---------- Forwarded message ---------- Date: Sat, 2 Jun 2001 21:11:46 -0500 From: Don Davis <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: article: german secure phone http://www.newscientist.com/dailynews/news.jsp?id=ns9999819 Portable privacy A mobile phone that protects transmissions from sophisticated eavesdropping is launched in Germany A mobile phone that protects transmissions from sophisticated eavesdropping has been launched in Germany. Communications company Rohde Schwarz created the TopSec GSM phone by fitting military grade encryption hardware into an ordinary S35i Siemens mobile phone. The company expects the device to appeal to businessmen who want to protect themselves against industrial espionage and government representatives concerned about spying. "In both cases communications have to be secure," says a company representative. Ex-Nato technical expert Brian Gladman told New Scientist: "If done correctly, the encryption would be effectively attack-proof." Although the GSM standard does protect transmissions by encoding them, a number of weaknesses have been discovered with the system. These could allow sophisticated eavesdroppers to listen in. The TopSec GSM phone is designed to provide an extra, robust layer of security. The phone may not be for everyone, however. Each device costs �1800 and so far only 500 handsets have been created. These must also be bought directly from Rohde Schwarz. Private keys The handset works like any normal GSM mobile phone. But users can establish a secure communications channel when "Crypto" is selected from the customised display menu. When a number is dialled and the Crypto function selected, the phone checks to see if the device at the other end is compatible. Currently, the phone works only with other TopSec mobile phones and ISDN phones produced by Rohde Schwarz. If the device at the other end is compatible, each phone opens a data channel and exchanges its public encryption key. Using mathematically-linked private keys, the phones then establish a shared code for securing voice communications at speed. It is theoretically possible to decipher messages encrypted in this way by trying all possible keys in succession. But in practice this would require a formidable amount of computational power. Rohde Schwarz estimates that it would take 100 average desktop computers 10 years to decrypt a 10-minute phone call. Attack-proof Although the encryption itself may be secure, Gladman says it might be possible to trick the phones into giving up their secrets using a "man in the middle" attack. This would involve carrying out a dummy key exchange with both parties and creating two secure channels. Each party would be communicating securely, but only through a third eavesdropper. This technique would be beyond most industrial spies. Gladman says it might be within the capabilities of some government intelligence agencies, however. Devices that work along similar lines are already used by the US military. And this is not the first attempt to make a commercial encryption phone. US company Starium has created a device that can be attached to standard phone lines in order to secure voice communications with encryption. Web link: Rohde Schwarz http://www.rohde-schwarz.com/ 1630 GMT, 31 May 2001 - --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] -- ____________________________________________________________________ "...where annual election ends, tyranny begins;" Thomas Jefferson & Samuel Adams The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ [EMAIL PROTECTED] www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
