PGP founder unveils new VoIP security

March 23, 2006

Somewhere out there, someone is a little too curious about your data. This is the main concern of Phil Zimmermann, the creator of the industry standard PGP (Pretty Good Privacy) e-mail encryption protocol who has just debuted a new standard for encrypting Voice over Internet Protocol data. Zfone, Zimmermann's new VoIP program, incorporates a new security protocol that is being presented for peer review within the academic and Internet security communities.

Zfone, which is presently available for the Mac OS X and Linux operating systems with a Windows version to be released in a few weeks, is the continuation of PGPfone, a VoIP effort started by Zimmermann in 1996. Hampered by a lack of broadband Internet connections throughout the United States, the program was put on the back burner while Zimmermann looked into other concerns regarding online security and privacy efforts.

Ten years later, at a time where broadband Internet services have become prevalent and 11 million people worldwide use VoIP services either for home or business use, the effort can now continue.

Where most Internet security procedures tend to be intricate and technical, Zfone is designed to be robust, simple enough for anyone to use and secure enough not to leave anything left over for other users to snag and use for their own ends. In the past, encryption technologies have relied on techniques such as certificates, passwords and shared keys. While functional, these technologies rely on interaction with servers and trade data that could remain on the servers. Under Zfone's encryption protocol, no keys are traded and the necessary data for a secure connection between two parties is produced by the hardware and destroyed at the end of the call.

This may have arrived just in time. Beyond e-mail scams and viral attacks that seem to plague PC users every couple of months and keep them constantly updating bundled protection software, it's become more profitable to gather and sort any and all personal information that can be collected.

Phishing scams asking for user identification and passwords from seemingly valid companies are simply the beginning, and where these efforts leave off, more sophisticated tactics are under way. Voice data such as VoIP-based telephone calls made from an office environment can be captured and sorted into audio files using tools such as Voice Over Misconfigured Internet Telephones. From there, the software can be easily expanded upon to make sorting, filtering and categorizing the captured data easier and more specific to office personnel.

Where wiretapping and spying on an older phone system could only be done in a few ways, migration towards VoIP networks could open the doors for people looking to gather personal and sensitive data.

"With VoIP, the threat model is vastly more expansive. Imagine you have 1,000 PCs in your company and just one becomes infected with software that sniffs packets, including voice packets and captures them, sorts them in .wav packets and organizes them by who's calling who," proposed Phil Zimmermann. "You could point and click as to which calls you wanted from the CEO or the in-house legal counsel."

Zimmerman then illustrated that Zfone and its encryption protocol can both function independently as well as be integrated into both the hardware and software of popular VoIP applications and devices.

"We have to encrypt VoIP," said Zimmermann. "We have no choice."

"Ultimately, the phone networks will switch over to VoIP because it allows for better functionality and that's where both the cable and telecom networks are going," said Ross Rubin, an analyst for the NPD group, which specializes in consumer and retail trends.

"It's not difficult to spy on traditional voice networks or unencrypted Internet data," said Rubin. "The former uses a wiretap; the latter can be done with a packet sniffer."

Zfone is currently in a deployment stage wherein the program is freely available for download and will be ready for widespread deployment within a year. Zimmermann's encryption protocol has been sent along for peer review to boards such as the Internet Engineering Task Force for inclusion with current VoIP programs. Zfone's source code, which includes documentation for the new encryption protocol, has also been posted for download by anyone looking to study the code and use it in their own programs.

Copyright 2006 by United Press International

Explore further: Wiretapping Skype calls: virus eavesdrops on VoIP

Related Stories

Wiretapping Skype calls: virus eavesdrops on VoIP

September 2, 2009

(AP) -- Some computer viruses have a crude but scary ability to spy on people by logging every keystroke they type. Now hackers and potentially law enforcement have another weapon: a virus that can eavesdrop on voice conversations ...

Japan carriers brace for VoIP competition

September 28, 2005

Having the hottest mobile-phone model remains a status symbol among Japan's glitterati and school children alike, but some of the biggest changes in the telecommunications market are coming from less-apparent areas, such ...

Recommended for you

Lightning sparking more boreal forest fires

June 27, 2017

A new NASA-funded study finds that lightning storms were the main driver of recent massive fire years in Alaska and northern Canada, and that these storms are likely to move farther north with climate warming, potentially ...

EU fines Google a record 2.42 billion euros

June 27, 2017

The European Union's competition watchdog slapped a record 2.42 billion euro ($2.72 billion) fine on internet giant Google on Tuesday for breaching antitrust rules with its online shopping service.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.