Thursday, October 25, 2012

Silent Circle

The Economist writes Let's keep this between us about PGP creator Phil Zimmermann's latest venture.

"Silent Circle, Mr Zimmermann's latest firm, which he founded with a former Navy SEAL, extends privacy protection to voice and video calls, and instant and text messaging, as well as e-mail. On October 16th the company unveiled its software for the iPhone and other iOS devices that, for $20 a month, handles encrypted chat and voice over internet protocol (VoIP) calls. A version for Android is coming soon.

In PGP, Mr Zimmermann solved [secure key exchange] by using public-key cryptography, which uses a pair of private and public keys to handle encryption. The public key is freely published and distributed online, and verified by other trusted parties. A PGP-protected document would contain an encryption key unique to the document that scrambled the file's contents. That document key is itself enciphered using recipient's public key. Only an intended party with the corresponding private key could extract the document's secret and decrypt it.

That may be straightforward for expert cryptographers, but not for the vast majority of internet users. So ZRTP takes a different tact. It relies on the fact that it is difficult to impersonate a voice. After a voice call is initiated with Silent Circle's VoIP software, the two users are both presented with the same short number. At any point in the call, they can read this number to the other person to ensure it matches. If it doesn't, an eavesdropper might be listening in.

Mr Zimmermann notes that by "dragging a couple of human brains into the protocol", Silent Circle makes it impossible for an interloper to predict when the people in a conversation will perform the verification step or how they will perform it, and so pre-arrange a convincing impersonation. (Video chats in Silent Circle will show a blank screen until the short code is verified, and the text messaging app shows the code and suggests making a brief phone call to verify it.)"

No comments: