Security solution for voice and digital data communication

16 08 2012

Voice communications over the telephones can be easily tapped, by eavesdropping and interceptors attack. All public communications over the phone are not so confidential, whereas the voice communications related to defense, national security, and business sensitive discussions needs to be secure to maintain the confidentiality, Integrity and availability. These defense, national security, and business channels are always under threat by inceptor’s and man-in-the-middle, mainly enemy nations, terrorists, business competitors and rivals. Hence there is a possibility of tapping the communication cable or wireless networks.

A robust security is required for all voice communication and devices used in defense, national security, and business organizations for any data communications. These security threats on voice and data can be protected using the solutions available in growing digital world. This allows digitizing the voice or data (like some image any map, presentation) using the Digital Signal Processors and microcontrollers in case of VoIP phones [5]. Where the voice audio signals and data are digitized and communicate through Ethernet using the TCP/IP protocol.

Even if the voice or data is digitized still the intruders or man-in-the-middle are intelligent enough to decode [1] these digital voice samples and can be able to regenerate the original voice information by eves dropping on the communication channels either by active or passive channel tapping. Possible solution is by using some crypto logic to embed the crypto device [2] as part of the VoIP phones, to avoid these threats using any standard encryption mechanism to scramble the voice and key management in the communication devices like telephones, CDMA or GSM systems and CDMA and GSM Terminals.

There are lots of vendors in the market for providing the crypto devices to establish a virtual private network, which can able to provide end-to-end protection between two hosts. Either using DES, Rijndale – AES, Secure Hash Algorithm, Diff-Hellman and Key exchange protocols for authentication. But always in organization the money is big question, there will be lot of machines and phones will be used in organization, so it’s difficult to implement the crypto devices for each phone or system.

The below solution which I propose will be helpful for the telephone system design engineers and manufacturers, where they can embed this crypto device as part of the VoIP phone itself. Which is huge money saving, because IP phones will anyhow have at least one DSP and a 16 or 32 bit controller, just by selecting an industry standard encryption algorithm and key management technique one can easily embed the crypto device as part of the IP phone. At the same time, encryption algorithm and key management should be identical across the caller and the called phones.

Since user can easily connect to IP subnets using the communication terminals and users must be an authorized registered user in the IP servers. Hence they can easily expand this to computer or laptop, FAX and CDMA or GSM terminals with proper interface to route, since the IP phones use a Ethernet cable only, so they can even utilized to encrypt any digital data and transmit and receive through this device.

Solution: Digitize the analog voice input signal using the PCM codec (64 kbps) and compress the voice data using the DSP or directly feed the digital data from a computer or fax machine or laptop etc. Design a 256/192/128 bits Rijndale – AES encryption algorithm [1] running in the microcontroller, where the data and the key are fed into the microcontroller.

Figure 1: Digitized voice data Encryption using AES

Operation of AES for cipher encryption [1] by expanding the key, shift the Row, Mix columns, Replace data from look up table, Multiplication, Add round key and looping ‘n’ number of rounds. Decryption can be achieved by applying the Inverse Expand key, Shift Row, Mix Columns, Replace data from look up table, Multiplication, Add round key and Looping ‘n’ number of rounds.

Key management can be achieves using following mechanisms:

-By using specific key for communication.

-Allowing handset to select from the pool of available key at random, communication with the called party’s headset with the key exchange protocol.

-Using public key and private key methodology

Encryption on the digitized voice data can be achieved as follows:

-Consider digitized voice input in hex format as a 4 x 4 matrix / block data and consider each cell at a time.

-Add round key by making XOR with the data cells from the input cell and the cipher key cell for all the data.

-Substitute bytes by considering 4×4 data units to the first add round key block of data. Use an lookup table which includes 0 to f rows & 0 to f columns with the different lookup table hex data in 16 x 16 matrix. Considering each data unit of block and replace that data unit by the data unit of lookup table which matches with that data unit’s position. Similarly replace all data units.

-Use shift all 4 rows in the 4×4 matrix, like 0th row by ‘w’ times, 1st row by ‘x’ times, 2nd row by ‘y’ times and 3rd row by ‘z’ times.

-Mixing the data by doing the row column multiplication with the respective multiplication matrix to get the resultant 4×4 matrix.

-Finally by adding the round key for each column from the data block with the respective round key column from the Round key block and XOR them and replace the data block with the result column.

Decryption at the called handset can be achieved by inversing the above steps, can able to reproduce the actual digitized voice data, and codec can decode the data and DSP can reproduce the voice back.

With this solution telephone manufacturer can easily enhance their VoIP phone to a crypto capable phone, which saves a lot of money, instead of designing a standalone crypto device. Also organizations can save huge cost and business sensitive data with less investment by using this type of devices. The main advantage in this system they can use the same communication channel for voice and data.

__________

  1. Security in Computing, Fourth Edition, By Charles P. Pfleeger –  Pfleeger Consulting Group, Shari Lawrence Pfleeger –  RAND Corporation
  2. Hardware TCP/IP Encryption – http://www.copytele.com/pdf/DCS-1700%20Spec.pdf
  3. IP-KRYPTO cipher machine for military use – http://www.nit.eu/czasopisma/JTIT/2004/4/64.pdf
  4. Voice and Data Encryption Rohde & Schwarz SIT – crypto technology for mission-critical environments http://www.rohde-schwarz.co.in/file_18186/TopSec-Mobile-VoIP_bro_en.pdf http://www.rohde-schwarz.co.in/file_18187/TopSec-Mobile-VoIP_bro_de.pdf
  5. IP Telephone Design and Implementation Issues – White Paper William E. Witowsky, Senior Vice President Engineering & Chief Technical Officer http://focus.ti.com.cn/pdfs/bcg/ip_telephone.pdf

 

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: