Feeds

Vodafone Germany looks to provide end-to-end encryption with SIM signatures

Emails, docs, VPN connections signed, encrypted by the SIM

5 things you didn’t know about cloud backup

German SIM card manufacturer G&D has announced that it will be supplying Vodafone Germany with an end-to-end security system based on the phone SIM.

Emails, documents and VPN connections are signed and encrypted by the SIM so that the user doesn’t have to enter a password or use a security token. The service will not be offered to individual subscribers but will be available through corporate and government sales.

It is available now for Android phones, with BB10 and Windows Phone planned, but iOS will be locked out as it does not provide the necessary access to the firmware.

The SIM integrates with a layer of the software which in turn uses the native handset apps for email and VPN access to corporate networks. All keys are held on the SIM card. Secure voice will follow.

Something Apple DOESN'T have...

Security as a service is a great attraction for mobile phone companies as there is a level of protection they can offer which is not afforded by Over The Top players. A telco has full access to signalling information and so can spot spoofed CLIs (calling line identifiers), the location a call is made from as well as mine connection data.

The GSMA has an initiative to use SIM cards and mobile phone numbers as personal identifiers. It is seen by Vodafone in particular as a way to provide value added services that cannot be done from outside the network, particularly aimed at companies with BYOD policies.

Crypto-technology does, however, fall under dual-use restrictions governed by the Wassenaar Agreement which means it can’t be exported to places where UN sanctions exist. A Vodafone Germany customer who took his phone with a crypto-SIM to one of those countries would be liable for prosecution. Ironically those are just the countries where you would probably want secure communications.

Rolf Reinema, director of security at Vodafone Germany, told The Register that while Vodafone will issue advisories, it is down to the individual company or subscriber to make sure they observe laws which govern what they take into any country they are visiting.

He did note, however, that many of the banned countries do not make the infrastructure necessary for secure calls available to visitors. A Vodafone Germany customer travelling to the UK could be required to disclose keys under The Regulation of Investigatory Powers Act 2000 (RIPA).

Under most circumstances, Vodafone does not have access to the content of the data stream, but in exceptional cases a government agency can request a legal intercept and Vodafone will provide access. I was once told by someone at a well-known telecoms company that there were three government agencies which had intercepts on Princess Diana’s phone.

No price has been given for the secure SIM solution, but the firms hint at it being reassuringly expensive (although not bad for the head). Vodafone Germany has also announced a lower cost secure voice service aimed at individual consumers using Secusmart for Blackberry 10 and has perhaps unwisely dubbed it the “Chancellor phone”.

There is a significant advantage in offering voice services through the telco rather than an over-the-top player like Counterpath, in that the mobile number can be used as the way to call both securely and insecurely depending on what bandwidth is available.

While these services are currently only available to customers in Germany, and Vodafone UK was unable to confirm any plans, it is likely that we'll see them rolled out to other territories over time. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.