Feeds

Vodafone Germany looks to provide end-to-end encryption with SIM signatures

Emails, docs, VPN connections signed, encrypted by the SIM

The Power of One eBook: Top reasons to choose HP BladeSystem

German SIM card manufacturer G&D has announced that it will be supplying Vodafone Germany with an end-to-end security system based on the phone SIM.

Emails, documents and VPN connections are signed and encrypted by the SIM so that the user doesn’t have to enter a password or use a security token. The service will not be offered to individual subscribers but will be available through corporate and government sales.

It is available now for Android phones, with BB10 and Windows Phone planned, but iOS will be locked out as it does not provide the necessary access to the firmware.

The SIM integrates with a layer of the software which in turn uses the native handset apps for email and VPN access to corporate networks. All keys are held on the SIM card. Secure voice will follow.

Something Apple DOESN'T have...

Security as a service is a great attraction for mobile phone companies as there is a level of protection they can offer which is not afforded by Over The Top players. A telco has full access to signalling information and so can spot spoofed CLIs (calling line identifiers), the location a call is made from as well as mine connection data.

The GSMA has an initiative to use SIM cards and mobile phone numbers as personal identifiers. It is seen by Vodafone in particular as a way to provide value added services that cannot be done from outside the network, particularly aimed at companies with BYOD policies.

Crypto-technology does, however, fall under dual-use restrictions governed by the Wassenaar Agreement which means it can’t be exported to places where UN sanctions exist. A Vodafone Germany customer who took his phone with a crypto-SIM to one of those countries would be liable for prosecution. Ironically those are just the countries where you would probably want secure communications.

Rolf Reinema, director of security at Vodafone Germany, told The Register that while Vodafone will issue advisories, it is down to the individual company or subscriber to make sure they observe laws which govern what they take into any country they are visiting.

He did note, however, that many of the banned countries do not make the infrastructure necessary for secure calls available to visitors. A Vodafone Germany customer travelling to the UK could be required to disclose keys under The Regulation of Investigatory Powers Act 2000 (RIPA).

Under most circumstances, Vodafone does not have access to the content of the data stream, but in exceptional cases a government agency can request a legal intercept and Vodafone will provide access. I was once told by someone at a well-known telecoms company that there were three government agencies which had intercepts on Princess Diana’s phone.

No price has been given for the secure SIM solution, but the firms hint at it being reassuringly expensive (although not bad for the head). Vodafone Germany has also announced a lower cost secure voice service aimed at individual consumers using Secusmart for Blackberry 10 and has perhaps unwisely dubbed it the “Chancellor phone”.

There is a significant advantage in offering voice services through the telco rather than an over-the-top player like Counterpath, in that the mobile number can be used as the way to call both securely and insecurely depending on what bandwidth is available.

While these services are currently only available to customers in Germany, and Vodafone UK was unable to confirm any plans, it is likely that we'll see them rolled out to other territories over time. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.