Encryption pioneer enters VoIP arena
Published: 27 Jul 2005 09:30 BST
Phil Zimmermann hopes that his secure Net phone-calling efforts will be as successful as his Pretty Good Privacy (PGP) email encryption program.
Zimmermann has developed a prototype of an Internet telephony application that encrypts calls to prevent eavesdropping. He plans to unveil the prototype on Thursday at the Black Hat Briefings security industry conference in Las Vegas.
"I am revealing this now because I want to help shape the direction of secure VoIP," Zimmermann said in an interview.
Internet telephony is increasingly popular because it is cheaper than traditional phone service or, in some cases, free. Organisations can run their own VoIP service using products from vendors such as Cisco. For consumers, companies including Packet8 and Vonage offer an actual phone that plugs into a broadband connection, while others such as Skype sell software that runs on a PC. Many popular instant-messaging applications also have VoIP capabilities.
Security of VoIP systems is getting more attention in general. Cisco identified several vulnerabilities in its products earlier this month. The flaws could lead to DoS attacks on Cisco IP telephony networks.
Within the next two years, 97 percent of new phone systems installed in North America will be VoIP-based or will use a combination of traditional and VoIP technology, according to research firm Gartner. Cisco claims to have sold some 5 million VoIP phones to customers throughout the world.
It is already possible to encrypt VoIP data. However, today's technology uses the public key infrastructure coding system, which secures the exchange of data by providing each party with digital certificates that validate their authenticity. Setting up and managing PKI can be laborious. Zimmermann's system does not use PKI.
Zimmermann hopes to start a business that will sell products based on the encryption technology. It could also be licensed to other companies for use in their Internet telephony line-up. "I will have my own products, and there will be agreements with other companies to use it in their products as well," he said.
The security expert said while his prototype can be used to make calls, it still has some problems to be ironed out and is not close to being a finished product. "It is not mature enough," he said. "The crypto is real solid, but the VoIP client has some bugs." Zimmermann said. The application doesn't have an official name yet.
The VoIP client is based on the open source Shtoom VoIP phone client. Zimmermann said he added cryptography to it.
This is not the first time that Zimmermann has worked on putting protections on Internet telephony. Almost 10 years ago, he launched PGPfone, a little ahead of its time. "The Internet was not ready then," he said.
Did you find this article useful?
75 out of 124 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
