The communication chain
People – Device – Network – Device – People
To ensure confidentiality, every link in this chain must be secure.
The Network
We have learnt that calls on the telephone network are being intercepted. This was already the case with ISDN and is even more so with the All-IP network.
To secure data on the network, we use ZRTP as our encryption protocol. You can find further details on this in the ‘ZRTP’ section.
The Devices
To encrypt data, we need a computer. The processing power of a standard PC or smartphone is more than sufficient for this. Unfortunately, it has become apparent that all common computer systems, particularly when a large number of applications are installed on them and users visit various websites on the internet, can be compromised by malware.
Once this has happened, it is easy for an attacker to disable encryption software or divert the unencrypted data stream.
We identify several potential points of attack that we must secure:
- Backdoors in the application programme: We make our software available as source code for verification.
- Flaws in the operating system: See the chapter ‘seL4 Microkernel’ for details.
- Manipulation of computer hardware: The chapter ‘RISC-V CPU’ explains the risk and our approach to addressing it.
People
A key limitation of any security system is that it only works if it is actually used. Users often do not use complex encryption systems because it is much easier to just make a quick, normal phone call.
We have therefore gone to some lengths to ensure that users can use a standard SIP phone and automatically benefit from the security features.