Pulver: BT purchased Counterpane Software, French-based Alcatel has bought Lucent, and Israeli-owned Checkpoint Software nearly bought Sourcefire. Should we in the United States worry that vendors and critical pieces of our security are being bought by overseas firms?
Zimmermann: Yes. I talked with Brian Snow about this. Brian, recently retired, was NSA’s most senior cryptographer. He worked in the INFOSEC part of NSA, the guys who are responsible for protecting U.S. communications (not to be confused with the other side of the NSA, the SIGINT side, who do signals intelligence). Brian thinks that our increasing dependence on foreign electronics manufacturers is making it harder for the U.S. Government to procure equipment they can trust to protect our military and diplomatic communications. I imagine this concern would extend to security software as well.
On the other hand, this is not to say that no one should ever trust foreign security software. PGP is used by every major government in the world because everyone trusts it. This is in large part because the source code is published for peer review. In that case, it does not matter what country produces it; it only matters that the source code is published. Publishing source code for crypto software is a tradition I started myself with PGP’s first release in 1991 and continue now with Zfone. You should never trust security software unless they publish their source code.
Pulver: VON being an IP communications publication, let’s
ward secrecy, meaning the keys are destroyed at the end of the call, which precludes retroactively compromising the call by future disclosures of key material. If the users fail to compare the short authentication string, a second layer of protection against MiTM attacks comes from a form of key continuity. It does this by caching some key material to use in the next call to be mixed in with the next call’s DH shared secret, giving it key continuity properties analogous to SSH. All this is done without reliance on a PKI, key certification, trust models, or certificate authorities. It also does not rely on SIP signaling for the key management, or on any servers at all. It performs its key agreements and key management in a purely peer-to-peer manner over the RTP packet stream. It supports opportunistic encryption by auto-sensing if the other VoIP client supports ZRTP.
It’s also worth noting that only ZRTP’s end users are involved in the key negotiation, and CALEA (Communications Assistance for Law Enforcement Act) does not apply to end users. If the VoIP service providers are smart, they will welcome ZRTP as a solution to being caught in the middle between the end users and the government.
Pulver: What are your Zfone measures for success? How close are you in reaching them, and what is your timeframe?
Zimmermann: When I first thought of doing Zfone, I thought I might just try to do a boutique expensive secure phone for a few vertical markets. But my friends told me it would be much
turn our attention to Zfone. Please describe it.
Zimmermann: Well, the real power of Zfone lies in the ZRTP protocol, which I have implemented in an SDK for VoIP vendors to integrate into their VoIP products. But I needed to showcase the ZRTP protocol and the libZRTP SDK by building an application that uses it, and that application is Zfone.
Zfone turns many existing VoIP clients into secure phones. It runs in the IP stack on any Windows XP, Mac OS X, or Linux PC and intercepts and filters all the VoIP packets as they go in and out of the machine, and secures the call on the fly. A variety of different software VoIP clients can be used to make a VoIP call. The Zfone software detects when the call starts and initiates a cryptographic key agreement between the two parties, and then proceeds to encrypt and decrypt the voice packets on the fly. It has its own separate GUI, telling the user if the call is secure. Zfone acts as if it were a “bump on the wire,” sitting between the VoIP client and the Internet, but implemented in software in the protocol stack.
Pulver: What makes Zfone unique for VoIP call security?
Zimmermann: The ZRTP protocol used by Zfone has desirable cryptographic features lacking in many other approaches to VoIP encryption. Although it uses a public key algorithm, it does not rely on a PKI. It does not use persistent public keys at all. It uses ephemeral Diffie-Hellman with hash commitment and allows the detection of man-in-the-middle (Mi TM) attacks by displaying a short authentication string for the users to read and compare over the phone. It has perfect for-
better to go for a horizontal market-standards approach and get integrated into the part of the VoIP industry that is built on open standards (the entire non-Skype portion of the industry). In other words, make an open standard, make a commercially available SDK that implements this standard, and sell to VoIP implementors and OEMs. Sounds like a plan. I don’t know if I can achieve quite that level of ubiquity, but maybe I can proliferate it more than, say, PGP did in the e-mail encryption market. I also don’t know how long that will take, but I don’t have to please any investors, so we’ll see where it leads.
Pulver: You’ve said Zfone has been a financial drain. Any chance you might be tempted by venture capital?
Zimmermann: Well, we’re starting to get some paying customers, so maybe we can squeak by without VC money. The product is in great shape, and we are making deals. We made a deal with Borderware to include our SDK in Borderware’s SIPassure VoIP security gateway. And we just closed a deal with Ripcord Networks to include our SDK in their Canopy OS for VoIP desktop enterprise phones. And we closed a few other deals with some other VoIP product implementors.
Pulver: What do you do for fun, in your spare time? Do you even have spare time these days?
Zimmermann: Well, I do a lot of travel, speaking gigs mostly, and mostly in Europe. So I try to be a tourist a little on every trip. That’s the most valuable thing the PGP experience has brought me–getting a new perspective on the world by visiting 37 countries and talking with people in so many cultures. V
References:
Archives