Security Analysis for Mobile VoIP

Advantages of Scrambl3

Dr. Yongge Wang (Security Officer, USMobile)

Scrambl3 is the first commercial implementation of NSA’s Mobility Program (also known as the “Fishbowl Project”). Fishbowl uses publicly reviewed mature technologies to protect US Government classified mobile communications up to “Top Secret” level. In a Fishbowl architecture, point-to-point security is achieved by NSA recommended two layered defense in depth approach (see, NSA, Defense in Depth). Specifically, all end devices need to establish the first layer VPN channel to the corporate networks before any communication could be further initiated. This will keep all information flow within the corporate perimeter. After the first layered VPN protection, the actual voice/text communication is protected via a second layer of encrypted channel, which is nested within the first VPN channel.

Secure VoIP and Secure phone call technology is not a new concept. There have been various products available in the markets such as SDP based SRTP, ZRTP, and Skype. However, Scrambl3 is the only solution that is based on publicly reviewed open standards. These standards are approved by NIST/NSA for the protection US Federal confidential information and have been widely deployed in the industry for the protection of corporate confidential information.

We summarize the characteristics of different technologies in the following table:

SDP based SRTP ZRTP Skype Scrambl3
Layered protection NO NO NO YES
Key agreement In clear text or protected in one TLS layer Out band proprietary SAS scheme (based on voice) Proprietary Standardized techniques and protected via two layer: VPN and TLS
Information flow within secure perimeter NO NO NO YES
Publically reviewed techniques YES NO NO YES
Security concerns YES YES YES NO

In the above Table, there is a “security concerns” row and three other techniques are marked with “YES” label. Some elaboration is presented here. The security concern for SDP based SRTP is obvious. The sessions are included in the SDP message in clear text, which may or may not be protected by the TLS layer. One layer protection of the session key is not sufficient according to the defense in depth principle. History has told us that cryptographic algorithms and protocols should never been invented in a closed-door environments. All cryptographic algorithms and protocols should be extensively reviewed by academic researchers, government agencies (e.g., NSA/NIST), and industry before they are deployed for the protection of confidential information. For example, Skype uses home-made proprietary technologies to achieve end-to-end encryption. However, it has been reported that several government agencies developed the automatic tools to eavesdrop on all Skype conversations. The examples are:

  1. MINIATURE HERO by GCHG: this tool can record real time Skype calls (Skype Out and Skype to Skype) and bidirectional instant messaging in clear text. This tool will also record contact lists.
  2. NSA’s Prism program which can eavesdrop all Skype communications.

There are numerous examples in the industry that show proprietary technologies should not be used for confidential information protection. Based on this practice, we marked ZRTP as “YES” to security concerns since we feel that the underlying techniques need further examination by the public works. Some blogs on the Internet have similar concerns. For example, in the blog “A Few Thoughts on Cryptographic Engineering”, it lists some concerns that ZRTP is “partially closed-source and having received no real security audits.”

On the other hand, Scrambl3 uses mature technologies such as VPN and TLS. These technologies have been commonly used to build secure perimeters for protecting enterprise information.

Furthermore, there are obvious advantages of Scrambl3 systems for Enterprise environments. Most companies have already deployed VPN systems for their employees to work remotely or with mobile devices. Thus deployment of Scrambl3 to these enterprises is both financially and technically durable and there is a natural marriage between the Scrambl3 techniques and existing Enterprise infrastructures.