[ISN] Why VOIP Needs Crypto

[InfoSec News]

http://www.wired.com/news/columns/0,70591-0.html

By Bruce Schneier
Apr, 06, 2006 

There are basically four ways to eavesdrop on a telephone call.

One, you can listen in on another phone extension. This is the method
preferred by siblings everywhere. If you have the right access, it's
the easiest. While it doesn't work for cell phones, cordless phones
are vulnerable to a variant of this attack: A radio receiver set to
the right frequency can act as another extension.

Two, you can attach some eavesdropping equipment to the wire with a
pair of alligator clips. It takes some expertise, but you can do it
anywhere along the phone line's path -- even outside the home. This
used to be the way the police eavesdropped on your phone line. These
days it's probably most often used by criminals. This method doesn't
work for cell phones, either.

Three, you can eavesdrop at the telephone switch. Modern phone
equipment includes the ability for someone to listen in this way.  
Currently, this is the preferred police method. It works for both land
lines and cell phones. You need the right access, but if you can get
it, this is probably the most comfortable way to eavesdrop on a
particular person.

Four, you can tap the main trunk lines, eavesdrop on the microwave or
satellite phone links, etc. It's hard to eavesdrop on one particular
person this way, but it's easy to listen in on a large chunk of
telephone calls. This is the sort of big-budget surveillance that
organizations like the National Security Agency do best. They've even
been known to use submarines to tap undersea phone cables.

That's basically the entire threat model for traditional phone calls.  
And when most people think about IP telephony -- voice over internet
protocol, or VOIP -- that's the threat model they probably have in
their heads.

Unfortunately, phone calls from your computer are fundamentally
different from phone calls from your telephone. Internet telephony's
threat model is much closer to the threat model for IP-networked
computers than the threat model for telephony.

And we already know the threat model for IP. Data packets can be
eavesdropped on anywhere along the transmission path. Data packets can
be intercepted in the corporate network, by the internet service
provider and along the backbone. They can be eavesdropped on by the
people or organizations that own those computers, and they can be
eavesdropped on by anyone who has successfully hacked into those
computers. They can be vacuumed up by nosy hackers, criminals,
competitors and governments.

It's comparable to threat No. 3 above, but with the scope vastly
expanded.

My greatest worry is the criminal attacks. We already have seen how
clever criminals have become over the past several years at stealing
account information and personal data. I can imagine them
eavesdropping on attorneys, looking for information with which to
blackmail people. I can imagine them eavesdropping on bankers, looking
for inside information with which to make stock purchases. I can
imagine them stealing account information, hijacking telephone calls,
committing identity theft. On the business side, I can see them
engaging in industrial espionage and stealing trade secrets. In short,
I can imagine them doing all the things they could never have done
with the traditional telephone network.

This is why encryption for VOIP is so important. VOIP calls are
vulnerable to a variety of threats that traditional telephone calls
are not. Encryption is one of the essential security technologies for
computer data, and it will go a long way toward securing VOIP.

The last time this sort of thing came up, the U.S. government tried to
sell us something called "key escrow." Basically, the government likes
the idea of everyone using encryption, as long as it has a copy of the
key. This is an amazingly insecure idea for a number of reasons,
mostly boiling down to the fact that when you provide a means of
access into a security system, you greatly weaken its security.

A recent case in Greece demonstrated that perfectly: Criminals used a
cell-phone eavesdropping mechanism already in place, designed for the
police to listen in on phone calls. Had the call system been designed
to be secure in the first place, there never would have been a
backdoor for the criminals to exploit.

Fortunately, there are many VOIP-encryption products available. Skype
has built-in encryption. Phil Zimmermann is releasing Zfone, an
easy-to-use open-source product. There's even a VOIP Security
Alliance.

Encryption for IP telephony is important, but it's not a panacea.  
Basically, it takes care of threats No. 2 through No. 4, but not
threat No. 1. Unfortunately, that's the biggest threat: eavesdropping
at the end points. No amount of IP telephony encryption can prevent a
Trojan or worm on your computer -- or just a hacker who managed to get
access to your machine -- from eavesdropping on your phone calls, just
as no amount of SSL or e-mail encryption can prevent a Trojan on your
computer from eavesdropping -- or even modifying -- your data.

So, as always, it boils down to this: We need secure computers and
secure operating systems even more than we need secure transmission.

-=-

Bruce Schneier is the CTO of Counterpane Internet Security and the
author of Beyond Fear: Thinking Sensibly About Security in an
Uncertain World. You can contact him through his website.