[asterisk-biz] Encrypted calls between mobile gsm and isdn (asterisk)

[Trixter aka Bret McDanel]

On Thu, 2010-02-25 at 08:25 -0500, Alex Balashov wrote:
> Although, acoustic coupling-based encryption would be kind of nifty... 
> surely exists in the government sector.


how I have done that is to encrypt via a data call which means that you
can decode that data bit for bit on the pstn so it works that way.  This
works even if the call goes over the pstn since the pstn call is also a
data call the same as gsm to gsm.  Further, it is not limited to gsm (I
havent implemented it on a phone that is something else) since you only
need a data call to implement it on other phone technologies. 

I have used two ciphers though so if one is broken you are still
somewhat safe.  aes256 and blowfish both as a stream cipher.  To crack
it requires that you break both ciphers.  There is also a hash available
so that you can ensure that there is no MITM game going on, although
that is less than useful if you are calling an IVR.  I started to
implement tls to verify the other end, but got bored and distracted and
never finished that part of it.  For the IVR side you need to have
certificates issued (which can be self issued if you want to be the CA)
which replaces the hashing system mentioned above.

At one point I was looking for someone to sponsor this, no one came
forward so I kinda set it aside for now.


-- 
Trixter http://www.0xdecafbad.com     Bret McDanel
pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721