Where mobile IP goes, security concerns follow
Mix of cellular and IP connections gives power to unified communications but also creates vulnerabilities
There are different terms for it — voice over IP, IP telephony, unified communications. But however you say it, the convergence of voice communications and Internet connectivity provides new functionality that is driving user expectations.
“The end user wants to be able to communicate anywhere, from any device,” said David Hawkins, unified communications practice manager at Iron Bow Technologies.
Those expectations are driving the adoption of mobile IP in the enterprise. Voice applications for users have matured during the past few years, and increasingly powerful mobile devices that use a mix of traditional cellular and IP connections are being widely adopted in the enterprise. “Where we are playing catch up is in their integration into the network infrastructure,” where efforts must be made to ensure that functionality does not degrade security, Hawkins said.
One infrastructure that integrates VOIP is the Defense Department’s Defense Switched Network (DSN), DOD’s nonsecure dial-up voice service based on traditional Time Division Multiplexing. “Over the last eight years, we have been working very aggressively with DOD because there is an effort to deploy VOIP,” Hawkins said.
Mobile IP is the voice -- and data -- of the future
Commerce to test 4G technology for public safety network
Under the recently renamed Unified Capabilities (UC) program, the Defense Information Systems Agency has begun testing the use of VOIP via the nonclassified portion of the Defense Information Systems Network, which is DOD's data network. DISN includes the Unclassified but Sensitive IP Router Network and Secret IP Router Network.
“UC will allow DOD organizations to connect VOIP products directly to the DISN-NIPRNet for DSN service,” DISA said in a statement about the program. “Over the next 10 years, the DSN backbone is expected to largely migrate to UC.”
The Joint Interoperability Test Center is developing unified capabilities requirements, and only JITC-approved products are allowed to be used on the unclassified network. To provide the security for classified VOIP up to the secret level, DOD has a separate global network named Voice Over Secure IP, which operates via SIPRNet.
“VOSIP is nothing more than VOIP over a secure infrastructure, initially,” Hawkins said.
This works for DOD because the department owns the backbone that connects VOSIP enclaves to the rest of the network. But for many enterprises, when new functionality such as VOIP and mobile access are available on a network, the internal networking policies and controls are difficult to enforce for devices coming into the network from outside.
Trellia Networks offers a mobile policy management platform that consists of an agent on the mobile device that enforces policies pushed from a server. It can automatically enforce requirements for secure connections when users connect remotely using VOIP, said Raffi Tchakmakjian, the company’s vice president of product management.
“The user doesn’t have to open up software to get connected and doesn’t have to select any network,” he said. The agent automatically selects and manages the voice connection based on policy.
The security concerns of mobile voice communications are not confined to the enterprise network. Traditional cellular service, which has long been considered difficult to intercept, is becoming vulnerable. In recent months, experts have published a lookup table for GSM mobile phone encryption keys and released an open-source software kit that can enable the interception of calls with less than $2,000 worth of commercial equipment.
“This changes the threat profile for mobile telephone interception,” said Simon Bransfield-Garth, chief executive officer of Cellcrypt. By reducing the threshold of entry for cell phone interception from about $100,000, the attacks can become mainstream. “This used to be something governments did to each other. Now it’s something much more widely available.”
The attack is significant because GSM, or the Global System for Mobile Communications standard, is the dominant standard for cellular service globally, with about 3.5 billion users — or 80 percent of the global market in more than 200 countries. North America is one of the world’s significant holdouts, with about half of its cellular service based on TDMA, or Time Division Multiple Access technology. But use of GSM is growing here, and organizations with officials who travel abroad must deal with the vulnerability of GSM. Bransfield-Garth said his company’s primary market in the United States is federal agencies with overseas staff members.
GSM technology dates to 1988 when cell phones had little computing power, and strong encryption of the voice channel on the handheld devices was not practical. The technology used a weaker form of encryption with a 64-bit key.
“Unfortunately, technology has a way of sticking around,” Bransfield-Garth said, and the weak encryption persisted even as cell phones became smarter and advances in computing power made the 64-bit keys obsolete.
No one upgraded the encryption specified in the standard because intercepting GSM traffic was not easy, requiring a truck full of equipment that costs from $100,000 to $500,000. But that security began quickly unraveling in December 2009 with the announcement by computer engineer Karsten Nohl of the completion of a GSM code book, a lookup table of encryption keys used for GSM calls that was published on the Internet. That was followed this spring by the release of a GSM base station software stack on a bootable CD and a demonstration by Nohl and fellow reverse engineer Chris Paget of how the software and code book could be used with a commercial GSM receiver connected to a laptop to intercept, record and decrypt cellular calls.
Cellcrypt’s answer for securing GSM calls is a mobile device encryptor and enterprise gateway that encrypts voice traffic and moves cellular calls onto the IP data channel.
“Essentially, we’re doing a VOIP call over a cellular network,” said Bransfield-Garth. “It is not particularly easy, but it is efficient and effective when it works.”
The system takes advantage of mobile devices' increased computing power for advanced encryption, but it still must deal with the energy constraints of mobile equipment. “Encryption is not very amenable to battery-powered devices,” he said. To get around that limitation, the company has developed the Encrypted Mobile Content Protocol, a collection of protocols and algorithms to optimize encryption on mobile devices.
That still leaves the problem of latency, which can be deadly to voice communications.
“In pretty much all cryptography, there is a little latency,” Bransfield-Garth said. With Cellcrypt's tools, that amounts to a three-second delay in initiating a call and delays during the call of 0.5 to 1.5 seconds, depending on network conditions. He said that level of latency usually is not a problem. “You get used to it very easily.”
In addition to the added security of strong encryption, the Cellcrypt Enterprise Gateway also provides a VOIP interface with an office PBX that enables secure remote access to office telephony features, such as conference calling.
Meanwhile, the cracks in GSM security keep coming. Early this year, Adi Shamir — he’s the “S” in the RSA algorithm — demonstrated that a more advanced GSM encryption algorithm also is vulnerable to a practical attack. The next generation of mobile telephony, Long Term Evolution, is based on GSM, but it specifies two encryption standards, the Advanced Encryption Standard and Snow 3G. Each standard is intended to provide full security, and two different algorithms are specified so that if one is broken, the system can remain secure using the other.
Two large U.S. carriers, Verizon Wireless and AT&T, have announced plans to build LTE networks, but that does not mean that advanced security for mobile voice and data on these networks will be quickly available. The implementation of LTE networks will not begin widely until 2012, and there will not be much service available until 2014 or 2015. So vulnerabilities in existing systems will be with us for several more years.