unknown peers anyhow. But I think it's also quite good for telephony. My assumption about the privacy of my phone call is that it is private unless wiretapping occurs (which requires a warrant and a certain amount of telco work), and a MiTM attack should be the digital equivalent.
So is this one Free Software?
(and can you redistribute it once you've provided your email address to Phil for the download link?)
It's a soft requirement not a hard one.
Like most multimedia aplications it has soft realtime requirements.
If a frame is late, then it's not used. This means you get a slight cut-out on audio or missing frame in video, which is annoying but not a system critical failure. You can use larger buffers, but this will increase the latency. voip can't be hard realtime until there are hard guarentees all the way though the path of the packets, that means every single machine!
Hard realtime requires a response within a defined window. Failure to do this means fatal system failures, such as the phonecall hanging up*, the missile going off course, shuttle exploding, etc.
As you can see, hard realtime isn't the easiest thing in the world to achieve, and changing from a 'best-effort' Soft system to a Hard system isn't possible, practically speaking.
*The phonecall case above has hard-realtime requirements on the air interface.
"No, it shouldn't. Just because encryption is a very useful hammer does not mean that everything is a nail.
:)
Thanks to Moore's Law, encryption is cheap -- but it's still not free. That's OK for things like E-mail, where the two end-systems handle only a handful of messages at a time. But if the Web suddenly switched from HTTP to HTTPS overnight, Web servers would collapse left and right from having to juggle thousands of simultaneous encrypted connections. Plus, the overhead for setting up an encrypted link is much higher than an unencrypted link, thanks to things like session key negotiation; for short-lived sessions like most HTTP traffic, the cost of setting up the link would dwarf the cost of actually transmitting the data."
Would you please just stop complaining and just fix the problem? Thanks.
Seriously, though - Perhaps you missed it but I already said encryption takes computing power, which is why it isn't done by default today - only pages that require encryption currently get it. I understand today's limitations. I'm talking about the future.
"There are a lot of networking applications where the contents of the packets is just plain not worth protecting from sniffers. Things like multiplayer games and most Web surfing usually fall under that category. There's no reason to force the added overhead on those applications just because we can."
Most of the contents of things sent through the US mail are not worth protecting from people steaming them open, either. But the fact is, even things that ARE worth protecting are relatively secure simply because of the amount of effort it would take to try and examine all mail would be monstrous. Thus the whole system is relatively secure because of the level of effort required to distinguish the "good stuff" from the junk.
If all TCP/IP traffic were encrypted, you'd have the same situation. 99% of the stuff wouldn't be worth decrypting - but the 1% of stuff that was would never be found because you couldn't tell the junk from the "good stuff".
This would strengthen privacy, P2P sharing, VOIP, and totally take the wind out of the sails of the Telcos who want to use packet filtering to cripple the transmit speeds of content they don't like.
Steve
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
HIPAA, yep, I can almost type sometimes. Anyway, the regs require you to exercise due diligence with regard to transmitting private data. Problem is, with new technologies, nobody knows what the Feds will decide due diligence would be...
You'd be amazed what a practice like ours spends on long distance. So we'd love to use VOIP, but our HIPAA officer freaks out about stuff that's not specifically covered in the regs.
Using plain ol' text since 1968
Just the same experience under OpenSUSE.
Frustrating.