White paper on PriveCall - privecall.com

1 downloads 221 Views 458KB Size Report
Aug 23, 2016 - deep on integrated circuits and their operating system internals are kept ... Mobile Operative systems su
PriveCall White paper

23.08.2016 1(13)

[PUBLIC]

Trust Does Not Create Security. Implementation does.

White paper on PriveCall™

Version history Ver

Date

Description

Author

0.2

19.3.2016

Fork from MMy version

PPa

0.3

19.8.2016

Initial release version

PPa

4

23.8.2016

Final release version

PPa

PriveCall White paper

23.08.2016 2(13)

[PUBLIC]

Table of Contents Introduction....................................................................................................................................................................................... 3 References......................................................................................................................................................................................... 3 Executive summary......................................................................................................................................................................... 4 Background....................................................................................................................................................................................... 5 Solution............................................................................................................................................................................................... 7 Delivery............................................................................................................................................................................................... 7 Features.............................................................................................................................................................................................. 7 Platforms............................................................................................................................................................................................ 8 Technical Specifications................................................................................................................................................................. 8 HUB Technology............................................................................................................................................................................... 9 Network scenarios........................................................................................................................................................................... 9 Identity management.................................................................................................................................................................... 10 Solution at glance............................................................................................................................................................................ 11 Hard Questions to be Answered................................................................................................................................................. 12 Engineering Team........................................................................................................................................................................... 12 Summary........................................................................................................................................................................................... 13

PriveCall White paper

23.08.2016 3(13)

[PUBLIC]

Introduction This documents describes PriveCall™ features and design principals.

References PriveIM documentation

PriveCall White paper

23.08.2016 4(13)

[PUBLIC]

Executive summary PriveCall™ delivers end-to-end secure voice communication over public and private networks. This voice security solution delivers security that: 1) Uses your current smartphone as a modem (access) to the network 2) Gives you 100% secure voice communication solution 3) Works fine with IP, 3G/4G, MESH and Satellite networks 4) Does not require a mobile subscription 5) Is impossible to hack or eavesdrop or ex-filtrate 6) Leaves no traces, creates no additional meta data in the networks 7) No forensic traces on your mobile phone, nor in the PriveCall™ device 8) Is always built from source code. 9) No binary based SDK’s or libraries used in compilation 10) Does not have any binary elements in the solution – all possible back doors are eliminated 11) Can run your own governmental symmetric encryption algorithm if available 12) Is designed and manufactured in Finland which is an independent country with no alliances with foreign Intel organizations. 13) XXLSEC Ltd is a privately owned company owned by Finnish citizens. No financing party or legalization can force the company to compromise security. 14) Is possible to deploy and use any country in the whole world and works across different networks in different countries always delivering secure communication. 15) Does not rely on obscure cloud based servers and services but encrypts voice in the PriveCall™ device before hitting the unsecured smartphone and the unsecured network. 16) PriveCall™ is meant for those who are serious about privacy and cybersecurity. We do not play with App stores.

PriveCall White paper

23.08.2016 5(13)

[PUBLIC]

Background Currently every available communication encryption solution has ties to intelligence blocks or they are running on platforms influenced by those parties. These platforms are built on components compromised deep on integrated circuits and their operating system internals are kept secret with closed source code. This all serves remote, unnoticeable and unauthorized access to devices internal memory to obtain data of used encryption keying and memory by this ex-filtration. Making encryption used on these platforms is worthless. It's not about Algorithm strength and encryption standards, it's all about endpoint security for stored and used encryption calculation and keying. Current secure mobile solutions share a huge amount of unsecured elements that make mobile security a scene for “security by obscurity” – reminding us of those old days of regimes in eastern Europe and former Soviet where hotel rooms were bugged and you never could say if your communication was safe or not. Nothing has really changed. Those you buy your security solutions from use the same methods. You can read here a short list of vulnerabilities that should make the reader sweat. Probably all of them are applicable for you who read this. 1. Mobile Operative systems such as Windows Mobile, iOS, Android and alike are delivered by companies that co-operate with intelligence organizations. Operative systems have never been developed to maximize security. Every year hundreds of vulnerabilities are discovered. But not only Intel organizations utilize these vulnerabilities but also different rogue organizations. 2. Mobile devices most often have access to public unsecured web sites where malware are hidden in links. 3. Mobile devices most often have access to App stores, which opens up a wealth of opportunities for rogue interests. You never know what the App really contains. 4. Mobile devices are regularly updated for bug fixes, performance improvements that in turn give OS vendors full access to your mobile phone. 5. Security solutions – encryption keys and Certificate Authorizations are created in a cloud where you NEVER can know who has access to your secret communication. 6. If you use some kind of a virus protection or other software in your mobile device read carefully what your vendor asks you to consent in “General User Terms” – most often they require a full access to your communication. When you update these “protection Apps” – you have no chance to know what you download. Only “trust” – and that is not much to count on considering your valuable assets, business or military secrets. 7. The world’s largest mobile processor manufacturers build antennas in their processors that have nothing to do with 3G or 4G – but something else. Hacking and interception is moved to a hardware level that is out of your control.

PriveCall White paper

23.08.2016 6(13)

[PUBLIC]

8. IMSI catchers and other network-based equipment intervene, eavesdrop and collect your communication at the network level. 9. SS7 intelligence opens the whole mobile networks to eavesdrop subscribers, who they talk to, when, where etc. 10. How ‘bout GPS positioning? Your mobile device sends regularly your location not only through Mobile Base station tower information but also your coordinates to different servers – that enables complete monitoring of your physical location and movements – in real time. 11. Software based protection Apps contain binary code and share memory with your mobile phone – the protection is lost somewhere in the process. And you cannot do anything about it – not even read the hidden code. All this stuff and much more makes current mobile voice security solutions open, vulnerable and even potentially dangerous, as you do not really know when and how your communication is compromised. And who has access to your communication. Trust does not create security.

PriveCall White paper

23.08.2016 7(13)

[PUBLIC]

Solution PriveCall™ is a software with 100% source code visibility, it uses publicly reviewed encryption algorithms which are under control of the end user organization from source up. PriveCall™ relies on certificates that are produced in a mathematically intact environment under total control of the user and deployed in devices with secure methods. Read more below about technology, principals, software and hardware.

Delivery Our solution can be deployed in different devices after risk-based evaluation of security level required. If the user wants to have a level of unnoticeable protection, we deliver the solution in a mobile accessory compatible with all modern mobile communication devices based on iOS, Win or Android. This ensures top communication in high-risk missions as we deploy the solution in a dedicated hardware.

This makes us

unique.

Features PriveCall™ has many features implemented which serve operational and simple usage of speech encryption. It does not mimic to be replacement of your traditional phone service and cannot reach level of comfort and usability compared to publicly available voice services. It's a serious tool for secure communication needs and immune to hacking, eavesdropping or memory exfiltration. PriveCall™ delivers your speech securely or it does not deliver it at all. PriveCall™ implements End-to-End encryption between communicating parties. The HUB(s) placed in a network (e.g. in public or private placed datacenter) is (are) used to route traffic. HUB does not decrypt communication, nor has it keys for that. PriveCall™ End-to-End encryption uses OpenSSL key exchanging methods and re-keys communication on periodic intervals. Solution offers also conference call capability where all participants can take part of conversation in full duplex speech. In this case we recommend the customers to place their HUB(s) in their own secure premises. Our code delivers client and hub implementation, which makes it easy to adopt this for various different operational scenarios of high security speech communication.

PriveCall White paper

23.08.2016 8(13)

[PUBLIC]

Platforms Since we are delivering solution from source code, we can target whatever platforms we see worth implementing this solution. Currently we have delivered PriveCall™ solution on PC based hardware running Linux, embedded ARM based encryption devices and PriveCall™ dedicated mobile accessory devices. Due to the reasons described in the Challenge section, we cannot guarantee security on Windows, Mac OS, Android and iOS platforms. Nor any variants of these, like PrivateOS. We choose not to deliver solution on these platforms, simply because we cannot say they are secure. Our solutions range from embedded ARM devices (where we can offer 100% source visibility from Linux kernel to PriveCall™ application and no binary components are linked in) to mobile phone solution implemented to PriveCall™ dedicated hardware. PriveCall™ is based on hardened Linux with only source code based software. The hardware is designed and built for the sole purpose of delivering PriveCall™ based services (to begin with voice). Neither the software nor the hardware has any binary components. Nor does the Finnish legislation require of that either.

Technical Specifications PriveCall™ solution is pure a C implementation for clients and HUBs. A HUB is used to handle connections between clients and deliver availability information. PriveCall™ security model is based on OpenSSL encryption and key exchange methods and CA and certificates handled by user organization. Speech is encoded with open standard OPUS codec, making it possible to adopt quality to various bandwidths on transmission. All encryption delivered is based on full key length algorithms and strong protocols in key exchanging, like Diffie-Hellman.

PriveCall White paper

23.08.2016 9(13)

[PUBLIC]

HUB Technology PriveCall™ in Peer to Peer mode Peer to peer mode is usable without HUB, but requires IP addresses without NAT. This is a closed user group used in MESH or private networks. Not usable in public cell networks. PriveCall™ in HUB mode HUB mode is required when terminals are behind Cell operator NAT. A HUB routes packets between entities and do not open encryption or have keys to the encrypted TCP streams. This allows a HUB to be located even in ‘hostile’ VPS provider. The user can switch HUBs on the fly and make calls through different continents when deployed worldwide. PriveCall™ HUB in different eco-systems As the HUB only routes the voice traffic the HUB may be placed even in hostile networks without compromising security of communication. In case of too long RTT (delay) or network congestion the user may just access to another HUB to continue the communication. The security is never compromised.

Network scenarios PriveCall™ using IP/LAN, 3G and 4G networks PriveCall™ works fine with these networks as long as the network is stable. Unstable IP, 3G/4G network may cause a bad communication link and therefore unstable voice comm. PriveCall™ using MESH or private networks Both MESH and private networks can be used to carry traffic PriveCall™ traffic. MESH networks may be deployed for front deployed teams (critical mission com) – such as police, rescuing teams and military in circumstances where there is no access to internet as the team carry their own high capacity IP radios. PriveCall™ when using WiFi to access Flynet For example, Lufthansa’s on air Flynet uses Satellite communication to give frequent flyer access to Internet. PriveCall™ works fine and delivers end 2 end secure communication. The only requirement is to deploy a microphone that filters noisy background in the airplane. In contrast to other competing solutions PriveCall™ is not dependent on access to other servers or a cloud but only on the routing HUB.

PriveCall White paper

23.08.2016 10(13)

[PUBLIC]

Identity management Our solution minimizes your communication pattern exposure in various ways. We are happy to challenge any ‘secure’ VoIP/PSTN/VPN/IPSEC implementation with following statements: •

PriveCall™ device contains no information about other parties identity



PriveCall™ device knows only it’s own identity.



PriveCall™ HUB instance does not know or contain any information who uses it.



PriveCall™ has no subscriber database



PriveCall™ cannot leak user information, because there is none available.



PriveCall™ HUB can be located on hostile network segment.

PriveCall White paper

23.08.2016 11(13)

[PUBLIC]

Solution at glance

PriveCall White paper

23.08.2016 12(13)

[PUBLIC]

Hard Questions to be Answered Ask following questions from any competing solution provider: 1. Who has source code of used platform? 2. Can I have a copy of platform operating system source code and compile all used system binaries to my encryption solution? 3. Does the used operating system run non-source available binaries in the same address space as my encryption solution? 4. Who has/runs CA (certificate authority) certificate? 5. Can I change deployed CAs and redo required certificates when I need? 6. Can I generate all used CA and client certificates in secure environment and using high grade RNG's? 7. Can I use my national symmetric algorithm instead of AES256? 8. Can I have source code of all used encryption algorithms and compile them in house? 9. Can I have source code of speech encryption application and build it in house? 10. Can you deliver 100% source based solution, from used operating system to speech encryption application? 11. Can I see guys who have done programming of this?

Engineering Team PriveCall™ solution has been developed by Finnish engineers with background in embedded Linux and security, deep knowledge of intelligence and a team of people having in-depth know-how of governmental and business security needs.

PriveCall White paper

23.08.2016 13(13)

[PUBLIC]

Summary If you as a user of a secure mobile solution believe you are safe and secure against rogue teams, industrial espionage and intelligence teams it is time to rethink. Current secure mobile solutions share a huge amount of unsecured elements of which you are likely to suffer. You may not be aware of it before it is too late.