cryptoManiac PDF Print E-mail

Introduction

In the current world security becomes more and more important. You personal information, your contacts, notes, mostly everything become a value that can be treated as critical for your business.

VoIP is a new and innovative communication channel for your business. You should also think about the security for it and the significance of it keeping it as safe as possible.

One main aspect of VoIP technology is that it gives you the possibility to secure your calls more than a standard phone company can ever offer. You can protect your calls from interception, you can protect data from being decrypted and the most interesting part of it is that you can protect your calls from any intrusions.

Overview

Technologies that are in the depth of our client are well known and accepted standards in the security world. They guaranty your safety and reduce the risks of security failure to a minimal. Our client is available for all major business platforms: RIM BlackBerry, Symbian OS, Windows Mobile, Android and iPhone.

What our client is and how does it protect your calls? Let's take a close look. The possible security risks are:

  • interception of the "fact of call";
  • interception of Voice;
  • interception of Data, like: files, contacts, SMS or IM;

Our client provides several layers of protections that eliminates the possibility of applying this kinds of intrusion.

"Fact of call" Interception

"Fact of call" is like declaring to everyone that you are doing something. For example you are in the process of signing an important agreement with a big vendor like Google. If such information becomes open to someone it can influence you, Google and everything you are doing. Google stocks can go up or down, your agreement can be broken, your market competitors can offer something to Google that will break your bright future. So keeping the "fact of call" in secret is very important. 

Our client solves this risk by applying the call initiation without the usage of any external servers. Two VoIP clients connect to each other directly without any help from outside that makes the interception of "fact of call" impossible to get. (This is not complete true, because our clients have to find each other in the internet and that requires an external server, but secured communication with a trusted SIP server won't give anyone access to what kind of information you have access to and what you have requested.)

Secured connection to the SIP server is done by using the TLS/SSL technology. And remember that the important part of eliminating that security risks is the use of trusted servers. Trusted servers we know:

  • Server Name - [REGISTRATION LINK!]
  • Server Name - [REGISTRATION LINK!]

Interception of Voice

Initiation of call is protected. But what about of the voice that we broadcast on the internet? Is it also protected?

Our client protects the voice on several layers. First layer is the usage of secured sockets, also known as TLS/SSL. Their usage guaranties that channels between you and your phone abonent will be secured. The second layer of protection is the usage of SRTP (Secured Real-time Transport Protocol). Its usage enables encryption of the media content, like voice, during the communication. So the client provides a secured channel and even more, providing that the data transferred by that secured channel is also secured.

Typical communication between two VoIP clients looks like on the image left. Well known servers are used for the communication, that route the voice from one client to another and in the other direction. Instead of a usage of external servers for the communication we make a direct connection between the clients. See the  difference on image on the right. As you see, we do not use an external server in the communication, that makes the call safer and more protected.

Interception of Data

VoIP also gives a greater flexibility in comparison to an ordinary phone. During the call you can send files, text messages, contacts etc. How do we protect that?

The usage of secured sockets technology - TLS/SSL, is also used in the background. This providies us with a secured channel for data exchanges. All data is encrypted in two phases by AES and the Twofish crypt algorithm with extra long keys. Exchange of keys between the clients is done by 4096 Diffie-Helman.

Screenshot

[PLACE GALARY OF SREENSHOTS HERE!!!]

Technical Info

Crypto API in use

  • AES
  • Twofish
  • Diffie-Hellman

Security highlights

  • Connection between clients is established by P2P (point-to-point) topology;
  • Random keys generation based on microphone noise;
  • All keys never used twice and are regenerated on each call;
  • All information about the call is being deleted from phone after hang-up;
  • Traffic routing done by STUN/TURN/ICE protocols that exclude usage of external servers during communication;

Tested devices

            Android: HTC G1;
            Windows Mobile: HTC Touch HD, HTC Diamond;
            Symbian OS: Nokia N95, Nokia N96;
            BlackBerry: Bold 9000, Storm 9530;
            iPhone: iPhone and iPhone 3G.

Support

In case of any troubles with cryptoManiac mobile client we will gladly assist you. Please contact us using our online web form. Our response time is less then 48 hours, on working days the response will be in several minutes to hours. Thanks.

RELATED ARTICLES

  1. The Top 5 VoIP Security Threats of 2008
  2. VoIP security threats: Fact or fiction?
  3. Security Threats in VoIP
  4. The biggest VoIP security threats and how to stop them
  5. IP Telephony (VoIP) Security: Threats, Defenses and Countermeasures
  6. Making Sense of VoIP Security Threats

 

 
  GoTo Downloads




Fast Links

Customer Quotes

Elliot Smoke, Smart Consulting Gmbh told us:

Today our partners have announced the beta release of the products sipManiac and cryptoManiac to us. We, as a company specialized on VoIP solutions, are trying out all of the existing applications on the market. sipManiac and cryptoManiac ideas are very good, though the early release still requires some fixes, but the potential is great and the usability is one of the best we've seen. Keep on going! You are doing a good job. We are anxiously waiting now for the next release.

Like it? Share it!