Secfone
Secure VoIP based mobile communication for Android™
phones
INTRODUCTION
• Security is facing more and more popularity and becoming the focus of technology:
• Extreme viruses• Sophisticated spy applications• Thousands of malwares
+• Easily accessible and cheap spy
hardwares from internet web stores
More and more company tries to reply and develop its own application choosing from good available encrypting mechanisms, however inadequate utilization involve more serious vulnerability and false safety feeling
INTRODUCTION
• To be secured and protected:• Best available encryption technology has to be used• Hidden and real secure authenticated method has to be used• Have to be ensured that softwares cannot access to encryption keys• Have to ensured that encryption method cannot be deciphered• Have to be ensured that 3rd party application cannot use our device
and by-pass applied security
The solution is MVCN™ based security devices
The MVCN™ network
Secfone is part of MVCN product line…
The MVCN™ layer
• Patented 3 level key exchange mechanism:
Hardware based encryption and authentication
• 448bit Blowfish CBC for voice/data encryption (variable) with constantly changing keys
• 2048bit RSA keys for Authentication• 1024bit RSA keys for communication key exchange
Role of MVCN™ layer
• Authentication• Authenticates an ensures the participants
• Encryption• Encrypt and decrypt dataflow with continuously changing keys between
communicating devices
• Privacy• No 3rd party device, no server, no central application can access to user
communication
Hardware based
Hardware based
Hardware encryption device
CRYPTOCARD
TPM chip in:SecboxSecbox HSecbox IndustrialRabbit
Cryptocard:Secfone RedSecfone OrangeiSecfoneSecBerry
No known method can access to keys (x-ray, electron-microscope, etc.)
Keys and encryption method never revealed to application
w
Burned into MVCN™ server
Secfone 1 (SF1) Secfone 2 (SF2)
Stored on MVCN™ server
• Server decoding key • SF1 encoding key
Burned into Crypto card
• SF1 decoding key
• SF2 IP address, encoding key
Burned into Cypto card
• SF1 decoding key
MVCN™ - key exchange
Connection re
quest to SF2
Stored on Crypto card Stored on Crypto card
• Server encoding key • Server encoding key
Server response: S
F2 IP address, S
F2 encoding key
• SF2 encoding key
• SF1 IP address, encoding key
Connection request from SF1 to SF2
SF1 IP address, encoding key request
Server response SF1 IP address, SF1 encoding key
Server response: SF2 IP address, SF2 encoding key
VoIP communication
• Calls are VoIP based:– Encrypted communication is working on
almost any kind of IP based network (Wi-Fi, WiMAX, LTE, HSDPA, UMTS, EDGE, etc.)
– 3 VoIP layer:• Session Initiation Protocol• Session Description Protocol• Realtime Transport Protocol
Session Initiation Protocol in Secfone
• SIP protocol– IETF defined signaling protocol– Opens communication sessions over IP network– The protocol enables to open, modify and close two or multiparty sessions
• Secfone uses modified SIP protocol:– Basic SIP P2P call (through MVCN network)– Basic SIP signaling (ringing, ringtone, busy tone, waiting tone, etc.)– Caller name and number display– Call waiting, muting– Voice compressing and time fragment size (packet time) negotiation through SDP– Missed calls and call history– Local user directory– Volume control
Session Description Protocol
• Session Description Protocol (SDP) • A format for describing streaming media initialization parameters in an ASCII
string.
• SDP is used in Secfone in conjunction with the SIP and RTP protocols
• Constrained to general session and connection description parameters.
• The media section of the SDP protocol is used for media attributes negotiation:
– The speech codec to be used by both peers during the negotiated session
– The RTP packet time (ptime) to be used by both peers during the negotiated session
Applied speech codecs
• Automatic and optimized speech codec selection by network quality
WiFi (ptime: 60ms):•Speex10 (24.6 kbps)
•Speex9 (18.2 kbps)+ the complete 3G offer
3G (ptime: 100ms):•Speex8 (15 kbps)
•Speex7 (15 kbps)
•BroadVoice16 (16 kbps)
+ the complete EDGE offer
EDGE (ptime: 140ms):•Speex6 (11 kbps)
•Speex5 (11 kbps)
•Speex4 (8 kbps)+ the complete GPRS offer
GPRS (ptime: 180ms):•AMR_NB 4.75 (4.75 kbps)
•Speex4 (8 kbps)
• Narrow Band Adaptive Multirate Codec (AMR-NB) is applicable
•AMR-NB 4.75 kbps•AMR-NB 5.15 kbps•AMR-NB 5.90 kbps•AMR-NB 6.70 kbps•AMR-NB 7.40 kbps•AMR-NB 7.95 kbps•AMR-NB 10.2 kbps•AMR-NB 12.2 kbps
•Speech codecs are user selectable
•Speech codecs are changed during calls by network quality
•AMR codec rate changes during calls by network quality
BEST AVAILABLE VOICE QUALITY
Realtime Transport Protocol
• The Real-time Transport Protocol (RTP) • defines a standardized packet format for delivering audio and
video over IP networks
Altering network characteristics wouldresult in non-enjoyable voice quality *note that „jitter” comes from that latency which is the
delay of receiving and playing the sound – not network latency
RTP jitter control was developed forSecfone
Low latency playback with a low packet rejection rate, ensuring both high quality sound and good conversation properties
CRYPTOCARD
Encryption / decryption by HARDWARE
Nothing can access to encryption keys
Adaptive and safety software application for :
1.Best quality voice communication over IP networks2.3rd party spy application detection3.Continuous and hidden key changing during communication
Authentication and encryption protocol is MVCN™
Secfone infrastructure and characteristics
Secfone infrastructure and characteristics
Secured data/voice communication
through SecboxPrinterComputerFile sharingEtc.
Secured data/voice communication
in industrial environment
SurvaillenceCamera systemsMonitoringEtc.
Secured voice/data communication
with other SecfonesVoiceSMSFile sharing
Minimal data requirement for Secfone
•The device needs to have a functional MicroSD Card slot•Minimum CPU requirement of the device is 1 GHZ•Minimum RAM requirement is 512 MB•Minimum free space on the phone: 6.3 MB
•HTC Desire Android 2.2 Sense•HTC Desire S Android 2.3.3 Sense•HTC Incredible S Android 2.3.3 Sense•HTC Sensation•Samsung Galaxy S Android 2.1/2.2•Samsung Galaxy S (NTT Docomo) Android 2.3.3•Samsung Galaxy S II•LG p350 Android 2.2.2
Supported devices:
Requriements:
MVCN™ protocol for Secfone
P2P communication
In case the Secfones are behind a firewall type not supported by MVCN they use proxy
Retail server options for customers
• Private Server• The server is installed by Navayo and hosted by
the customer• One time fee• Absolutely private infrastructure
• Hired server• The server is installed and hosted by Navayo• Monthly fee• Navayo guaranteed service
Secure telephone conferencing
• Secfone enables secure teleconferencing for a large number of users at the same time
• Conference rooms can be accessed through Secbox connection
• Up to 500 participants at one time depending on hardware set-up
• Voice messages can be left in the conference rooms
Secfone secure mail service
• E-mail server is connected to the Internet through Secbox network security device
• Proxy is set on the Secfone device to enable connection to the e-mail server
• E-mail traffic is encyripted between the device and the e-mail server
• 3rd party SCB technology allows logging of Administrator activity providing added security
• The phone’s default e-mail client is used
Secure data access
Thank you for your attention!