[I saw this on /. well before Jim posted his pointer.]
This is actually an interesting device. It claims to supply
end-to-end encryption, using a data channel to ship
encrypted, digitized voice.
The stats are tantalizingly vague. It uses a 'combination of
DIffie Helman and 1024 bit RSA' to set up the session key,
and then an unspecified '128 bit symmetric algorithm' for
bulk encryption.
There is no info on certs, randomness sources, MITM attack
protection, or authentication. No data on escrow, backdoors,
or restriction on customers. It appears that prototypes have
been around for over a year. I've written to Siemens for more
info.
At 6000 marks it's damn expensive, and clearly suffers from
a 'first fax machine' problem: who're you gonna call with this?
Peter Trei
PS: Since I use a Microsoft product for email, I fully
expect the links at the end will be mangled.
pt
-------------------------------------
Handy encodes discussions on push of a button
Germany first Krypto Handy goes now into series
production. Outwardly the encoding Handy resembles Siemens a
S35i, but the TopSec GSM device mentioned brings the
measuring technique specialist Rohde and black on the
market. Originally the development was advanced by the
Siemens area information and Communication mobile, until
Rohde and black at the beginning of of May took over the
business segment hardware encoding of Siemens.
Because conventional portable radio connections did not
guarantee a complete privacy, Siemens researchers already
developed a procedure, which makes a secured connection with
genuine end to the end encoding in the Handy on push of a
button one year ago. The Clou: The TopSec GSM " simulates "
a speech transmission; the Handy for encoded discussions
actually opens a GSM usual data channel however instead of
the voice channel. This permits it to transfer encoded
contents unchanged and transparency between two compatible
receiving stations.
For the setting up of a normal unencrypted connection one
selects like used the call number of its interlocutor. If
the telephone call is to be encoded however, then one
presses an accordingly programmed soft key before the push
button. The device switches then into the data mode; an
additionally inserted, only stamp-large module codes and
scrambles the exchanged data so thoroughly that even secret
services cannot monitor, so the manufacturer. The safe
connection can be however only structured, even if the
interlocutor is attached a suitable Handy had or its ISDN
telephone to a suitable encoding module.
The devices of the communication partners exchange a new
128-Bit-Schluessel with each connection establishment. Each
mark is selected another of 10^38 codes the available by
coincidence procedures. " thousand Pentium computers would
have to count over ten years, around the wording of a
zehnminuetigen Telefonates to decode ", schwaermt a
technician of the new procedure.
Theoretically everyone may acquire the Handy, but the cost
price of approximately 6000 Marks might limit the set of the
buyers drastically. In some countries is besides the
application of the encoding technique expressly
forbidden. First user of the TopSec GSM is the German
Minister of the Interior Otto Schily; he got a device from
the pilot lot given ( Gerard Ducasse ) / ( dz / c't)
--------------
Further tidbits at
http://w4.siemens.de/cebit/eng/business/electron/security/gsm/index.htm
---------------
Press release
http://w4.siemens.de/en2/html/press/newsdesk_archive/2000/end00121.html
----------------
Flier at
http://w4.siemens.de/en2/html/press/newsdesk_archive/2000/end00121pdf.pdf
-----------------
more info
http://crypto.mchh.siemens.de/produkte/hardware/topsecgsm/topsecgsm_char.asp
?lang=eng
