Privacy Pioneer Promises
Secure VOIP
The cryptographer who created the e-mail encryption software PGP is back with Zfone, a prototype intended to thwart VOIP eavesdroppers.LAS VEGAS—Phil Zimmermann, the celebrated cryptographer who created PGP (Pretty Good Privacy) for e-mail encryption, is taking a shot at securing VOIP communications. Zimmermann took the stage at the Black Hat Briefings here to show off Zfone, a prototype application that encrypts voice-over-IP calls to thwart man-in-the-middle eavesdroppers.
Using the open-source, cross-platform softphone Shtoom and the Diffie-Hellman key agreement protocol, Zimmermann has developed a session-based encryption tool that lets two users on a SIP (Session Initiation Protocol)-based VOIP connection verify each others identity to avoid snooping. "I dont think I have to make the case too much as to why you need secure VOIP," Zimmermann said in a chat with reporters after his presentation.
"As we move our phone calls from the relative safety of PSTN [public switched telephone networks], we will have to deal with the weaknesses and vulnerabilities associated with the Internet." "Every day, I look at my server console, I see attempts to break in. Its nonstop. As our phone calls move from the PSTNs to the Internet, not to protect those calls seems like a very bad idea," he added. Zimmermann is no stranger to securing voice communications.
In the early 1990s, he created the PGPfone software package, which combined speech compression and cryptography protocols to secure voice calls. But the idea never took off, because, as Zimmermann explains it, "the Internet just wasnt ready for it." "In those days, no one had broadband. SIP did not exist. I had to devise my own protocols to do Internet telephone, so PGPfone was created with improvised protocols," he said. more>>>