(from IP) Begin forwarded message:
Subject: Security Challenges for CALEA in Voice over Packet Networks "The transmission of voice over packet networks presents new challenges in security for electronic surveillance, which is also known as Communications Assistance for Law Enforcement Act (CALEA). The major challenges are how to intercept the packets from/to the targeting devices and how to interpret and encrypt/decrypt them. It often seems that the goal of CALEA conflicts with the goals of security, yet there is an obvious need for law enforcement to intercept VoIP packets. This white paper, authored by surveys the stated security challenges and presents the technical background to help participants understand the ramifications of these issues. The author presents some solutions to security issues in VoIP networks and discusses how the industry might approach and resolve these concerns in the future." http://focus.ti.com/pdfs/bcg/voip_calea_wp.pdf Sophia Scoggins, PhD Voice over Packet Business Unit, TI (pdf - 886 Kbytes) There's a presumption stated in the paper that intercepting Voice over Packet networks (VoP) is required to 'fight terrorism', and includes a call of 'TIA must publish a new set of specifications for CALEA over Internet'. Other than the obvious use of the war against terrorism as the root password to bypass the scientific method in drawing conclusions, its informative. Either it is impractical, or we are leading to an era of licenses for internet connections, with DRM managed IP stacks and protocols. I don't see why someone can't specify protocols for VoIP phones that interact with a switch/PBX function en clair, while establishing secure communications between endpoints, or even separate secure sessions with the switch/PBX and other endpoints. It isn't apparent if anyone will be 'suitably incentivised' to use protocols where the keys can be recovered from a 'Security Gateway'. In addition to VoIP, there are several legacy voice security software packages available for PCs, and UNIX like workstations. The difference is between having access to a VoIP phone and a laptop. Voynage and the like provide the ability to determine availability of another end point on the internet. It has always been possible to establish communications by depending on out of band information, the equivalent of coming to periscope depth at 5 til midnight, or listening to BBC broadcasts for message indicators. Likewise it isn't clear traffic flow analysis isn't more important that actual intercepts. The whole thing sounds reminiscent of the tortured logic used to explain air port security measures or how Escrowed Encryption would be used to catch dumb criminals. >From a manufacturers point of view, its 'We want to manufacture VoIP phones that can be tapped, but you'll need to twist the internet into this shape.' You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
