RE: Newbee ..- encrypted calls/SMS
Yea, fair enough. After listening to you guys I think I definitely like the idea better of the GSOC project with PGP SMS used to initate a VPN, which could then do a VOIP session. If the two phones are both connected to wifi then a SMS initated VPN would end up ringing the other end, if it was automated. An attacker would have no info on who called who, from where, and for how long. All information that would normally be available to "the man" (in the middle) if it was a cellular conversation. Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Pottage Sent: Friday, April 25, 2008 11:39 AM To: List for Openmoko community discussion Subject: RE: Newbee ..- encrypted calls/SMS On Fri, April 25, 2008 2:18 pm, Crane, Matthew wrote: > Yes, I understand that, that is why I'm thinking of this approach. My > idea was to use analog voice transforms and their inverse with > properties that would preserve most of the codec performance. But it > would be awfully difficult to sync up the inverse on the other end > without a data connection, I expect that with voice calls that delay can > be added and removed without warning. I don't think this is a practical idea, even if it would work (which I doubt). The problem is that unlike cyphers like PGP, analogue audio cyphers are fairly easy to break with modern computers, and anyone attempting to eavesdrop on your voice call will quite well resourced. Analogue audio scramblers are probably helpful for wired phone calls where you might be worried about a low tech attack such as a Hotel telephonist recording your phone call to your mistress, and then using it to blackmail you, but for GSM calls, the air interface between your handset and the base station is usually encrypted using the A5 cypher. So the only way someone can listen to your call is by having access to the telephone company switch. This could be via hacking, a corrupt employee, or lawful intercept. Either way the eavesdropper is likely to have access to all the equipment he needs to decrypt a simple voice scrambled call. The way I see it, the only way you can get encrypted voice calls is either to wait until both you and the other party are near WiFi access points, and do it over VOIP, or to do VOIP over GSM, and put up with the huge latency, which will give you a walke-talkie like connection. -- David Pottage Error compiling committee.c To many arguments to function. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
RE: Newbee ..- encrypted calls/SMS
On Fri, April 25, 2008 2:18 pm, Crane, Matthew wrote: > Yes, I understand that, that is why I'm thinking of this approach. My > idea was to use analog voice transforms and their inverse with > properties that would preserve most of the codec performance. But it > would be awfully difficult to sync up the inverse on the other end > without a data connection, I expect that with voice calls that delay can > be added and removed without warning. I don't think this is a practical idea, even if it would work (which I doubt). The problem is that unlike cyphers like PGP, analogue audio cyphers are fairly easy to break with modern computers, and anyone attempting to eavesdrop on your voice call will quite well resourced. Analogue audio scramblers are probably helpful for wired phone calls where you might be worried about a low tech attack such as a Hotel telephonist recording your phone call to your mistress, and then using it to blackmail you, but for GSM calls, the air interface between your handset and the base station is usually encrypted using the A5 cypher. So the only way someone can listen to your call is by having access to the telephone company switch. This could be via hacking, a corrupt employee, or lawful intercept. Either way the eavesdropper is likely to have access to all the equipment he needs to decrypt a simple voice scrambled call. The way I see it, the only way you can get encrypted voice calls is either to wait until both you and the other party are near WiFi access points, and do it over VOIP, or to do VOIP over GSM, and put up with the huge latency, which will give you a walke-talkie like connection. -- David Pottage Error compiling committee.c To many arguments to function. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
RE: Newbee ..- encrypted calls/SMS
It does not take full encryption to ensure privacy. Privacy being that without the inverse transform: - words are not resolvable - voices cannot be matched to the callers - any aproxmized inverse performed by a third party would result in something that is not usable in a legal context. Really, voice calls have to be pretty clear as is for transcripts to be admitted in court. There is large leeway given to legal entities producing transcripts, with interpretation of mumbles and the selection of what parts of the conversations that are transcribed (e.g. marking conversations as "unintelligble" that are favourable to the person being investigated). But I expect you're right, it's too difficult and not practical. Not compared with the alternatives. I like secure VOIP initiated from encrypted SMS. A wireless connection is always available in a big city. Once the IP addresses have been transmitted securely the conversation is anonymous and no record will exist, even of the duration of the conversation. Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ian Stirling Sent: Friday, April 25, 2008 9:24 AM To: List for Openmoko community discussion Subject: Re: Newbee ..- encrypted calls/SMS Crane, Matthew wrote: > Yes, I understand that, that is why I'm thinking of this approach. My > idea was to use analog voice transforms and their inverse with > properties that would preserve most of the codec performance. But it > would be awfully difficult to sync up the inverse on the other end > without a data connection, I expect that with voice calls that delay can > be added and removed without warning. > There are no simple voice transforms at all that will get through the codec, and actually encrypt. Voice changing is possible, but encryption is not. You _cannot_ - for example - exepect frequency inversion - to get through the codec chain. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Newbee ..- encrypted calls/SMS
Flemming Richter Mikkelsen wrote: There are no simple voice transforms at all that will get through the codec, and actually encrypt. Voice changing is possible, but encryption is not. You _cannot_ - for example - exepect frequency inversion - to get through the codec chain. What about correlating (multiplying) the input signal with a different signal (encoding) and in the other end extract your signal (decoding) by removing the added signal? If it does not sound like voice when it leaves the phone, it will be massively and unpredictably distorted by the codecs. In a call between two GSM phones, there are at least two encode/decode with occasionally different codecs between the microphone on one side, and the speaker on the other. You cannot (usually) pick the codec. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Newbee ..- encrypted calls/SMS
> There are no simple voice transforms at all that will get through the codec, > and actually encrypt. > Voice changing is possible, but encryption is not. > > You _cannot_ - for example - exepect frequency inversion - to get through > the codec chain. What about correlating (multiplying) the input signal with a different signal (encoding) and in the other end extract your signal (decoding) by removing the added signal? -- Please don't send me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html Join the FSF as an Associate Member at: http://www.fsf.org/register_form?referrer=5774> Free your mind - Open(moko) your phone ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Newbee ..- encrypted calls/SMS
Crane, Matthew wrote: Yes, I understand that, that is why I'm thinking of this approach. My idea was to use analog voice transforms and their inverse with properties that would preserve most of the codec performance. But it would be awfully difficult to sync up the inverse on the other end without a data connection, I expect that with voice calls that delay can be added and removed without warning. There are no simple voice transforms at all that will get through the codec, and actually encrypt. Voice changing is possible, but encryption is not. You _cannot_ - for example - exepect frequency inversion - to get through the codec chain. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
RE: Newbee ..- encrypted calls/SMS
Yes, I understand that, that is why I'm thinking of this approach. My idea was to use analog voice transforms and their inverse with properties that would preserve most of the codec performance. But it would be awfully difficult to sync up the inverse on the other end without a data connection, I expect that with voice calls that delay can be added and removed without warning. But in terms of complexity and chance of success, it does seem like the encrypted SMS is both practical and feasible, compared to any sort of voice encryption. Maybe a composite solution? Secure voip session initiated by encrypted SMS? Is there a benfit to using smartcard SAMs for encrypted peer2peer communications with OpenMoko? SD card with SAM: http://www.sdid.com/products1010.shtml Or the GPG fellowship card: http://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ian Stirling Sent: Thursday, April 24, 2008 4:31 PM To: List for Openmoko community discussion Subject: Re: Newbee wants to kick start - encrypted calls Crane, Matthew wrote: > Not sure if there's a specific project, I'm hoping to do some sort of > "analog" encryption, with audio effects and inverse effects, such that > it does not need to be digitally decoded, where the excellent pattern > recognition engine in the brain does most of the work. > You can't do much. It has to 'sound' voice-like to the multiple codecs in the signal chain of a GSM call, or the codec just discards the sound. Listen to a voice over a good GSM line. It's quite well reproduced. Now, listen to an assortment of music. Some will come out quite well, and be reproduced much like they came out. Some are utterly shredded. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community