End-to-end encrypting US GSM phones?
Ryan Lackey
ryan at havenco.com
Sat Dec 29 03:56:01 PST 2001
I'm unclear why Lucky dislikes the Sectra Tiger (www.sectra.se); the
key management is not what I'd like, but seems designed specifically
for hierarchical military or corporate organizations, which is the only viable
market for a EUR 2500 encrypting cellphone.
I think the most cost-effective voice crypto solution today is a
bluetooth-enabled cellphone, a bluetooth-enabled PocketPC (ipaq) with
fast ARM, and then conventional encrypted-voice software (such as
speak-freely) running over PPP over bluetooth. It would be fairly
easy to develop a belt or briefcase cellphone, handheld PDA with audio
I/O via headset worn on the belt or held in the hand (or, using an
Ericsson headset, stored in a briefcase as well), . System cost USD
1000 or less, entirely COTS consumer hardware and open-source
software, and you get a free normal GSM cellphone, high-spec PDA
(==ecash terminal), and equivalent ease of use to the very best
cellphone (as you would be using a headset, carrying the phone and
processor separately). If you're concerned about rf monitoring on the
local bluetooth side, you could substitute a wired headset/microphone;
if you're concerned about the general unavailability of
bluetooth-enabled fast PDAs, you could with an ease of use penalty use
IrDA.
I don't believe a dragonball could do viable voice crypto (especially
compression), at least without a coprocessor card, but perhaps it
could, and it certainly could support encrypted SMS.
You could possibly use your own non-standard link protocol, vs. PPP,
if you are concerned about latency, but it should be relatively easy
to achieve 100-200ms latency on cell to cell communications.
The benefit of using software which exists on general purpose machines
and TCP/IP over the link is of course that normal desktops could be
used as secure phone terminals as well, and
I think there really isn't much demand for voice crypto in the
marketplace, outside the military and defense-mandated commercial
contractor use. When audio I/O-enabled PDAs, bluetooth cellphones,
etc. are widely deployed, perhaps this will change (plus, bluetooth or
802.11b PDAs could serve as cordless phones with IP-IP or VoIP calling
when in range of a legitimate or borrowed network).
I've used speak-freely on a unix laptop for years, using IP transport
of opportunity, and with a good headset/microphone, it seems to meet
my needs for secure voice.
The other reason for using PPP-Voice is to abuse cell providers; in
the UK, for instance, I have a GBP 75/month unlimited-calling phone
(UK numbers); I could easily use this to dial in to a UK-based phone
with HSCSD and a fast IP connection at 14.4kbps, and then use IP-IP or
a VoIP bridge to get cheaper or free international calling; encrypted
by default to the gateway, and possibly to the other end if supported.
--
Ryan Lackey [RL7618 RL5931-RIPE] ryan at havenco.com
CTO and Co-founder, HavenCo Ltd. +44 7970 633 277
the free world just milliseconds away http://www.havenco.com/
OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F
More information about the cypherpunks-legacy
mailing list