Is True Crypto VoIP Possible?

18
7715

Last year's revelations regarding NSA surveillance forced ordinary citizens, crypto researchers, and businesses to reconsider their use of software without robust security controls. Previously only a small subset of those working in the tech industry or those interested in data security used encryption, user access, words from complex passes and other security protocols.

In the wake of leaks revealing the NSA worked to weaken accepted crypto standards, even security experts are unsure if there are any techniques left that weren't compromised in some way. or another. However, that hasn't stopped consumers and businesses from claiming apps or services that can provide an extra layer of security. As a result, there has been an increase in the number of apps (for desktops and mobile devices) that claim to provide secure channels of communication between users, whether for texting or sharing pictures. .

The maximum interest seems to be in apps that provide secure calls between phones, ie. Encrypted VoIP. While businesses have generally used some form of encryption for VoIP calls, consumers have fewer options. Although Skype uses encrypted channels and is widely considered secure, the encryption only works when calls are made between users who both use the service. If a call is made to a PSTN number, the part of the call that goes through copper lines is necessarily unencrypted and open to interception. Even where full encryption is possible, such as in the case of Skype-to-Member calls, users are forced to trust Microsoft because Skype uses proprietary technology instead of open source standards.

Recently, a company called Silent Circle began offering “out of the circle” calling to its users as well as its existing Silent Phone and Silent Text services. Although this "Out Circle Calling" claims to offer a secure alternative to standard VoIP calls to cell phones and landlines, it is fairly obvious that calls are not encrypted over the entire distance traveled. If a user makes a call to a cell phone or landline, only the part of the call that goes between the user and the Silent Circle server is encrypted. This means that the call is open to interception anywhere from this point and does not offer any additional security for Silent Circle users.

Even though secure applications are more interested in secure applications than ever, the very nature of the existing voice infrastructure means that full encryption is not possible. At least not yet.


18 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here