Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Company Makes Inconspicuous Secure Cellphone

ScuttleMonkey posted more than 8 years ago | from the price-tags-that-probably-cause-physical-pain dept.

328

dponce80 writes "With concerns over privacy at an all-time high, it's refreshing to hear that Swiss company VectroTel is making a secure mobile phone. The X8 encrypts secure calls (the unit is also able to make regular calls) with a virtually unbreakable 128-bit key, itself generated through a Diffie-Hellman exchange. While transmission does get somewhat delayed, communication is secure."

cancel ×

328 comments

Sorry! There are no comments related to the filter you selected.

What does this mean for eavesdropping? (5, Funny)

kneeslasher (878676) | more than 8 years ago | (#15385559)

Does this mean that Government agencies cannot listen to our oh-so-important phone calls? Typical. Millions if not billions of our tax money wasted if this technology becomes widely adopted.

Re:What does this mean for eavesdropping? (3, Funny)

Bromskloss (750445) | more than 8 years ago | (#15385583)

Millions if not billions of our tax money wasted if this technology becomes widely adopted.
Which is of course better than both having spent all the money _and_ then getting harmed (spied on) by it.

Re:What does this mean for eavesdropping? (-1, Flamebait)

Columcille (88542) | more than 8 years ago | (#15385788)

Somehow I fail to feel harmed if someone hears my conversations. Somehow I do feel harmed if someone blows me up in an attack coordinated using various telecommunication services that the govt was not able to track because of so many people whining. The attack, of course, would immediately be followed with great cries of outrage about how the government didn't do enough to stop the attacks, and how the evil George Bush might have even known it was coming and wanted it to happen. And then the government would do more to try and prevent future attacks, only to meet with lots of people whining about what they are doing so they have to back off which opens the door for another attack and and and...

Re:What does this mean for eavesdropping? (3, Insightful)

kneeslasher (878676) | more than 8 years ago | (#15385856)

I think the above post should be taken in the spirit it was written: as a good joke suitable for chuckles all round. Would that I had mod points to mod it funny. Possibly we should petition /. to create a new type of modifier: ironic, but I fear its subtlety would be lost upon the majority.

Just in case the parent was not tongue in cheek:

Is it only myself for whom liberty from large entities (like the Goverment) is worth purchasing with a risk? Didn't many brave souls die for this in the past and continue to do so? Isn't that the bargain: liberty (and eternal vigilance), or the illusion of security?

Re:What does this mean for eavesdropping? (4, Insightful)

advocate_one (662832) | more than 8 years ago | (#15386027)

Somehow I fail to feel harmed if someone hears my conversations.

would you be happy then if the "government" listened in on your phonecalls with your lawyer? or your tax attorney? or your doctor? or your psychiatrist? or your stockbroker? or your mistress? or your wife? or your election campaign manager? or any of a myriad of things you would rather not get out into public or potentially be used against you?

Google for Swiss + Cryptogate (0, Interesting)

Anonymous Coward | more than 8 years ago | (#15385699)

A bit of research will reveal the Swiss reputation in this area is in tatters. There are also laws that more or less say phone approval is dependant on law enforcement access.

Notably, none of this is open source, although, cryptolib is there for the taking. One supposes flawed exchanges make the pretense of 128 bit ok to bragg about. No thanks, OpenBSD rocks.

A number of firms have thought about these black boxes, and given up, because they will be 'red-threaded' or not get approval. If they post a deed that they have not 'cooperated' then one might buy for the right to sue later. No deed, no sale.

Can you hear me now?? (5, Funny)

ghoul (157158) | more than 8 years ago | (#15385771)

Verizon Guy: Can you hear me now?
NSA analyst: No

Re:Can you hear me now?? (1)

Ingolfke (515826) | more than 8 years ago | (#15385913)

Verizon Guy: Can you hear me now?
NSA analyst: No
*

* Which in NSA speak means, yes... most definitely. We've got a satellites, crypto breaking computers you've never even dreamed of, listening devices, and backdoors in the hardware. The hardest thing for us NSA analysts to do is to decide which source we want to listen from. Of course we're not going to tell YOU any of this. So No, can't hear you... keep on talkin'.

Re:Can you hear me now?? (1)

jacksonj04 (800021) | more than 8 years ago | (#15386033)

I'm curious as to why a foreign manufacturer would build backdoors in their hardware.

Re:What does this mean for eavesdropping? (1)

ajs318 (655362) | more than 8 years ago | (#15385772)

Well, unless we get to examine the source code, we have no way to know how secure the thing really is. And if it's using Diffie-Hellmann key exchange, then all MI5 or GCHQ or whoever's listening have to do is mount a classic MITM attack.

Re:What does this mean for eavesdropping? (1)

azrider (918631) | more than 8 years ago | (#15385980)

The "initial key exchange" is performed before any communications are attempted (at setup time). The article specifically mentions "shared secret". By definition, this excludes a MitM type attack, unless the MitM is also in the circle of *allowed* communicators

Re:What does this mean for eavesdropping? (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15385815)

"Millions if not billions of our tax money wasted if this technology becomes widely adopted."

You're looking at it the wrong way. Millions if not billions of our tax money that doesn't have to be wasted spying on innocent people chatting with their friends.

Sorry, but your surveillance apologism really demands that reply. You don't make innocent civilians safer by placing them under surveillance. You make them less safe. Stop wasting our time, money, and freedom when you should instead be spying on actual criminals, you know, getting a warrant based on probable cause and investigating to ascertain guilt. That is, if you're really interested in catching guilty parties and not just subjugating everyone under your militaristic future fantasy.

Re:What does this mean for eavesdropping? (1)

kneeslasher (878676) | more than 8 years ago | (#15385888)

My fault: I should have made clear that the money is wasted in any case. I didn't mean to imply that the money is used for a good purpose if encryption didn't exist... merely that this invention makes it crystal clear that the money was always wasted.

Re:What does this mean for eavesdropping? (0)

Anonymous Coward | more than 8 years ago | (#15386032)

I started to suspect that when I read one of your other comments; I'm glad I misread. It's hard to tell sometimes these days.

This sounds like a really good idea (4, Insightful)

Freaky Spook (811861) | more than 8 years ago | (#15385565)

Except anyone who uses one would probably be labelled a terrorist.

Re:This sounds like a really good idea (1)

aadvancedGIR (959466) | more than 8 years ago | (#15385603)

Maybe not if you are the only one buying it (in that case, you're just the average paranoid geek), but anyone buying a dozen of those will sure be interesting.

Re:This sounds like a really good idea (5, Insightful)

Opportunist (166417) | more than 8 years ago | (#15385609)

So label me.

I'm willing to defend my freedom to death. If necessary, against my government.

And I bet, the US founding fathers would be proud of me.

Re:This sounds like a really good idea (0)

Anonymous Coward | more than 8 years ago | (#15385750)

I hope you carry some ID with you. They'll aim for the head. You won't be very recognizable afterwards.

And you will have accomplished nothing.

Still willing to die for your illusory "freedom"?

By the way, your founding fathers are long dead and won't be proud of anyone.

Re:This sounds like a really good idea (2, Insightful)

BkBen7 (926853) | more than 8 years ago | (#15385789)

[blockquote]"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God! I know not what course others may take; but as for me, give me liberty or give me death!"[/blockquote]

Re:This sounds like a really good idea (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15385795)

Nice words. But only words. They don't fill the stomach or pay the bills. Check out the real world from time to time.

Nice (4, Insightful)

hummassa (157160) | more than 8 years ago | (#15385905)

Not only you are Anonymous, but these were spoken like a true Coward!!!!

Re:This sounds like a really good idea (1)

Opportunist (166417) | more than 8 years ago | (#15386016)

I don't question anymore why the world is the way it is. If that's the opinion of the common man out there... fill my stomach, give me shelter, and I won't care for anything else.

Re:This sounds like a really good idea (1)

Opportunist (166417) | more than 8 years ago | (#15385992)

Counter question, is life worth living if it is to be in chains?

(No comments from bondage lovers, please...)

Everyone has their own set of ideals. Everyone has their values. Everyone has their priorities. Yours might be your life. Mine is my freedom.

Re:This sounds like a really good idea (1)

melonman (608440) | more than 8 years ago | (#15385762)

Precisely. It's the same problem as routinely using PGP for emails - while third parties may not be able to browse your email content, it pretty much guarantees that [i]all[/i] your Internet traffic, at the very least, gets more scrutiny. I know of a real example of this involving (funnily enough) Swiss missionaries in Africa - they weren't doing anything illegal, but a bit of encryption was enough to convince the local security forces otherwise. For most people, getting lost in the crowd is the best option, and, for those who are on the run from the CIA, this mobile phone doesn't help, unless the manufacturers have also found a way to stop people from triangulating the signal.

Re:This sounds like a really good idea (1)

makomk (752139) | more than 8 years ago | (#15385809)

For most people, getting lost in the crowd is the best option

But this doesn't help, say, non-US businesses competing with large US corporations who are (rightly) worried they might be targeted for espionage by dodgy govenment agencies for economic/political reasons. (I'm sure the US isn't the only country which does this either...)

Re:This sounds like a really good idea (-1, Flamebait)

sexyrexy (793497) | more than 8 years ago | (#15385823)

Which, interestingly enough, is a good argument for why government monitoring of phone calls doesn't really matter - because the bottom-tier analyst pouring over call data doesn't give a shit about your veterinary appointment or the fact that your wife is having an affair (wait slashdot... uh... back to the vet thing) or anything else about your life for that matter. Or mine or anyone else's, except people who are doing something that deserves attention. And if you are doing something that makes the government feel like it needs to kick in your door and drag you away, then I do not feel sorry for you. It's a simple matter to avoid suspicion - don't do anything suspicious! If you are a good person you have nothing to fear.

Re:This sounds like a really good idea (0)

Anonymous Coward | more than 8 years ago | (#15385862)

If you are a good person you have nothing to fear.

Thats the spirit Citizen.
  --Agent Smith

Re:This sounds like a really good idea (0)

Anonymous Coward | more than 8 years ago | (#15385892)

And who defines what is good or bad? What if you have christians taking powers and ordering the execution of all people who don't fear god. By their logic if you don't fear god, then you have to be up to something bad. Your arguement sucks!

Not a new idea (1)

jeroendekkers (803638) | more than 8 years ago | (#15386050)

Cryptophone (URL:http://www.cryptophone.de/) has been around for some time.

Virtually unbreakable? (2, Insightful)

foundme (897346) | more than 8 years ago | (#15385566)

I think it's asking to be broken, and I bet it will be.

Re:Virtually unbreakable? (2, Interesting)

Stellian (673475) | more than 8 years ago | (#15385682)

Vanilla Diffie-Hellman is susceptible to man in the middle attacks because it provides no authentication.
The only way to have true security is to cache the public key of the other party on first call (a la ssh), or better, to have the phones exchange keys through IR when they are placed one next to the other.

Re:Virtually unbreakable? (1)

elFisico (877213) | more than 8 years ago | (#15385957)

It is possible to break ANY encryption scheme by brute-force (trying all possible keys). The question is: how long will it take? Getting at the information of the phone talk several months afterwards is close enough to "unbreakable" for most applications...

Useless (4, Funny)

cerberusss (660701) | more than 8 years ago | (#15385571)

While transmission does get somewhat delayed, communication is secure.

This is of course useless for phone sex.

Me: "So, what are you wearing?"
Gf: "..."
Me: "What are you wea*"
Gf: "A hot small negli*"
Me: "Sorry, please continue"
(...)
Gf: "A hot small neglige and nothing else"
Me: "*grunt* and then?"
(...)
Gf: "I didn't hear you. What did you say after then?"
Me: "Uh nothing, I was just asking, what do*"
Gf: "Is this thing on? Oh wait now I hear you. Can you repeat?"
Et cetera.

Re:Useless (1, Funny)

Anonymous Coward | more than 8 years ago | (#15385627)

Anyone who uses communications interception and decryption for the sole purpose of listening to geeks having phone sex is punishing himself enough already :-(

"Oh baby, compile me hard!"
"Mount my hardware, yeah!"
"I put on my wizard robe and hat..."

Etc.

Re:Useless (1)

Rocketship Underpant (804162) | more than 8 years ago | (#15385687)

That sounds like my Skype calls, but without the benefits of encryption. :/

(And, er, I'm talking about the broken-up audio, not the conversation topic.)

Re:Useless (1)

orthodoxRebel (962439) | more than 8 years ago | (#15385808)

I never knew the girl on the other end of a 900 number is considered a girlfriend...

Re:Useless (-1)

Anonymous Coward | more than 8 years ago | (#15385965)

You mean your girlfriend hasn't told you about our calls together, or you don't consider her your girlfriend?

Official product page (1)

Bromskloss (750445) | more than 8 years ago | (#15385572)

Their products page [vectrotel.ch] reveal that they have two models (both with encryption). Of course, this is something you _could_ build yourself on top of an ordinary mobile phone, but naturally, it's convenient to just buy one. (On a side note, one of the models is bloated with a camera.)

Are people really this paranoid? (0, Troll)

Viol8 (599362) | more than 8 years ago | (#15385575)

I can see this being useful for governments (and probably
criminals) but is the average man in the street really paranoid
enough to want one? GSM is already encrypted - albeit weakly - but
well enough to stop some telecoms script kiddy hearing what you're
saying , and if you want to stop the government listening in to
your conversations then you're out of luck anyway , since they'll
just bug you some other way.

So whats the point?

Re:Are people really this paranoid? (1)

rf0 (159958) | more than 8 years ago | (#15385720)

Belts and braces? Prehaps every little bit helps. If someone really want to hear you won't stop them but it will add an extra bit of armour to you

Re:Are people really this paranoid? (1)

h_benderson (928114) | more than 8 years ago | (#15385747)

This device is thought to secure your calls against eavesdropping from the Telcos (read: the government). The GSM encryption will not guard you against that, as the telcos still have the possibilities to store and deliver to the government your unencrypted voice data. And this is exactly what they do in Switzerland, where the producer of this device is located (see http://cryptome.sabotage.org/ch-ilets-regs.htm [sabotage.org] ).

From their FAQ page:

I'VE BEEN TOLD THAT THE TELECOMMUNICATION PROVIDERS ALSO USE AN ENCRYPTION, DON'T THEY?
Yes, they do. But this kind of encryption called A5 is not effective enough to secure your calls. With the so called 'IMSI Catcher' A5 encryption can be turned off. Another fact is that their encryption is only effective between your mobile phone and the Base Station. The whole way through the network (public?), and maybe some more over the air radio connection, the call is not protected by this encryption.

Re:Are people really this paranoid? (3, Insightful)

Anonymous Coward | more than 8 years ago | (#15385841)

To paraphrase the saying, "it's not paranoia if you're actually being watched."

The reason to encrypt is not to make it impossible for investigators to hear you -- because, as you said, they can bug you in some other way. The reason is to make it impractical to do widespread monitoring of innocent people. When all calls are encrypted, investigators have to do a little actual work to bug a call, so it's impossible to instantly tap all the innocent callers as they'd like.

And if you've been following current events at all, you'll notice that a large portion of America isn't nearly as "paranoid" as it should be.

Re:Are people really this paranoid? (0, Troll)

Viol8 (599362) | more than 8 years ago | (#15386008)

What is it with the adolescent moderators? Anyone who dares disagree
slightly with the line taken by the article gets modded as a troll??
Wtf is going on here??! How excatly was I trolling you amateur hour
moron moderator?

Re:Are people really this paranoid? (3, Interesting)

meringuoid (568297) | more than 8 years ago | (#15386044)

if you want to stop the government listening in to your conversations then you're out of luck anyway , since they'll just bug you some other way.

It's far, far easier for the government to bug all the phone lines (as they're currently doing, I might add) at a central point, and then plug in to someone's conversations at will. If you're using an encrypted phone, then Echelon / Carnivore / AT&T / Dubya's Latest Secret Illegal Wiretap can't listen in. The government have to break in to your house, take a screwdriver to your phone and physically bug the thing.

Can the government spy on everybody by bugging the telephone exchange? Yes, easily, and they're doing just that. Can the government spy on everybody by secretly bugging every last individual phone? No, it would be prohibitively expensive. Have the NSA burgle every single house individually and fiddle every single phone? Impossible.

Encrypting phone calls makes it enormously more expensive and difficult for the government to spy on you. That's got to be a good thing.

unbreakable? (4, Interesting)

legallyillegal (889865) | more than 8 years ago | (#15385579)

virtually unbreakable 128-bit key,

isn't WEP also 128 bit?

Re:unbreakable? (5, Informative)

Bromskloss (750445) | more than 8 years ago | (#15385596)

isn't WEP also 128 bit?
WEP isn't insecure due to its 128 bits, but due to other problems [wikipedia.org] . As I understand it, anyway.

Re:unbreakable? (1)

kailoran (887304) | more than 8 years ago | (#15385602)

WEP is (usually) very crappy 128bit. The "very crappy" part being the problem.

Re:unbreakable? (0)

aadvancedGIR (959466) | more than 8 years ago | (#15385658)

128 kbit can be a very good security, in particular if one key only protects only few data.
A GSM voice com is less than 100kB/min of com, far less than Wifi and not enough to be able to guess the key for a com of a "normal" duration (less than a few monthes).
In such a case, the security issue is not the key length, but wether it can be exchanged safely.

Re:unbreakable? (0)

Anonymous Coward | more than 8 years ago | (#15385685)

Yeah, but WEP broadcasts bits of its key with each packet - unencrypted. So collect enough packets, and you can get the key.

Re:unbreakable? (1)

Colonel Angus (752172) | more than 8 years ago | (#15385939)

WEP sucks (as I understand it) not because its encryption isn't strong enough, but because it uses the same key for all communications. Generate new keys based on a given passphrase as data is transmitted and it become much more secure... WPA.

If that's wrong, help a brother out and clear that up.

Re:unbreakable? (0)

Anonymous Coward | more than 8 years ago | (#15386031)

More importantly, if you have the key, why would you want to break it?

Re:unbreakable? (1)

rbarreira (836272) | more than 8 years ago | (#15386042)

You have a point if the implementation is crappy, but if it's not, it's IMPOSSIBLE to break a 128 bit key. Even if you had a trillion computers (which the NSA doesn't).

Feasibility for US Market? (3, Insightful)

oostevo (736441) | more than 8 years ago | (#15385586)

This may sound like an asinine question, I know, but I don't have much experience with cell phones at all.

Since this cellphone is made in Switzerland, a country that presumably has differing cell phone communication standards than the US does, is it possible to buy and use this cellphone in the US with a normal US carrier? Or would we have to wait and hope for a company to build something similar for the US?

Thanks, and sorry for the ignorance.

Re:Feasibility for US Market? (1)

Aussie (10167) | more than 8 years ago | (#15385608)

Probably a moot point, I imagine the US gov wouldn't be too keen to have these available to the general public.

Re:Feasibility for US Market? (3, Interesting)

Bromskloss (750445) | more than 8 years ago | (#15385621)

is it possible to buy and use this cellphone in the US with a normal US carrier?
I think so, at least one of their phones [vectrotel.ch] . That one uses the three bands 900 MHz, 1800 MHz and 1900 MHz. The former two is used in europe (during a call the phones switches frequency bands depending on which one gives the best connection, or something similar), while the latter is used in USA (among other places, I think). That indicates that it is possible to use it in the states too.

Re:Feasibility for US Market? (4, Informative)

ajs318 (655362) | more than 8 years ago | (#15385818)

Not quite. The 900 and 1800MHz bands are used by different service providers. In the UK, 900MHz is used by Vodafone and O2, and 1800MHz is used by Orange and T-Mobile. Before the advent of the venerable Nokia 3210, most phones were single-band and were built using two PCBs: one for the main processor, audio circuitry, keypad and display, and one for the RF stuff {which would be made in 900 and 1800 versions and the phone assembled accordingly}. The 3210 used a single PCB capable of doing both RF bands. The cost saving associated with the single-board design {no expensive multiway connectors, and a better process hit rate} outweighed the cost of the extra components.

A phone connected to a base station will always us one or the other band. But within each band there are several channels; the phone and base station automatically select the best channel continuously throughout a call {if another subscriber disconnects and the channel they were using is better, your conversation will switch to that channel}. The whole process is kept seamless because both phone and base station change at the same time, between data packets.

Re:Feasibility for US Market? (1)

amorsen (7485) | more than 8 years ago | (#15385893)

The 900 and 1800MHz bands are used by different service providers.

In Denmark several providers have both 900MHz and 1800MHz in service. 900MHz is used to provide coverage in sparsely-populated areas, and 1800MHz is used to provide capacity in dense areas.

Re:Feasibility for US Market? (1)

jonwil (467024) | more than 8 years ago | (#15385898)

Most modern Motorolas can do multiple bands (either tri-band or quad-band depending on the market)

Re:Feasibility for US Market? (1)

fatted (777789) | more than 8 years ago | (#15385784)

Where do you think your Nokia phone is from? Finland (ok probably actually made in Asia, but you get the picture).

It says in the article that its a GSM phone. GSM is the standard used in Europe (and a fair chunk of the rest of the world) and is also supported and used in the USA (T-Mobile for one), albeit at 1900MHz. Most modern GSM phones support at least 3 GSM bands 900, 1800 and 1900Mhz, so theres no reason to think that a "premium" phone like this Swiss model wouldn't; especially since you'd imagine they'd want to get selling in the US consumer market.

need to ask Bruce on this one.. (1, Interesting)

molo (94384) | more than 8 years ago | (#15385607)

To protect you from misuse by a third party we secured the crypto functions by a user-determined PIN code

There goes all that security. What is the point of trying to break a 128-bit session key if there is just a simple PIN code to break instead? Looks like someone should have read Bruce Schneier.

-molo

Re:need to ask Bruce on this one.. (4, Insightful)

Havenwar (867124) | more than 8 years ago | (#15385696)

Uhm... you should realize the pin code is on the phone, securing access to the crypto functions of that specific phone... if you want to listen in without being a part of the conversation you will still have to break the session key.

Re:need to ask Bruce on this one.. (0)

Anonymous Coward | more than 8 years ago | (#15385835)

Or "borrow" one of the phones in the night and steal the key there. Not exactly a trivial thing to do though.

Re:need to ask Bruce on this one.. (1)

Havenwar (867124) | more than 8 years ago | (#15385876)

Not possible - the key is session specific... generated at the start of a call and deleted after it is over. Even if they have access to your phone they wouldnt get any help in breaking the crypto... but of course by that time you probably have worse problems than phone line security. Like bugs. But it all depends on the scenario, really... who is trying to listen in? Why? what other methods are you using to secure the rest of your life?

Having an encrypted phone line sounds a bit like overkill if you leave your frontdoor unlocked... But it has its place in a complete solution. If it's the right solution for you or now... well that all depends on who you dont want to know.

Re:need to ask Bruce on this one.. (3, Informative)

bananaendian (928499) | more than 8 years ago | (#15385703)

The pin number is something you input on the phoneset to get physical access to the crypto software. It has nothing to do with the over-the-air encryption.

Re:need to ask Bruce on this one.. (1)

h_benderson (928114) | more than 8 years ago | (#15385716)

Breaking of the pin code will not compromise the one-time keys used for conversations. From their page:

The keys are recalculated for each call and deleted directly afterwards so that there is no possibility to reconstruct any keys.

Re:need to ask Bruce on this one.. (1)

iainl (136759) | more than 8 years ago | (#15385786)

The Pin code is to stop someone 'borrowing' your phone for a minute without your knowledge and fiddling with the encryption settings, by the sound of things.

What about authentication? (4, Insightful)

marsvin (84268) | more than 8 years ago | (#15385610)

DH is a way to exchange an encryption key over a public network, but it doesn't tell you who you are talking to. GSM calls are never point to point, so there is always a "man in the middle".

I'm not saying it's necessarily snake oil, but the lack of any details certainly doesn't inspire any confidence.

Re:What about authentication? (2, Insightful)

Anonymous Coward | more than 8 years ago | (#15385643)

There are several known ways of defeating this for DH key agreement. The simplest is to display a hash on both ends. Talk to each other. If you recognize the voice on the other end and the hashes match, you're golden. Dead simple, low tech, and reliable. Also, tough to fool.

Re:What about authentication? (1)

marsvin (84268) | more than 8 years ago | (#15385673)

Good point. Is there any way for one party to force the use of a particular key in DH?

It's interesting to see how quickly you go from simple theory to implementation details in cryptography...

Re:What about authentication? (1)

szo (7842) | more than 8 years ago | (#15385661)

Do you really think it's a problem? First, you can recognize your peer's voice. As for the man in the middle, for realtime, voice conversation, the delay would be too big to go undetected.

Re:What about authentication? (1)

marsvin (84268) | more than 8 years ago | (#15385664)

Yeah, but you don't know if you're talking directly to the other party, or whether there is someone in the middle, talking to the both of you, and listening.

Re:What about authentication? (3, Informative)

Stellian (673475) | more than 8 years ago | (#15385714)

First, you can recognize your peer's voice. As for the man in the middle, for real time, voice conversation, the delay would be too big to go undetected.

Funny guy.
Just in case you were serious, a MIM attack against this phone would tap in the data path with 0 delay, there is no need for an actual "man" in the middle. Eve makes the key agreement with both Alice and Bob (different keys), and then decrypts and re-encrypts the data stream on the fly.

Re:What about authentication? (4, Informative)

ajs318 (655362) | more than 8 years ago | (#15385854)

This is how it's supposed to work: Alice calls Bob. Bob answers. Alice generates a key pair and sends one of the keys to Bob, keeping the inverse. Bob also generates a key pair and sends one to Alice, keeping the inverse. Alice encrypts everything she sends against the key she received from Bob. Bob decrypts it using the inverse key he generated. Bob sends everything to Alice encrypted against the key Alice sent him. She has the inverse key and can decrypt everything Bob sends.

All clear now? Well, this is how it might work in practice, with a malicious interloper we'll call Mallory:

Alice tries to call Bob. Mallory intercepts the call, pretending to be Bob; gets the key Alice sends, and in return sends her a key {which Alice thinks is from Bob}. A fraction of a split second later Mallory places a call to Bob, pretending to be Alice, and sends Bob a key. Bob thinks Mallory's key is really Alice's key and sends a key to "Alice". Whatever Alice says is encrypted against the key sent to her by Mallory, who -- having the opposite key -- can decrypt it, re-encrypt it against the key which Bob has, and send it on to Bob. Mallory has a nice, fast computer that can do decryption and re-encryption in real time; in reality, it only has to be twice as fast as the processor in either of their telephones. Whatever Bob says is encrypted against a key sent to him by Mallory, who can decrypt it and re-encrypt it against Alice's key. Mallory has both sides of the conversation, in the clear, and neither Alice nor Bob are any the wiser.

Re:What about authentication? (2, Interesting)

bananaendian (928499) | more than 8 years ago | (#15385748)

it doesn't tell you who you are talking to. GSM calls are never point to point, so there is always a "man in the middle".

ah, but this point [philzimmermann.com] was made well with Zimmerman's Zfone [philzimmermann.com] - you do the authentication yourself by having a conversation with the person on the other end and determining if he is the person he claims he is. Relying on complex certificate authorities and key management schemes makes most secure communications systems unfeasable - the old usability vs. security paradox.

Additional security and integrity is ensured by a calculated HASH checksum that is indicated on the display

and it seems you also stop Man-in-the-Middle attack similarly as in Zfone, by being able to read and confirm the hash checksum with the person you're talking to...

PCS (1)

Enderandrew (866215) | more than 8 years ago | (#15385615)

The funny thing is that when PCS technology first emerged, the same claims were made. It was encrypted, and each signal was overlaid with 19 other conversations to make it near-impossible to clone, or eavesdrop, unlike normal digital cell phones.

However, what most people don't know is that the Marine Corps invented PCS technology back in the Viet Nam era, and no doubt the government can listen in if they so decided.

Re:PCS (1)

nxtw (866177) | more than 8 years ago | (#15385902)

It doesn't matter.

Calls are only secure "over-the-air". This keeps people from scanners from hearing your call (as they could with analog) and, as you stated, harder to clone. If the government really wanted to monitor your calls, they'd do it at the switch level, when your call is simply an audio bitstream running over fiber or copper. I think most (all?) cellular carriers have had easy-to-use eavesdropping functionality in place for government use for the last few years.

They can also triangulate your position, especially with the assisted GPS available in CDMA phones.

Re:PCS (0)

Anonymous Coward | more than 8 years ago | (#15385959)

The funny thing is that when PCS technology first emerged, ...
[...]
However, what most people don't know is that the Marine Corps invented PCS technology back in the Viet Nam era...


Correct me if I'm wrong, but isn't 'PCS' just refering to the 1900MHz band used for digital phone service? Which in turn than might be used for GSM, CDMA or whatever? So AFAIK, there is no "PCS technology"

Man in the middle (5, Interesting)

nfarrell (127850) | more than 8 years ago | (#15385619)

Just in case you didn't RTFA, the phone displays a hash on the display. As long as you read this one to whoever you're talking to, you more-or-less foil a man-in-the-middle attack.

I'm more worried about the proprietry algorithm for the encryption, and how it's implemented. Any conspiracy theorists will still think there's a back door for the government (or swiss secret service?) to listen in.

Anyone with anything really important to say would use GPG on an MP3 and maybe a lashing of stenography on top.

Re:Man in the middle (1)

Bromskloss (750445) | more than 8 years ago | (#15385633)

Anyone with anything really important to say would use GPG on an MP3
Erm, OGG Vorbis, thank you very much!

Re:Man in the middle (1)

mrogers (85392) | more than 8 years ago | (#15385896)

This page [vectrotel.ch] says it's a 4-digit hash. The man-in-the-middle would only need to generate a trivial number of keys to find one with the same hash as the authentic key (furthermore, the keys could probably be generated in advance and stored in a lookup table).

I'm not sure what you mean about a proprietary algorithm - it uses Diffie-Hellman and AES, both of which are open, peer-reviewed algorithms.

More encryption (1)

goldaryn (834427) | more than 8 years ago | (#15385624)

As someone pointed out in this thread about the governments threatening to start demanding private encrytion keys [slashdot.org] , most mobile phone calls are already encrypted to some degree already, aren't they?

That thread raises another point.. if we don't start defending some of these encroachments on our civil liberties, will this technology ever be used (except by the military and criminals)?

Ummm.... (0)

Anonymous Coward | more than 8 years ago | (#15385638)

So key exchange by DH, generate a 128-bit key... and the algorithm is?

You can have a 4096-bit key if you want, but if the encryption algorithm is shite it won't make a blind bit of difference.

After digging in the company site, the algorithm used is apparently AES. So why wasn't in mentioned in the article? Ahhh, that's right, most Slashbots get starry-eyed from the phrases "military-grade" and "carrier-grade".

BOOM! HEAD SHOT!

Re:Ummm.... (-1, Offtopic)

Kaptain_Korolev (848551) | more than 8 years ago | (#15385942)

Read one of Bruce's books, then come back when you can make a reasoned and sensible comment.

Why not get one from cryptophone.de? (5, Informative)

fe105 (146603) | more than 8 years ago | (#15385660)

Cryptophone is a company that has been making phones like this for some time already.

They employ some of the smartest crypto people, use well-known algorithms and publish their sources so you can check them yourself.

Some points... (5, Informative)

Kaptain_Korolev (848551) | more than 8 years ago | (#15385674)

Reading the comments made me cringe, so here goes....

Some points;

- 128 bit keys are probably good enough, depending on the nature of the conversation. Diffiehellman generates a per-session master secret. To this you would then apply a KDF ( Key Derivation Function ) in order to produce your session key for use with your symmetric cipher, most likely AES or 3DES, maybe even TwoFish. A new master secret is generated every time you make a call, hence the session key changes per call, this is UNLIKE your WEP key, which is constant or one value selected from a set. The consequence of this is that although it is practical to break an 128 bit symmetric key, it is NOT practical to do so in the time interval in which the call is taking place. Hence the encryption applied is strong enough for protecting calls in the short term, although if someone captured the call they could possibly decrypt it at a later date.

- GSM does feature limited cryptography. Unfortunately, and rather amusingly this encrypting is only carried out on radio traffic. Once the data reaches the base station / cell, it is sent in the clear around the cable cellular netork's backbone infrastructure.

Re:Some points... (0)

Anonymous Coward | more than 8 years ago | (#15385861)

- GSM does feature limited cryptography. Unfortunately, and rather amusingly this encrypting is only carried out on radio traffic. Once the data reaches the base station / cell, it is sent in the clear around the cable cellular netork's backbone infrastructure.

Yepp, but that is a feature and not a bug mind you. There is something called Lawful Interception where telcos in most(all?) juristicions in the world have to be able to provide LI services to the police/CIA/FBI etc.etc.. Any 'security solution' employed by telcos must have this feature. IF you want to have end-to-end security you must fix that yourself.

Honeypot? (1)

RokcetScientist (900414) | more than 8 years ago | (#15385677)

This looks like a honeypot to me. Everybody walking out the door there with one of those phones is immediately on the "terrorists watch"-list.

Triangulation... (1)

RokcetScientist (900414) | more than 8 years ago | (#15385694)

'They' may not know WHAT you're talking about on that phone, but they'll certainly know WHERE you are! An unbreakable phone conversation stands out like a lighthouse in 'their' tracking systems...

Its a good as your surroundings (2, Insightful)

rf0 (159958) | more than 8 years ago | (#15385713)

This is all great but can you trust the person sitting next to you on the bus? The stranger behind you? How many of us have eve's dropped on other peoples conversations?

Re:Its a good as your surroundings (1)

Bwian_of_Nazareth (827437) | more than 8 years ago | (#15385729)

And your point is? Why ask these obvious questions? Are you suggesting that just because you can never be absolutely secure, it is not worth trying at all?

Re:Its a good as your surroundings (1)

m50d (797211) | more than 8 years ago | (#15385830)

Yes, I always wait on a cliff for people going by having a conversation so I can drop the lovely Eve on them.

Big question is (3, Funny)

danceswithtrees (968154) | more than 8 years ago | (#15385725)

Does it work with a foil hat?

Not entirely new... (0)

Anonymous Coward | more than 8 years ago | (#15385802)

GSM phones with encryption have already existed for a while [cellular.co.za] . (The Siemens S25 that the model in the link is based on was sold around 1999).

Cryptography? (-1, Troll)

VincenzoRomano (881055) | more than 8 years ago | (#15385814)

I assume cryptography is to be used only between the mobile station and the base station.
All the rest of the conversation path would be in clear.
If this is not the case and if I were some terrorist, I'd like to have one of those phones and service!

Re:Cryptography? (2, Interesting)

lawnjam (885035) | more than 8 years ago | (#15385864)

You assume wrong; the encryption is end-to-end. It will be pretty easy for anyone eavesdropping to tell you're having an encrypted conversation though. And the eavesdroppers can still tell where you are and what numbers you are calling...

Re:Cryptography? (1)

senatorpjt (709879) | more than 8 years ago | (#15385868)

If this is not the case and if I were some terrorist, I'd like to have one of those phones and service!

Or, as it turns out, a reporter with confidential sources, or anyone in general who is opposed to current government policy.

Re:Cryptography? (1, Funny)

mrogers (85392) | more than 8 years ago | (#15385931)

Like he said, a terrorist.

Regular-use crypto (4, Insightful)

Shadows (121287) | more than 8 years ago | (#15385845)

This seems like a neat little gizmo but I doubt I'll be able to convince my girlfriend, father, sister, friends, etc. to buy one too -- so the encryption feature would actually do something. As nice as the idea is, you still need two of these phones for it to work.

There's a parallel problem with GPG or the like. Since very few people have or want to use it, sending unencrypted e-mail is the only way to communicate with most of the world.

This phone is worse than that, though, since I can download GPG/cyrpto-software-of-your-choice and even install it for someone and show them how to use it -- but I'd have to persuade them to spend money on new hardware (and then convince them to actually use it with the crypto on!) in order to use the features of this phone.

Apathy/Laziness: 1
Discerning Citizens: 0

They have the brand name all wrong (0)

Anonymous Coward | more than 8 years ago | (#15386011)

What they should really call it is the "VectroTel Terrorist PA103." You're either with us, or you're against us.

Freedom fries.

Four more years.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>