International large-scale enterprises establish a number of offices worldwide, as well as many overseas offices. The global distribution of various functional departments needs to maintain timely communication via means of communication including voice, text messaging, and file transfer. Due to the commercial sensitivity and confidentiality needs of the exchanged information, we need to use encryption to protect the security of the communication content against eavesdropping and sabotage.
Traditional GSM-based secure communication suffers low rate of data channel, poor encrypted voice quality. Its operation is limited by the operator’s GSM voice coding or CSD data service deployment. Therefore, traditional GSM-based mobile phone communication is unable to meet the international demand for the company’s international and domestic operations.
At present, most countries have established a nationwide WCDMA and LTE wireless communication network. Data services costs are very low and the data communication rate can meet the requirements of VOIP and IM communications. Therefore, packet domain based communications solutions are able to adapt to the international and domestic needs of large enterprises international business. Our solutions are based on packet domain confidential VOIP and Instant messaging communication. All business are using encryption technology.
2 System Compositions
Mobile network based VOIP voice/instant message encryption system provides packet domain encrypted voice and IM services for a variety of industry users, business users and individual users.
Mobile network based VOIP voice/instant message encryption system is composed of smartphone with security applications installed, TF crypto card, key management system, SIP server and IM server, as shown in the figure below.
2.1 Smartphone with Security Applications Installed
SecCall is the application that realize secure VOIP voice and secure IM communications respectively. Smartphone installed thet application together with TF crypto card fulfill these secure service. SecCall is the application for secure packet domain calls and is the application for instant messaging including text, voice-text and pictures. TF crypto card is to provide the key / certificate storage, cryptographic operations, key generation, and other functions. Inserted the TF crypto card that has completed offline certificate/key loading into Android smartphone, users can enjoy secure VOIP and IM communications with SecCall.
3 Functions and Specifications
3.1 Secure Smartphone Specifications
1) Cryptography Specifications
2) Call Functions
3) Chat Functions
4) Call Specifications
5) Chat Specifications
Demonstration of interception of a voice message by the system administrator, with TF card and without a card in the open mode:
4 System Features
4.1 Complete Security Design
The system is employing 10 kinds of keys and layered protection mechanism to ensure key negotiation protocol security, media encryption security.
4.1.1 Key Negotiation Protocol Security Design
1) Forward security
Employ dot product mechanism to realize forward security
2) Prevent man-in-the-middle attack
Add the digital signature and public key certificate in the key exchange protocol to complete authentication of the identity of the other party to prevent man-in-the-middle attack.
3) Replay attack protection
Timestamp is added in the key exchange protocol. It can prevent an attacker from intercepting a correct message and do replay attacks.
4) Identity authentication
Digital signature and public key certificate are added in the key exchange protocol to complete the certification of each other’s identity.
4.1.2 Media Encryption Security Design
Encrypt the RTP payload to achieve confidentiality protection. MAC calculations realize integrity protection.
4.2 Worldwide Connectivity
SecCall work in the IP packet domain. In a global IP network environment, as long as the network bandwidth meets the minimum needs of voice calls, any network can be used for VoIP and IM encrypted communications, including different carriers, various formats mobile network, and fixed network wifi access etc. SecCall realize encrypted communications worldwide.
4.3 Convenient Usage
Based on commercial Android smartphone platform, SecCall realize secure communication in 3G / 4G, WiFi networks. Without changing your smartphone, simply install SecCall apps and TF card, you can make high-quality secure calls and send secure instant messages.
4.4 Rich Functions
SecCall easy to install and register. SecCall support convenient contact management, call management, settings, user auto discovery etc. Rich network access promises encryption anytime, anywhere.
5 User Interface
5.1 Call Interface
Call is the application for secure packet domain calls. It uses advanced speech engine and related voice processing technology to greatly improve the quality of encrypted voice calls. Optimized key negotiation and encryption enhance the security of the IP call, allowing you enjoy high-quality Internet calling and excellent security performance.
5.2 Chat Interface
Chat is the application for instant messaging including text, voice-text and pictures. Users could enjoy end-to-end secure IM communications without changing their habitual operations.
Encrypted phones are based on:
ZTE Z7, Z11 max, Z17 mini, Nubia Z11 (OS: Android)
ZTE Axon 7S (OS: Linux + Android)
* phone specifications saved