Encrypt voice calls, says GCHQ's CESG team ... using CESG encryption
Snooping left hand, meet keen-on-crypto right hand
While the world was distracted by the UK Pry Minister's ban-working-encryption, log-everything-online Investigatory Powers Bill, the civil service was urging government and enterprises to adopt better cryptography for voice calls.
CESG, “the information security arm of GCHQ, and the national technical authority for information assurance”, dropped new guidance (called "Secure voice at OFFICIAL") about protecting voice calls, noting that the PSTN has been considered insecure (“suitable for UNCLASSIFIED calls only”) for some years.
It's even got its very own nifty key exchange protocol it wants vendors to use.
Having decided in 2010 there wasn't a security protocol that it liked, it put forward RFC 6509 (“MIKEY-SAKKE” – more on this in a minute) as its own proposal.
MIKEY-SAKKE is now incorporated into the CESG's Secure Chorus product spec, and the body says as well as Cryptify Call for iOS and Android it's evaluating other products to see if they meet the spec.
Into the future, the spooks reckon VoLTE will open things up even further, creating an ecosystem of products suitable for “government and enterprise customers”.
All of which is fascinating, given that if the code exists, it's certain to escape the control of “government and enterprise customers” and be used to – horrors! – let users create encrypted voice calls.
Is it tinfoil time?
A good question is “why did CESG think the world needed a new key exchange protocol?”, and El Reg is practically certain that question will exercise Snowdenistas around the world.
The surface explanation is that encrypting VoIP calls adds a new wrinkle to encryption, compared to e-mail, Web, or VPNs communications.
When you hit an HTTPS:// Website, for example, the hard work is invisible: the server presents its certificate, and the browser makes sure it likes the cert, and if so, browser and server negotiate to set up an encrypted connection.
It's the business of certificate handling the CESG decided was problematic for someone calling a friend on a smartphone, so it offers this rationale for the protocol: “no certificates need to be distributed. Instead, a user’s identity is their public key. Simply knowing a user’s phone number is enough to establish a secure communications link with them”.
Secure, of course, if the scheme itself is secure – something which will probably lead experts to take another look at the protocol, since its use of elliptic-curve cryptography is at odds with GCHQ's pals the NSA, which is moving instead to “quantum resistant algorithms” (Bruce Schneier wrote about this in August here).
There is one discordant note that The Register is certain will tap a deep vein of paranoia in the outside world. CESG calls RFC 6509 a standard: “a new open cryptography standard – MIKEY SAKKE – was developed and standardised in the IETF”, its Secure voice at OFFICIAL document states (emphasis added).
Except: the RFC describing it says the opposite: “This document is not an Internet Standards Track specification; it is published for informational purposes”, the RFC states.
A presentative at CESG, has contacted us with this statement:
"We do not recognise the claims made in this paper. The MIKEY-SAKKE protocol enables development of secure, scalable, enterprise grade products." ®