Insecure communication

Posted by on . 3 comments.

I saw a link today to an article that describes a “secure phone”. In the article they state:
First off, you need two phones. When you place a secure call (you can also place regular calls), they perform a 1024-bit Diffie-Hellman shared secret exchange, to generate a secret 128-bit key. This process takes between 10 to 30 seconds. Only the two phones share this unique key: it is generated before each call, and deleted after each call. Once the key is generated, conversation is subsequently encrypted and your call is secure.
All I have to say is… wow. This is the biggest load of BS I’ve seen in a long time… To explain why this is BS, here’s what the DH algorithm does, in a nutshell: Two parties wish to have a shared secret to use a symmetric encryption algorithm (usually). But these two parties have never met, and they must only communicate over an insecure line. The DH algorithm provides a method such that two parties can negotiate a shared secret over an insecure line and maintain secrecy from eavesdroppers. So, in theory, what they are saying is not false. Anyone passively listening to the DH key exchange and subsequent conversation will be unable to decipher the communication. However, there is a fatal flaw. The DH key exchange is vulnerable to a man-in-the-middle attack. Alice calls Bob, and begins to establish a shared secret using DH. However, Alice and Bob are unaware that Trudy is in the middle, relaying messages between them. As a result, there are two seperate DH key exchanges completed, one between Alice and Trudy, and one between Trudy and Bob. As a result, Trudy can simply decrypt all messages from Alice and re-encrypt the messages for Bob. In the scenario of telecoms, this scenario is not far-fetched, and is probably trivially accomplished.
There is another downside to this phone. Encrypted traffic has very high entropy. What this means is that encrypted traffic is easily distinguished from unencrypted traffic. This is something that the chinese people have known for a while. If you’re trying to hide something, encryption merely makes you more noticable.
The system they should really be implementing is a public-key cryptography system with a PKI (public key infrastructure) and it should be a standard feature of every phone. Just my $0.02

Comments

  1. Chris says:
    May 23, 2006 at 12:12 pm

    hahaha

    In other news, this guy appears to get it right:

    It uses ephemeral Diffie-Hellman (DH) with hash commitment, and allows the detection of Man in the Middle (MitM) attacks by displaying a short authentication string for the users to
    read and compare over the phone.

    …But even if the users are too lazy to bother with short authentication strings, we still get fairly decent authentication against a MitM attack, based on a form of key continuity.

    -http://www.philzimmermann.com/EN/zfone/index.html

    If only I had anything worth encrypting to say…

  2. Chris says:
    May 23, 2006 at 12:19 pm

    Oh yeah, and if you read the comments on that phone you linked to, some stooges had the same thought you did, and apparently your phone’s not vulnerable either.

  3. Tim says:
    May 30, 2006 at 12:22 pm

    The real phone may not be insecure, but the imaginary phone they described was insecure. Just an example of good security misapplied. (Is misapplied a word? It is now)

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>