A complete 360 ̊ security solution.
From its very first secure mobile phone, the first product world-wide to encrypt mobile telephone calls in real time by taking advantage of the CPU performance of modern mobile devices, GSMK has created groundbreaking products that have defined the industry.
Each component works together to create a complete 360 ̊ security solution.
The basic design of a secure GSM phone is to take the voice from the microphone, digitize it and run it through a compression algorithm, before encrypting it and sending it via a GSM data call to the other party. The compression algorithm is also called a codec and does with voice what mp3 does with music – making sure it takes up less data.
CryptoPhones use two different codecs. The original CryptoPhone code is called CELP, running at 8kHz. The output stream of the codec is 4.8kbit/second, enabling it to be transported over a 9,6kbit/s GSM data call. The new CryptoPhone codec, introduced with the CryptoPhone G10i+, is a custom development based on ACELP which provides significantly improved sound quality while reducing the necessary bandwidth usage. The ACELP variant has been specifically optimized for an output bandwidth of only 4 kbit/s, so the complete CryptoPhone stream including all overhead data requires less than 4,8 kbit/s.
The speech and sound quality you can expect is comparable to international phone calls. You should note that the overall speech quality depends on the GSM signal quality, so degradation does happen in low coverage areas. While in unencrypted GSM the sound quality gets bad and you would experience dropouts as the phone moves out of coverage, with the CryptoPhone under the same circumstances the call delay would increase. Simple indicators on the CryptoPhone show GSM signal coverage and call quality / delay.
All calls made with the CryptoPhone are subject to a certain delay in the call, as if your call is routed over a satellite link. Most of the call delay originates from the way GSM networks handle the data calls. The CryptoPhone must use the GSM data call instead of the normal voice call mode to ensure a transparent communications channel between the two CryptoPhones. Because the delay is a side-effect of all GSM data calls there is nothing we can do about it. All available GSM encryption products on the market suffer equally from this delay. The CryptoPhone itself introduces comparatively little delay from the voice encoding and encryption.
GSMK CryptoPhones support two different types of technology to transport the encrypted voice stream from one party to the other – CSD and IP. The modes of transport available with each product are clearly labeled on the brochures and specifications.
The classic CryptoPhone uses the so called Circuit Switched Data mode (CSD) in all modes that can be found in GSM networks – transparent and non-transparent as well as V.110 and V.32. CSD offers a reliable and cheap way to use the CryptoPhone in most countries. CSD calls are usually billed the same way as unencrypted voice calls are billed.
To provide a second option for countries where CSD is not available, GSMK has introduced the CryptoPhone IP series, which uses any form of wireless IP (internet protocol) network available. With CryptoPhone IP devices you can connect via GPRS, EDGE, 3G, WiFi or satellite devices that provide IP networking.
To use CryptoPhone IP with EDGE or 3G networks, a data flat rate contract is strongly recommended. When you are traveling, you can plug in a data-enabled local SIM card and can still be reached on your CryptoPhone IP number.
Interoperability between CryptoPhones using CSD and CryptoPhone IP is available by means of a gateway component that can be purchased separately. Since the underlying CryptoPhone Protocol is the same for IP and CSD, the gateway does not touch the encryption and just translates between IP and CSD.
Your secure calls are always encrypted end-to-end, despite of using different modes of transport.
GSMK CryptoPhone technology is based on published and well researched algorithms for both encryption and voice processing. All GSMK CryptoPhones use the same encryption engine with very long keys, resulting in products that provide peace of mind today and in the future.
All calls are encrypted with 256-bit keys using AES and Twofish running as counter mode stream ciphers. For SMS the algorithms are used in CCM-mode. Using both AES and Twofish provides a much stronger design than using only one algorithm. For the highly unlikely case that a weakness is discovered in one of the algorithms, the use of the second algorithm provides an additional “safety net” and results in a higher security margin. The use of these two very strong algorithms is a unique feature of GSMK CryptoPhones that provide a “fall back” inside the crypto-system design. The design goal was to provide not only “tactical security” that lasts for a few months or years, but to design for security against future developments in cryptanalysis in the next decades.
The key used for each call is generated using a 4096-bit Diffie-Hellman shared secret exchange, hashing the resulting 4096 bits to the 256 bit session key by means of SHA256. To prevent man-in-the-middle attacks, a six-letter hash is generated from the Diffie-Hellman result and displayed to the user. The user then reads three letters over the encrypted line to the communication partner and verifies the three letters the communication partner reads to him. Verification of the hash ensures that both parties use the same key and that no man-in-the-middle attack was carried out.
The random material required for the Diffie-Hellman exchange is generated by using the least significant bit from the microphone signal (not during calls of course), clock skew, and additional sources of entropy, and enhancing this entropy with the Fortuna algorithm. This scheme ensures that each key exchange is performed with a completely new and truly random key. For CryptoPhone calls a new key exchange is run for every call. For SMS the result of an initial key exchange is stored in the secure storage on the phone and used by means of a hash-chain.