If you are interested please contact us
Global IP Telecommunication - Encrypted Phone
Existing encryption schemes for VoIP audio/video telephone conversations are only secure under the assumption that the employed lightweight encryption algorithms are secure, that the telephony server is not manipulated and that no Man-in-the-Middle Attack is mounted on any endpoint.
Ninja Pro (CTI) with Type 1 Encryption entirely overcomes the shortcomings of existing encryption schemes like SRTP. The implemented encryption scheme is based on proven technology that has received plenty of peer review and that provides for real security even if financially powerful Intelligence Agencies fully control the entire route between the two endpoints of a highly secure telephony session.
Click here to read full article..
Standard VoIP encryption is based on TLS/SRTP. TLS (Transport Layer Security) performs a Diffie-Hellman key exchange with the telephony server. If this server is under control by an attacker, all secure telephony conversations are (frankly speaking) less secure than any unencrypted telephone call.
Security hole #1: The Man-in-the-Middle Attack
TLS provides no mechanism that enables users to determine if their telephones are negotiating session keys with the server or a “middleman”. This attack is widely known as Man-in-the-Middle Attack (MitM). During the phone conversation will the middleman simply re-encrypt all user data and pass it on to the respective end points. This attack has previously been mounted successfully on SSL-encrypted homebanking sessions. TLS is equally vulnerable to this attack.
Security hole #2: Who is listening?
Another, probably even more critical imperfection associated with TLS/SRTP is the ability of the SIP service provider to re-encrypt the entire telephone conversation or to decrypt voice data and to route the phone conversation via plain old analog telephone lines to one of the participants and/or to a third party. In many countries it is mandatory that the government can tap each and every telephone line. TLS/SRTP complies perfectly with such laws.
Attackers act on the assumption that somebody who uses encryption technology has something to hide and that this information is potentially valuable. Does it really make sense from the perspective of a user to employ suboptimal encryption technology with lots of built-in security issues?
Well, probably not.
Truly secure VoIP communication: The Ninja Pro (CTI) SIP Softclient with Type 1 encryption
Type 1 encryption is the highest grade of data encryption that is in general solely available to Government Agencies. Through our partner PMC Ciphers, Inc. we have access to one of the latest developments in Type 1 encryption: the Polymorphic Cipher. The underlying idea has been state secret of Germany. In contrast to conventional ciphers where it is implicitly assumed that the cipher machine is not reprogrammable, Polymorphic Ciphers utilize the key to change the parameters of their operations.
Users who rely on AES can of course alternatively configure Ninja to employ AES encryption.
Ninja with Type 1 encryption makes sure that the entire route between all participants of a highly secure telephone conversation is off-limits to anybody, including in-house network administrators, well-funded and highly skilled Intelligence Agencies. Ninja with Type 1 encryption utilizes Peer-to-Peer encryption, which means that only the end points are able to decipher audio and video data and that everybody who taps the line has absolutely no chance to listen to the communication.
Similar to SSL and TLS, ephemeral Diffie-Hellman keys are generated on each session establishment. This allows to avoid the cost and complexity of a public key infrastructure (PKI). The decisive difference to SSL and TLS is that the DH key exchange employed by the Ninja SIP softclient is executed by the endpoints only – by the telephones themselves. Any proxy or any other middleman actively taking part in the key exchange is not tolerated by the protocol.
To ensure that no attacker is present when the session key is negotiated between two end points, the “Short Authentication String” method is employed: The two users at the end points of an encrypted telephone line acknowledge a shared value displayed by the user interfaces of the two Ninja softclients. If these two values differ, a Man-in-the-middle Attack has been mounted successfully and it is indicated to stop the conversation.
This is how it works:
Ninja with Type 1 encryption features perfect forward secrecy. Keying material is destroyed at the end of each session, which deprives an attacker of the possibility to try and get hold of the key to retroactively decrypt the recorded call.
Key continuity can additionally be implemented. If a portion of the key used for a previous session is used in the next call, key continuity in analogy to SSH is provided.
As the encryption module is integrated in the telephone itself, the solution is consistent. This avoids the decisive disadvantage of “glue solutions” like ZRTP. Users can be sure that all data packets of an encrypted VoIP call are actually encrypted and only ciphertext is exchanged between the telephones of the participants of an encrypted telephone conversation.
- Tap-proof, direct connection (Peer-2-Peer).
- Secure Handshake with Diffie-Hellmann (4096 Bit)
- Encrypted conferencing
- Polymorphic encryption PMC2 or AES
- Code-Security-Check as a visual validation of the connection.