Privacy Guru Locks Down VOIP By Kim Zetter
Story location: http://www.wired.com/news/technology/0,1282,68306,00.html
10:20 AM Jul. 26, 2005 PT
First there was PGP e-mail. Then there was PGPfone for modems. Now Phil
Zimmermann, creator of the wildly popular Pretty Good Privacy e-mail
encryption program, is debuting his new project, which he hopes will do for
internet phone calls what PGP did for e-mail.
Zimmermann (http://www.philzimmermann.com/EN/background/index.html) has
developed a prototype program for encrypting voice over internet protocol,
or VOIP, which he will announce at the BlackHat security conference in Las
Vegas this week.
Like PGP and PGPfone, which he created as human rights tools for people
around the world to communicate without fear of government eavesdropping,
Zimmermann hopes his new program will restore some of the civil liberties
that have been lost in recent years and help businesses shield themselves
against corporate espionage.
VOIP, or internet telephony, allows people to speak to each other through
their computers using a microphone or phone. But because VOIP uses
broadband networks to transmit calls, conversations are vulnerable to
eavesdropping in the same way that e-mail and other internet traffic is
open to snoops. Attackers can also hijack calls and reroute them to a
different number.
Few people consider these risks, however, when they switch to VOIP.
"Years ago, people kind of stumbled into e-mail without really thinking
about security," Zimmermann said. "I think that what's happening today with
VOIP is that we're kind of stumbling into it (as well) without thinking
about security." People don't think about it, he said, because they're used
to phone calls being secure on the regular phone system -- known as the
Public Switched Telephone Network.
"The PSTN is like a well-manicured neighborhood, (while) the internet is
like a crime-ridden slum," Zimmermann said. "To move all of our phone calls
from the PSTN to the internet seems foolish without protecting it."
Interest in VOIP is growing rapidly because the user pays less for the
service and pays no long-distance toll charges. Some services are free.
According to one recent survey, 11 million people worldwide use a
subscription VOIP service, compared to only 5 million in 2004, and at least
another 35 million use free VOIP services. That leaves a lot of people
potentially open to eavesdropping.
It's not as easy to eavesdrop on VOIP as it is to intercept and read
e-mail. Phone conversations aren't stored or backed up where an attacker
can access them, so the conversations have to be captured as they occur.
But a program available for free on the internet already allows intruders
to do just that. Using the tool, someone with access to a local VOIP
network could capture traffic, convert it to an audio file and replay the
voice conversation. The program is called Voice Over Misconfigured Internet
Telephones, a name clearly chosen for its catchy acronym -- VOMIT.
Bruce Schneier, chief technology officer of Counterpane Internet Security
and author of the Crypto-Gram newsletter, said that the need for VOIP
encryption is a given.
"If you're concerned about eavesdropping, then encryption is how you defend
against it," he said. "And it's not that hard to do. It's just a matter of
writing the code."
But David Endler, chairman of the VOIP Security Alliance industry group
(http://www.voipsa.org/) and director of security research at TippingPoint,
said a protocol for encrypting and protecting VOIP data already exists and
companies are starting to make VOIP phones that support the protocol. But
he said that people typically don't enable the encryption option.
"Probably because we're not seeing attacks yet," he said.
He said most users are less concerned with eavesdropping than with having
VOIP service that provides the same quality and reliability that they
expect from regular phone service.
"Some people can see clearly that there's a need for this, and others
wonder if anyone cares about protecting phone calls," Zimmermann said. "But
those are the same people who wondered why anyone would want to protect
e-mail. I think as people gain experience with VOIP they're going to have a
great appreciation for the need to come up with extra measures to protect it."
Endler also said that companies using VOIP are reluctant to implement
encryption because of the overhead involved in managing the public key
infrastructure, or PKI.
"You have to be able to store a key on most of these end points," he said.
PKI requires two keys for encryption: a public key that a user gives to
anyone who wishes to communicate with him or her, and a private key, which
decrypts messages that the user receives.
That won't be a problem with Zimmermann's system, which doesn't use PKI.
Zimmermann said PKI is unnecessarily complex for VOIP.
"There's no need to centrally manage public key infrastructure to make a
phone call, in my view," he said.
He won't elaborate on how his system works but is preparing a protocol
document that will describe it in detail, which he'll post on the internet
when the program is ready.
The program is currently only a working prototype and still has
non-security bugs that need to be worked out. For example, sometimes the
program fails to hang up after a call, forcing the user to exit the program
to end the call.
It's designed for a Mac, but will be adapted for PCs before Zimmermann
makes it available for download. He's looking for investors to back a
startup company that will support the product and oversee its distribution.
Zimmermann envisions it both as an add-on for manufacturers to put into
VOIP phones and as a software client that users can install on their laptop
to use when they don't have a VOIP phone with them. Both parties in a
conversation will need to have the software on their phone or computer. If
only one person has it, the call will still go through but it won't be
encrypted.
It's been a while since Zimmermann came out with a new encryption product.
He released PGP in 1991; it was another five years before he released
PGPfone to encrypt data passing between modems.
Who could blame him for laying low for a while after the Justice Department
launched a three-year criminal investigation of him in 1993? Officials
accused him of violating a ban on exporting cryptography when he made PGP
available for download on the internet. The government finally dropped its
investigation in 1996.
The export laws were relaxed in 2000, so at least they're no longer a problem.
"There's a lot more crypto in the computer industry now than there was in
the '90s," Zimmermann said. "And there's not much authorities can do about
it now because we went through this struggle with them in the '90s and we
won."
Zimmermann isn't taking chances, however. He worked closely with a law firm
that specializes in export controls and filed the required paperwork with
the Commerce Department notifying the government that his product exists.
Still, he delayed producing VOIP encryption after the Sept. 11 terrorist
attacks, because the climate wasn't right.
"I was concerned that maybe this would attract some criticism," Zimmermann
said. "I just felt that maybe the government had their hands full with
enough problems, and I also needed to concentrate on other consulting
projects to make money."
Zimmermann received hate mail after 9/11 from people who accused him of
aiding the attackers by creating a program that allowed terrorists and
criminals to shield their correspondence from authorities.
The Washington Post erroneously reported shortly after the attacks that
Zimmermann was overwhelmed with guilt over the possibility that terrorists
might have used PGP to plan their attacks.
What he actually said was that he was sorry if al-Qaida used the program,
but that this was the trade-off for having a tool that could protect
everyone's privacy -- some people would use it with malicious intent.
Overall, he said, the world was better off with cryptography in the hands
of the masses rather than just in the hands of government.
Zimmermann is hoping people will accept his new program with the spirit in
which he created it.
"Because there are a lot of people who are concerned about the erosion of
civil liberties that the Patriot Act brought," Zimmermann said. "I'm hoping
that more people would approve of this project than disapprove."
Ultimately, however, he said that his encryption program was not about
politics, but about the need for protecting critical infrastructure.
---
You are currently subscribed to telecom-cities as: archive@mail-archive.com
To unsubscribe send a blank email to [EMAIL PROTECTED]
To set DIGEST mode and only receive one list message per day with all the daily
traffic, please visit the list website at
http://www.informationcity.org/telecom-cities
