GCN LAB REVIEWS

Chip encrypts Android calls, without the lag time

TrustCall with TrustChips

Quick quiz: What’s the most important thing that should be on all federal employees' minds when they leave the office? The answer, as I’m sure most of you guessed, is security. The government spends a lot of time and money buidling digital fortresses around its offices, but they are of little help once a fed walks outside, where a simple phone call can be the key to undermining all those efforts.

Even though the world is embracing smart phones, in the federal arena doing so involves more than just going out and picking up the latest Samsung Galaxy S II and starting to chat with coworkers. There are matters of security to think about, though getting a high degree of it on a consumer phone is not all that easy.


TrustCall with TrustChips

Performance: A-
Features: B
Ease of Use: A
Value: A
Government Price: $119 activation, $25 monthly fee
Pros: Uses hardware encryption to reduce latency, all packets plus tunnel are encrypted
Cons: Only works with some Android phones, no warning if a non-secure call attempt is made


The TrustCall system can help in this area by encrypting calls between phones. We’ve looked at third-party programs in the past that did this, but they had a few drawbacks, including relying on an outside company’s servers to perform the encryption and a long latency during calls. For the most part, the TrustCall system from Koolspan eliminates those negatives.

The system relies on hardware chips to perform the encryption. When you purchase TrustCall, for $119, you actually get the chip and two adaptors so that it can be installed in most Android-based phones. We tested the system with a pair of Samsung Galaxy S II phones, and only had to use the main chip without the adaptors. But the TrustCall will also work with Motorola Droid RAZR phones, HTC EVO models and the rugged Casio G’Zone Commando, among others. It won’t work for an iPhone of course, probably because Apple restricts access to the phone itself. For our Galaxy test phones, we simply had to pop off the back and install the TrustChip inside the provided slot.

Security between phones

What the chips do is create a secure connection between phones. A third party server is still used, but only to complete the handshake between phones with the chips installed.

Here's how it works: When you originate a call, you are asked if you want it to be a normal one or an encrypted call. If you select the encrypted option, it will contact the host server which will begin handshaking procedures between both phones. One slight negative is that currently you don’t get a warning message if you try to begin a secure call to a phone that does not have a TrustChip installed. Instead, the call just fails because the receiving phone can’t process the request. Koopspan officials say an update to give more warning is in the works. On the plus side, at least users won’t think they are making a secure call on an open line. And regular calls can be placed normally.

Once a secure tunnel is established between phones, the handshake server steps out of the picture, which eliminates a possible vulnerability in the system. From that point on, the chips in the phones will do all the heavy lifting in terms of encryption. Although there is still a hint of lag, it can be as short as 700 milliseconds, which means it’s hardly noticeable. And that is much better than having a third-party server encrypt everything, which, based on our previous testing with another system, tends to add seconds to the lag time.

Not only is the tunnel between phones secure, but every voice packet is also encrypted. Even if a hacker somehow were to break into the tunnel, all the captured data would still be encrypted. Currently the TrustChip system is certified to FIPS 140-2 Level 1, which means it can be used for sensitive but unclassified information exchange.

The $119 price tag is quite good, even when you add the $25 monthly fee per chip. For that small price, a government agency could provide safe communications for all its workers, even using their own phones. And that’s a pretty good feat that would fit in with most agencies, especially on the civilian side or even for state governments, where talks aren’t necessarily classified, but can easily be highly sensitive in nature.

Koolspan Inc., www.koolspan.com

Reader Comments

Tue, Sep 25, 2012

I even wish the handshake server is no need at all. In fact the handshake process can be fulfilled by SMS. Which means you can exchange pubkey and IP address with short message, then make calls through IP tunnel.

Thu, Sep 6, 2012 Washington, DC

Its great to see another review of an encrypted voice solution. Hardware based or software based, there is one key message here. The government is focused on extending the use of mobile technologies but have completely ignored voice security. In so doing, end users have a false belief that since their smartphones are secured by the enterprise that this protection extends to voice. It does not! One way or the other, this risk must be accepted and government needs to deploy a FIPS 140-2 approved Voice and Text Encryption solution to protect all SBU/CUI level conversations.

Tue, Sep 4, 2012

The mafia has finally let some of their technology out into public view.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above