U.S. President Barack Obama’s dilemma over the security of his BlackBerry has given rise to an increased interested in systems that can scramble voice calls to avoid interception.
At this year’s Cebit trade show, mobile device security vendors rolled out an array of systems for governments and companies looking to protect their voice calls.
In some cases, employing mobile voice encryption can save companies money, as it can allow top-level executives to discuss sensitive information without needing to travel to secure company offices, said Christoph Erdmann, managing director and founder of Secusmart, which makes a flash card with hardware-based encryption for voice calls.
Erdmann used to work in security in Nokia. He frequently had to travel to Finland to discuss important company information to avoid speaking over a phone.
Nokia eventually decided that the market for super-secure devices was too small, so Erdmann started his own company to provide higher security for Nokia smart phones.
Secusmart’s microSD flash card, called SecuVoice Version 1.0, fits into Nokia Series 60 devices, which are frequently issued to government employees. The software is installed on the phone when the card is first inserted into a device.
Secusmart’s card uses Elliptic Curve Cryptography, a proven method for establishing a secure connection between two devices. It’s also faster than using the RSA algorithm, which employs large keys or certificates that increase the time needed to connect a call by up to 15 seconds. ECC does it in under five seconds.
“In mobile systems, every bit counts,” Erdmann said.
Voice calls are encrypted using 128-bit AES (Advanced Encryption Standard) keys. The card is tamper proof. It has been approved by Germany’s Federal Office for Information Security, which tests IT security products for the government, for use at a “restricted” classification, the lowest rank for sensitive material, Erdmann said. The microSD card costs €2,200.
Another option for encrypted voice is a system from Rohde and Schwarz of Munichy. Their 55-gram TopSec Mobile device encrypts voice calls using 128-bit AES keys. In a few months, the company will upgrade it to accommodate 256-bit AES keys, said Henning Krieghoff, Rohde and Schwarz’s president.
The device, which resembles a small phone but without number buttons, is carried along with the person’s regular mobile phone. It encrypts the voice traffic and then sends that data through the user’s regular mobile via Bluetooth.
While a person has to carry two devices, the system offers the advantage of being compatible with nearly every mobile device with Bluetooth, said Mark Dencker, product manager. TopSec Mobile costs €1,800.
The company also offers a desktop encryption appliance for ISDN (Integrated Services Digital Network) lines, the TopSec 703. It costs €1,200. Secure calls can then be made between mobiles and normal desk phones.
Also in Cebit’s security hall are Caspertech of Torino, Italy, and Compumatica of Aachen, Germany. The two companies rolled out two encryption products at Cebit that are now under evaluation by the Netherland’s National Communications Security Agency.
One product, CompuGSM, is an entry-level model that does voice encryption. Users can opt to add SMS (Short Message Service) encryption, said Petra van Schayik, a manager at Compumatica.
The higher-level version is CompumaticaGSM, which includes a key management station that helps administer keys to a large number of devices, said Pavel Ivanov, program manager for Caspertech.
CompumaticaGSM will encrypt SMS and e-mail in combination with the CompuWall firewall. It uses 256-bit AES keys, but is also capable of substituting a different encryption algorithm in the software, Ivanov said.
Both products are only compatible with mobile devices made by HTC running Microsoft’s Windows Mobile operating system. Pricing has not been released yet, but it will be on a per-use basis, van Schayik said.