Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Privacy Pioneer Promises Secure VOIP

    By
    Ryan Naraine
    -
    July 28, 2005
    Share
    Facebook
    Twitter
    Linkedin

      LAS VEGAS—Phil Zimmermann, the celebrated cryptographer who created PGP (Pretty Good Privacy) for e-mail encryption, is taking a shot at securing VOIP communications.

      Zimmermann took the stage at the Black Hat Briefings here to show off Zfone, a prototype application that encrypts voice-over-IP calls to thwart man-in-the-middle eavesdroppers.

      Using the open-source, cross-platform softphone Shtoom and the Diffie-Hellman key agreement protocol, Zimmermann has developed a session-based encryption tool that lets two users on a SIP (Session Initiation Protocol)-based VOIP connection verify each others identity to avoid snooping.

      “I dont think I have to make the case too much as to why you need secure VOIP,” Zimmermann said in a chat with reporters after his presentation. “As we move our phone calls from the relative safety of PSTN [public switched telephone networks], we will have to deal with the weaknesses and vulnerabilities associated with the Internet.”

      “Every day, I look at my server console, I see attempts to break in. Its nonstop. As our phone calls move from the PSTNs to the Internet, not to protect those calls seems like a very bad idea,” he added.

      Zimmermann is no stranger to securing voice communications. In the early 1990s, he created the PGPfone software package, which combined speech compression and cryptography protocols to secure voice calls. But the idea never took off, because, as Zimmermann explains it, “the Internet just wasnt ready for it.”

      “In those days, no one had broadband. SIP did not exist. I had to devise my own protocols to do Internet telephone, so PGPfone was created with improvised protocols,” he said.

      “Now, the Internet is ready for it,” he said, citing the heady growth in VOIP communication technology. “There are some nice protocols today for supporting VOIP, and theres a big industry being built on these protocols. This prototype is much like PGPfone, but its brought up to date with the modern VOIP protocols.”

      /zimages/6/28571.gifRead more here about Phil Zimmermanns decision to sell his company and move on after creating the encrypted e-mail program PGP.

      Zimmermann, who became the target of a criminal investigation after he released the PGP as freeware in 1991, is pounding the pavement in search of funding to make Zfone a commercial venture.

      He has received bridge funding from VOIP pioneer Jeff Pulver and former White House terrorism advisor Richard Clarke, and some technical and business development help from PGP Corp., but the immediate plan is to score a round of venture capital investment to speed up development of Zfone for the wider market.

      “I have talked to some investors and there is a significant amount of interest. We might see something very soon,” Zimmermann said. He also said he would be happy with either a seed round in the range of $750,000 or a Series A round in the range of $5 million.

      “There is a need for secure VOIP. I think I can do it better than anyone else. I have some reason to think the market will trust me,” he said.

      The Zfone prototype is a Mac-only application, but Zimmermann acknowledges that a Windows version would be ideal to make a commercial venture successful. He said he plans to publish a paper detailing the encryption protocol by the end of August and release the source code for Zfone for peer review.

      /zimages/6/28571.gifClick here to read about Skypes VOIP software for Mac and Linux OS.

      Zimmermann said he believes that approach will give his product a leg up on Skype, the popular peer-to-peer application. “Skype doesnt tell you how it works, so you dont know if the encryption works or not. Thats not a knock on Skype, but we just dont know a lot about it.”

      “When you use Skype, youre going through servers somewhere in Europe. Theyre using an encryption protocol thats not known or available. If you dont tell people what kind of encryption youre using, youre telling them to assume they are safe,” he said.

      Next Page: The dangers of unprotected VOIP.

      Dangers of Unprotected VOIP

      Asked what target market Zfone is aimed at, Zimmermann said, “There are a couple of different approaches Im looking at. There are the companies that make the VOIP phones … we would like to form relationships with those companies to put our stuff in their firmware.”

      Zimmermann spent a lot of time at the Black Hat conference pitching the product, answering probing questions from the audience and explaining the decision to avoid the “complexities” of PKI [public key infrastructure] cryptography.

      “Years ago, people stumbled into e-mail without thinking about protecting the privacy. Thats where PGP came from. I think the average user who had enjoyed the safety of PSTN for all these years is going to get a rude awakening when they discover how bad things can be on the Internet,” he said.

      He dismissed a suggestion from research firm Gartner Inc. that the VOIP threat was overblown, saying, “The Internet is a terribly hostile environment. If you attach a computer to the Internet without a firewall, it becomes infected within a few minutes. What used to be attacks from kids fooling around is now organized crime. Today, its these giant botnets doing all kinds of sophisticated attacks.

      “There is a genuine need for voice encryption. There are programs today that record all VOIP phone calls, organize them, save them as MP3 files. There are snooping programs for eavesdropping out there. It is possible to intercept a VOIP call, and, for businesses, encrypting those calls is going to be important.”

      With Zfone, Zimmermann said he believes he has a “relatively simple, understandable protocol” that does not require huge infrastructure investment. “It works. The crypto is solid. I can use it to make calls to any SIP client and it works pretty well.”

      Check out eWEEK.coms for the latest news, views and analysis on voice over IP and telephony.

      Ryan Naraine
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×