Slashdot Mirror

← Back to Stories (view on slashdot.org)

PGP Creator's Zfone Encrypts VoIP

Posted by ryuzaki0 on from the so-stupid-easy-i-can-use-it dept.

Philip Zimmermann, creator of PGP wrote in to tell me about Zfone, his new system for encrypting any SIP VoIP voice stream. His first release is Mac & Linux only. I tested it with him using Gizmo as our client and it was pretty trivial to use. While it should work on most any SIP compatible VoIP client, he hopes that clients like OpenWengo and Gizmo will incorporate Zfone directly into the UI. Zfone has no centralization, and has been submitted to the IETF. He hasn't yet determined a license, but he believes strongly in releasing source code for all encryption products. A windows client is forthcoming.

34 of 150 comments (clear)

  1. typo by Yahweh+Doesn't+Exist · · Score: 5, Funny

    >His first release is Mac & Linux only.

    you misspelled Windows.

    oh... that makes a refreshing change.

  2. My only concern by QuaintRealist · · Score: 5, Interesting

    ...is that the US (yes, I live there) will use security fears relating to terrorism to ban or severely restrict this technology. Some elements of our government seem almost Luddite (http://en.wikipedia.org/wiki/Luddite) these days.

    Sad, because this kind of encryption would permit greater use of this technology in medicine under HIPPA privacy regulations.

    --
    Using plain ol' text since 1968
    1. Re:My only concern by Anonymous Coward · · Score: 4, Insightful

      I'd say it's dissapointing that the post had to link to a definition of Luddite in the first place.

  3. Important Stuff by WebHostingGuy · · Score: 4, Insightful

    This is important stuff as more and more phone traffic is routing open in the internet. While most people do not believe their emails are totally private, when it comes to talking on the phone I believe there is a perception (and assumption) that no one else is listening. SIP, Asterisk and all the flavors of VOIP is changing telecom and encryption is necessary.

    --
    Quality Hosting e3 Servers
  4. Phil and Jon by MDMurphy · · Score: 4, Funny

    For some reason I got to thinking about Phill Zimmerman and DVD John [Johansen]. Both seem to pop up now and then and give us all reasons to smile.

    Hmm... I wonder if Phil could come up with security that Jon couldn't find a way around?

    1. Re:Phil and Jon by merreborn · · Score: 3, Insightful

      I'm sorry, did I miss the story about DVD John breaking the public key encryption model? And blowfish? And the cypher du-jour?

      He's released cracks for various pieces of software, but it's not like the guy's actually broken actual strong encryption algos.

      http://en.wikipedia.org/wiki/Jon_Johansen#Other_pr ojects

    2. Re:Phil and Jon by Jah-Wren+Ryel · · Score: 4, Insightful

      He's released cracks for various pieces of software, but it's not like the guy's actually broken actual strong encryption algos.

      And such 'cracks' are the best way to attack otherwise strong crypto-systems - don't try to crack an algorithm -- crack the implementation. Look for the vulnerabilities in the systems that use strong cryptography and find the back-doors, or break in a hole in the wall, but trying to go mano-a-mano with the entire crypto community isn't a smart thing and you are exactly right -- that isn't what DVD-Jon has ever done.

      Not that I would imply that CSS is a strong algorithm, it ain't. But the new stuff for BLU-HD-RAY uses AES and the stuff that the Zim-man is using to security VOIP also uses tried and true crypto algorithms. That doesn't mean there won't be flaws in the implementations that can be exploited and Jon-Jon He's Our Man, If He Can't Exploit It, No One Can!!! Yeah Jon. Or something like that.

      --
      When information is power, privacy is freedom.
  5. It would also.. by TheAxeMaster · · Score: 3, Insightful

    It would also almost totally negate any ISP's attempt at shaping VOIP traffic to try and get people to buy their service instead. This has been somewhat of a question in recent months, but if you can encrypt your stream, then there's not much chance they can slow your packets. I'm all for the increased security as well. Now if we can only get them to cut down on the spam....

    1. Re:It would also.. by ozmanjusri · · Score: 4, Funny
      Hence we are back to stenography.

      Is that shorthand for steganography?

      --
      "I've got more toys than Teruhisa Kitahara."
  6. What ever happened to PGP Phone? by WarlockD · · Score: 3, Insightful

    The MIT Website has taken it down, but I remember it working somewhat well between two IP address.

    Was it just too far ahead of its time?

    1. Re:What ever happened to PGP Phone? by Winged · · Score: 3, Informative

      PGPFone was a wonderful idea. The protocol it used was messy as all hell. I talked with Phil about it in 1997; he said that it wasn't being maintained because it didn't lend itself to being extended to actually use participants' PGP keys (instead of just "I hear this voice" authentication), and that at that point all rights to it were owned by the company that had just purchased PGP Corporation.

  7. Why not encrypt by default by Matt+Perry · · Score: 5, Interesting
    This article has me wondering about something. Why aren't we encrypting things by default? Why isn't encryption being built into the protocol when it's designed? It always seems that it gets tacked on afterwards, if at all, and we're worse off in the long run for it. Take VNC for example. If you want that encrypted you're told to send it over SSH. Wouldn't it be great if VNC traffic was encryped by design right from the start? The same applies to any other traffic (VoIP, IM, whatever). What happens is that many people don't encrypt because of the difficultly or they don't know any better. Unencrypted traffic is sent putting them at risk.

    We know the network is hostile and retrofitting encryption onto something after the fact doesn't always work either because too many people using the unencrypted protocol, it's too hard to configure (as opposed to being mostly automatic like ssh connections), or just general security ignorance. What's really holding us back?

    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
    1. Re:Why not encrypt by default by Savage-Rabbit · · Score: 4, Informative

      This article has me wondering about something. Why aren't we encrypting things by default? Why isn't encryption being built into the protocol when it's designed? It always seems that it gets tacked on afterwards, if at all, and we're worse off in the long run for it. Take VNC for example. If you want that encrypted you're told to send it over SSH. Wouldn't it be great if VNC traffic was encryped by design right from the start? The same applies to any other traffic (VoIP, IM, whatever). What happens is that many people don't encrypt because of the difficultly or they don't know any better. Unencrypted traffic is sent putting them at risk.

      There are lots of reasons why encryption isn't being widely used. For one thing there is the normal tinfoil hat reason, ie. that the people in charge don't want it becausy they wouldn't be able to stick their nose where it don't belong so they try to prevent such technology from being widely used. Alot has also to do with cost and computing overhead. Encrypting can be an expensive thing to do in terms of computing power and especially so if everything form all the network communications protocols to storage media content is bening encrypted. Doning encryption with special hardware is one solution but that adds cost and also the problem of the hardware algorithms becoming obsolete like WEP for example. Just try to get ahold of, say a 100mb photoshop file. Now copy it into the user home directory of a regular user on an OS.X machine, then do the same for antoher user using 'File Vault'. You will quickly discover that the latter operation takes alot longer since those 100mb's of Photoshop file are being encrypted. You should notice similar problems when comparing normal unencrypted file transfers over a network with transfers over a high strength encrypted link. VPN for example works noticably slower using port forwarding over an SSH tunnel.

      --
      Only to idiots, are orders laws.
      -- Henning von Tresckow
    2. Re:Why not encrypt by default by Noksagt · · Score: 5, Insightful
      • Technological
        • Encryption implementation isn't free.
        • Encryption maintenance isn't free.
        • Unencrypted traffic is easier to sniff (which may be legitimately important).
        • Encrypyed traffic has a higher CPU overhead (which isn't always made up for).
        • Some people prefer to have one really good encryption program (SSH or a VPN) to route all traffic over.

      • Legal
        • Encryption can't always be exported from every country to every other country.
        • Sometimes it may be illegal to encrypt traffic.


    3. Re:Why not encrypt by default by chefmonkey · · Score: 4, Informative
      Why isn't encryption being built into the protocol when it's designed?

      For any IETF protocol developed in the past 10 years or so, it is. For example, RFC 3261 (which defines SIP) makes TLS encryption *mandatory* to implement. It does allow the users/administrators/whatever to turn it on and off, but you can't say your implementation is RFC 3261 compliant unless it contains TLS encryption.

      For most other important protocols defined before the IESG required strong security in all protocols, there have been significant efforts to revise them as necessary to provide encryption. For example, RFC 3711 defines a mechanism for encrypting RTP (the voice packets in a VoIP call).

      Anyone who bothers to actually implement to spec already has released products that do encryption, many by default. For example if I use the Snom 360 SIP phone on my desk to call anyone else using a client that has actually implemented all of RFC 3261 (instead of whatever small portion of it amused them) and implemented RFC 3711, both the signaling and the media will be strongly encrypted BY DEFAULT. And that's the way it was configured when I took it out of the box.

      The fact that some current implementations don't bother following spec impugns their designers and implementors, not the protocols they're using. Using the standardized VoIP protocols available today, everyone *should* be able to make encrypted calls.
  8. Re:Releasing the source by HolyCrapSCOsux · · Score: 5, Insightful

    Wouldn't that kinda be the point?

    --
    0xB315AA8D852DCD3F3DCA578FD2E0BF88
  9. great by Anonymous Coward · · Score: 3, Interesting

    great idea, this is very much needed. I don't know how secure this actually is, the writer (phillip zimmermann) said he builds the encryption into tcpstack of whatever operating system the user is running and the key exchange is done automatically between hosts.. he also makes the statement that this technology/standard (zfone) would be integrated into the end-user software, in the near future. I'm not sure why he's so confident, it's nice but who's to guarantee any sip softphone end-points or better yet, hard telephones, will actually have this built in.

    hmm.. i wonder if I have linux nat router running this (and it being my default gateway, if it will automatically encrypt any sip sessions if the end system is running the zphone gui. I mean this apparently works at the network layer (like tcpdump, promiscuously), I wonder if it has to be running on the same system the sip session is originating from. oh dear, i really need to replace my dlink router these days.

  10. Encryption is hard by user9918277462 · · Score: 5, Informative

    Because encryption is very difficult to do correctly. And we should all know by now that a false sense of security is worse than no security at all.

    There's also the not insignificant fact that encryption is complex to use and administer. Adding in robust encryption is not free from a user-friendliness perspective. Much thought has to be put into reducing the user-visible complexity as much as possible so that the user base will actually use the encryption, and use it in such a way that security is preserved. Not trivial.

  11. Checksums, distro needs sigged. by Anonymous Coward · · Score: 4, Insightful

    As there is no cryptographic signature on the package, these are my sums
    as received. Please compare and post if yours are different.

    SHA1 (zfone-linux.tar.gz) = aa9ac66a5dce43cff2639787f30e939078b47ebe
    MD5 (zfone-linux.tar.gz) = c6a47feca0fd5cb5bf72a8f6a1e8f207

    PRZ, please sign your packages! Thanks, World.

  12. I agree, it is hugely important by maillemaker · · Score: 4, Insightful

    Hopefully, this will be the straw that breaks the camel's back.

    Ultimately, ALL traffic should be encrypted, whether it is VOIP, email, web browsing, whatever.

    The guy is right when on his home page he talks about how it is so difficult to implement this sort of stuff as an add-on for emails, managing keys and the like. It's why no one does it. Of course, there has always been a computing overhead, also, which is why only pages that "need" to be secured currently are. But as horsepower goes up, those limitations should go away.

    Ultimately, it should be a matter of course before all traffic that goes in our out of your computer is encrypted by default.

    Hopefully this is the start of something huge!

    Steve

    --
    A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
    1. Re:I agree, it is hugely important by stephentyrone · · Score: 3, Informative

      yes, but the nice thing is that for most encryption methods, the work to do the encryption grows linearly (at worst polynomially), whereas the work to break the encryption grows exponentially in key size. the larger the key gets, the bigger the gap between work to encode and work to decode.

    2. Re:I agree, it is hugely important by Myria · · Score: 3, Informative

      Almost all commercial multiplayer games use encryption as security-through-obscurity, usually by using custom algorithms. In online games, you're trying to keep cheaters from manipulating packets, not keep eavesdroppers from watching.

      For https and such, setting up the connection is the majority of the work. Public-key key exchange (public-key certificates, Diffie-Hellman, etc.) is an expensive operation because it requires a modular exponentiation on the part of the server. However, once the connection is set up, the cost of encrypting each packet is extremely small.

      Melissa

      --
      "Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
  13. PGPfone, Speak Freely by Noksagt · · Score: 4, Informative

    I can remember Phil's PGPfone which was released before VoIP was "the next big thing." It used GSM speech compression and 3-DES/CAST/Blowfish cryptography "to give you the ability to have a 'real-time' secure telephone conversation" (directly over 14.4 Kbps (or faster) modem-to-modem, through the Internet, or through AppleTalk).

    That died. It is good to see a new alternative that has adopted newer standards.

    Another "oldy but goody" was Speak Freely.

  14. Related project by Anonymous Coward · · Score: 5, Interesting

    There was a presentation from another group (wasn't Phil, although he was there) at DefCon 13 relating to reverse-engineering the GSM voice compression so that data could be fed through a GSM voice link accoustically with almost no overhead (in other words, at close to the GSM native digital bandwidth). The intent being to provide a means to attach accoustic peripherals (handsfree headset for example) that could perform encryption and send the encrypted, digitized voice over the GSM link accoustically (to be recieved and decoded by a similar device on the other end), thus allowing encrypted voice communication over an untrusted and unmodified cell phone without the need to install any software.

  15. Who needs encryption? by Shanesan · · Score: 3, Funny

    Igpay atinlay isway ethay estbay ayway otay encryptway ouryay onversationcay!

  16. Ob. Simpsons Ref by magefile · · Score: 5, Funny

    Could Phil microwave a burrito so hot even Jon couldn't eat it?

  17. Well... by Anonymous Coward · · Score: 3, Interesting

    SIP is just a protocol that sets up connectivity and media control; the stream itself is not covered by the SIP protocol. For that, you need something that supports Secure RTP (SRTP), which encrypts the payloads of all RTP streams. If you've managed to encrypt SIP, all you're doing is encrypting call setup and feature requests. Your conversation is not encrypted.

  18. In other news... by gizmonic · · Score: 3, Funny

    Philip Zimmermann has apparently vanished from the face of the earth. Film at 11.

    --
    WWJD?
    JWRTFM!
  19. Re:traffic shaping reality check by wolrahnaes · · Score: 3, Insightful

    The mention of 911 gives me an idea for an interesting angle to ensure ISPs can't neuter VoIP.....claim that by doing so they're endangering lives in the event of a 911 call.

    --
    I used to get high on life, but I developed a tolerance. Now I need something stronger.
  20. Encryption by Mark_MF-WN · · Score: 3, Funny

    Let's be honest -- this guy needs to go to jail NOW. Privacy is almost as treasonous as sharing or questioning your leaders.

    1. Re:Encryption by advocate_one · · Score: 3, Funny
      Privacy is almost as treasonous as sharing or questioning your leaders.

      no, sorry, you can keep Bush... do not share him...

      --
      Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
  21. Re:Why not use OpenSSL? by rodac · · Score: 5, Informative

    VoIP is different from most other traffic types in that it is hard realtime and needs real low latency. This means VoIP uses UDP

    OpenSSL builds encrypted sessions over TCP. TCP is not designed to work well for the requirement space needed by VoIP.
    If fact, it just would not work well at all.

  22. Re:Why not use OpenSSL? by Cthefuture · · Score: 4, Informative

    OpenSSL is not just an SSL API. It's a full cryptographic API. The socket stuff is not even in the core crypto library. There is libssl and then there is libcrypto. Both are part of OpenSSL.

    OpenSSL is a misnomer.

    I didn't mean "use SSL", I meant use OpenSSL the cryptographic library that supports all that standard stream ciphers. You can use whatever networking stuff you want outside of OpenSSL.

    --
    The ratio of people to cake is too big
  23. My security fears by webweave · · Score: 5, Interesting

    I don't live in the US but I live very close and almost all of my IP traffic travels through the US at some point and my worry is that any business information collected by the US/CIA/FBI or other US agency would be made available to US companies. There have been court cases in the past of US sponsored spying benefiting US companies. They say they are after terrorist but who knows? With the knowledge of past activities of US spies and the current computing power of the US agencies all foreign businesses would be well advised to encrypt all sensitive information.

    http://www.motherjones.com/news/feature/1994/05/dr eyfuss.html

    http://web.nps.navy.mil/~relooney/4141_Spring2002. pdf

    http://www.commondreams.org/headlines/070200-02.ht m

    Not using encryption is to believe GWB when he says "Trust me"