Zfone is a software for the coding of VoIP telephone calls.

Application

In March 2006 Phil Carpenter presented the beta version of a again developed software named Zfone for the coding of VoIP telephone calls of the public.

So far the program for Linux, Mac OS was published last and to 21.05.2006 for Windows XP. Like already with its last program PGP it revealed the source text also with Zfone. The software functions like a transparent Proxyserver, whereby the users of far its preferential VoIP software and hardware can use. Also the installation of the Zfone technology into single devices and rout by the respective hardware manufacturers is intended. So far however still none is such equipment available.

Function mode

For this purpose minutes developed associated particularly of Carpenter in co-operation with Alan John clay/tone and Jon the Callas named ZRTP used for coding the Diffie Hellman procedure. ZRTP represents an extension of RTP minutes already existenten. Carpenter already conveyed the ZRTP specifications for the purpose of the standardisation to the IETF. The VoIP session is initiated by SIP. Then normal unencrypted RTP minutes are used, in order to negotiate with ZRTP a so-called Shared Secret, which is used then for the coding of one SRTP which can be established (Secure RTP) - connection.

Carpenter decided consciously against a PKI based procedure, since this has according to its opinion various disadvantages. Thus he fears for example that national places will successfully have in the future pressure for the appropriate server operators to insert back doors and/or duplicate keys. The estimate of the actual trustworthiness of the different PKI instances is likewise problematic for the user. In addition each user would have to note a kryptografisch safe password durably. To a later time of attained keys can be used beyond that retroactively for the decoding of all along-cut communications. Also the enterprise of an PKI infrastructure is very complex and maintenance-intensive.

The Diffie Hellman procedure selected by Carpenter has however also disadvantages. It is system-dependently susceptible to a so-called one in The Middle attack. Carpenter integrated therefore some counter measures, which are to prevent a success of such an attack surely. So the interlocutors should read out themselves for example for their own security with one of their first common telephone calls mutually a three-figure code, whereby a kompromitierte connection can be recognized clearly. This is important also for the security of the subsequent telephone calls. Additionally for example the previous personal agreement of a common password is possible. With following calls between the same terminals a procedure already well-known of SSH serves named baby-ducks by the use of a Shared Secret Cache for the prevention of one in The Middle attacks. The integrity of the connection is guaranteed by stored produced with vorrausgehenden telephone calls and. So an aggressor must successfully have attacked all past telephone calls without exception, in order to be able to decode also the current telephone call. The session keys necessary for the decoding of the telephone call led in each case after completion of the appropriate telephone call are however naturally deleted immediately. Like that a later decoding of communication is impossible by access to the used hardware of a discussion participant.

Criticism

To the acoustic Authentifizierung it is partly criticized that with a discussion between two unknown quantities the voice of the interlocutor does not admit is. Thus just as well the aggressor can read out its respective key Hash to the two discussion partners. Carpenter holds out that it would be not necessarily necessary to recognize the voice of the interlocutor. Sufficient already is the statement whether the voice of the interlocutor is always still the same during the remaining discussion.

Conceivable a voice imitation or a voice synthesis would for this however be during the acoustic Authentifizierung. This expenditure would probably be worthwhile itself after that presently well-known state of the art in individual cases. Such an attack can be prevented however by at least unique use of a Pre Shared key (PSK). This Pre Shared key could be already agreed upon for example with a personal meeting or with the help of one by means of Web OF Trust of examined PGP key.

See also

• PGPfone
• Cryptophon

Related links

• Official Zfone web page (English)
• Official web page by Phil Carpenter
• Explanation of ZRTP minutes (English) - this text on the IETF web page (English)
• Article to Zfone on heise.de

Articles in category "Zfone"

We found here 3 articles.

Related Websites

We found here 2 related websites.

• Philip Zimmermann
  21 May 2006 - I've just released a new public beta for Zfone, a new product that ... Zfone uses a new protocol called ZRTP, which is better than the other ...


• Philip Zimmermann
  In the future, the Zfone protocol will be integrated into standalone secure VoIP ... The current Zfone software runs in the Internet Protocol stack on any ...