Slashdot Mirror

← Back to Stories (view on slashdot.org)

PGP Creator's Zfone Encrypts VoIP

Posted by ryuzaki0 on from the so-stupid-easy-i-can-use-it dept.

Philip Zimmermann, creator of PGP wrote in to tell me about Zfone, his new system for encrypting any SIP VoIP voice stream. His first release is Mac & Linux only. I tested it with him using Gizmo as our client and it was pretty trivial to use. While it should work on most any SIP compatible VoIP client, he hopes that clients like OpenWengo and Gizmo will incorporate Zfone directly into the UI. Zfone has no centralization, and has been submitted to the IETF. He hasn't yet determined a license, but he believes strongly in releasing source code for all encryption products. A windows client is forthcoming.

14 of 150 comments (clear)

  1. My only concern by QuaintRealist · · Score: 5, Interesting

    ...is that the US (yes, I live there) will use security fears relating to terrorism to ban or severely restrict this technology. Some elements of our government seem almost Luddite (http://en.wikipedia.org/wiki/Luddite) these days.

    Sad, because this kind of encryption would permit greater use of this technology in medicine under HIPPA privacy regulations.

    --
    Using plain ol' text since 1968
    1. Re:My only concern by grub · · Score: 2, Interesting


      Entirely off topic, but it'd be nice if /. supported linking to wikipedia entries with a simple tag, ie.: if you could have used [[Luddite]] in your post much like how it works on wikipedia.

      If you use that idea, Taco, I want a piece of the action!

      --
      Trolling is a art,
  2. Releasing the source by romka1 · · Score: 2, Interesting

    If he releases the sources won't companies like Vonage that are being subjected to voip packet throttling from copetitive ISPs just take it and use this technology for free?

    --
    Visit my site @ http://www.madtorrent.com
    1. RE: Releasing the Source by GoldenWolf · · Score: 1, Interesting

      It seems to me that Vonage and other US-based VoIP carriers would have a hard time with the department of Justice if they incorporated Zfone into their products. The CALEA requires providers to cooperate with law enforcement wiretapping.

      For example, George Bush decides that you're a "Terrorist" and (without a warrant) orders your calls wiretapped. The Feds go to Vonage and demand to wiretap you. This leaves Vonage in a difficult position. What's going to happen if Vonage tells the Feds, "Sorry, but we can't give Bush a recording of this person's phone calls because our software/hardware incorporates strong encryption." Vonage will get hammered for failure to cooperate under the CALEA.

      If VoIP providers incorporate Zfone in their software/hardware, you can bet there's some sort of backdoor so law enforcement can record your VoIP calls. If there's a law enforcement backdoor, some black-hat hacker will eventually find it. Then, you're right back where you started--anyone with some technical background can tap your conversation.

      The only way Zfone is going to be useful is if it is implemented in an open source application. You can't be 100% sure that there isn't a flawed/buggy implementation or a deliberate backdoor if you can't see and review the source. So don't expect the VoIP providers to implement Zfone in their software. And if they do, unless they release thesource, it's probably snake-oil.


      http://en.wikipedia.org/wiki/Communications_Assist ance_for_Law_Enforcement_Act

  3. No PKI? by fossa · · Score: 2, Interesting

    Would it be useful to have the option, for those of us who have friends' PGP keys, to do the Zfone key handshake via PGP encryption that rather than verifying something by voice? It's fantastic from a "getting people to use it" perspective that it does not rely on PKI, but those who have already taken the plunge shouldn't be punished :)

  4. Why not encrypt by default by Matt+Perry · · Score: 5, Interesting
    This article has me wondering about something. Why aren't we encrypting things by default? Why isn't encryption being built into the protocol when it's designed? It always seems that it gets tacked on afterwards, if at all, and we're worse off in the long run for it. Take VNC for example. If you want that encrypted you're told to send it over SSH. Wouldn't it be great if VNC traffic was encryped by design right from the start? The same applies to any other traffic (VoIP, IM, whatever). What happens is that many people don't encrypt because of the difficultly or they don't know any better. Unencrypted traffic is sent putting them at risk.

    We know the network is hostile and retrofitting encryption onto something after the fact doesn't always work either because too many people using the unencrypted protocol, it's too hard to configure (as opposed to being mostly automatic like ssh connections), or just general security ignorance. What's really holding us back?

    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
  5. great by Anonymous Coward · · Score: 3, Interesting

    great idea, this is very much needed. I don't know how secure this actually is, the writer (phillip zimmermann) said he builds the encryption into tcpstack of whatever operating system the user is running and the key exchange is done automatically between hosts.. he also makes the statement that this technology/standard (zfone) would be integrated into the end-user software, in the near future. I'm not sure why he's so confident, it's nice but who's to guarantee any sip softphone end-points or better yet, hard telephones, will actually have this built in.

    hmm.. i wonder if I have linux nat router running this (and it being my default gateway, if it will automatically encrypt any sip sessions if the end system is running the zphone gui. I mean this apparently works at the network layer (like tcpdump, promiscuously), I wonder if it has to be running on the same system the sip session is originating from. oh dear, i really need to replace my dlink router these days.

  6. SRTP? by Gerald · · Score: 2, Interesting

    What's the difference between this and SRTP?

  7. Related project by Anonymous Coward · · Score: 5, Interesting

    There was a presentation from another group (wasn't Phil, although he was there) at DefCon 13 relating to reverse-engineering the GSM voice compression so that data could be fed through a GSM voice link accoustically with almost no overhead (in other words, at close to the GSM native digital bandwidth). The intent being to provide a means to attach accoustic peripherals (handsfree headset for example) that could perform encryption and send the encrypted, digitized voice over the GSM link accoustically (to be recieved and decoded by a similar device on the other end), thus allowing encrypted voice communication over an untrusted and unmodified cell phone without the need to install any software.

    1. Re:Related project by twiddlingbits · · Score: 2, Interesting

      From your description they just re-invented the Modem using Digital instead of Analog and with encryption. This isn't new, the STU-XX secure phones used by the Government for Classified voice calls work very much the same way. Might be some IP infringement issues with thier work as well.

  8. Well... by Anonymous Coward · · Score: 3, Interesting

    SIP is just a protocol that sets up connectivity and media control; the stream itself is not covered by the SIP protocol. For that, you need something that supports Secure RTP (SRTP), which encrypts the payloads of all RTP streams. If you've managed to encrypt SIP, all you're doing is encrypting call setup and feature requests. Your conversation is not encrypted.

  9. My security fears by webweave · · Score: 5, Interesting

    I don't live in the US but I live very close and almost all of my IP traffic travels through the US at some point and my worry is that any business information collected by the US/CIA/FBI or other US agency would be made available to US companies. There have been court cases in the past of US sponsored spying benefiting US companies. They say they are after terrorist but who knows? With the knowledge of past activities of US spies and the current computing power of the US agencies all foreign businesses would be well advised to encrypt all sensitive information.

    http://www.motherjones.com/news/feature/1994/05/dr eyfuss.html

    http://web.nps.navy.mil/~relooney/4141_Spring2002. pdf

    http://www.commondreams.org/headlines/070200-02.ht m

    Not using encryption is to believe GWB when he says "Trust me"

  10. Re:Encryption is hard by kwerle · · Score: 2, Interesting

    That's because you skipped the hardest step - the out-of-band communication necessary to establish key authenticity. The first time you connect to a host via ssh, it displays a fingerprint and asks you if it should be trusted. Most people don't value encryption enough to even bother installing the relevant software, what makes you think that they value encryption enough to figure out a way of validating the fingerprint securely?

    At the risk of summoning the ire of cryptographers everywhere:
    So what.

    Skip the whole fingerprint validity thing - I do all the time. I never call the sysadmins of machines I'm using to make sure their self-signed certs are really them (mail, https, ssh, whatever). It has bit me 0 times. As far as I'm concerned, that answer is just an excuse to dismiss a trivially simple 90% solution. As a matter of fact, my system uses secure SMTP (what's the right acronym?) in it's MTA. Nobody validates SMTP's keys for sending - they just trust the message is going to the right machine and sends it encrypted. Folley! But it works fine.

    But partial security is worse than no security!

    BS. There is no total security. Someone can always root that machine and get your password.

    In the meantime we have VNC in the clear, because "encryption is hard to do".

    Total security is virtually impossible. Encryption is pretty easy, and we'd all be better off using more of it.

  11. Re:User friendly encryption.. by user9918277462 · · Score: 2, Interesting
    I can do a Diffie-Hellman key exchange which adds zero complexity to the user experience: no key management hassles at all.

    You're proposing using a system with known design vulnerabilities. See my comment above re: false security vs no security at all.

    As soon as you add key management into the mix (which is absolutely crucial and, due to the strength of modern ciphers, becomes the keystone of security) things get very complicated very quickly (as you allude to wrt SSH).

    That is not to say that it is an insurmountable problem: an example is web browser SSL. The mechanics of key authentication and distribution are actually quite complex, however this is hidden almost entirely from the user. This is done through a large and relatively robust crypto infrastructure which was created because commerce makes SSL necessary. The public's right to privacy does have the same corporate backing.