Making Mobile Communications Secure
GSM/3G are surprisingly insecure, which is sad since good cryptographic frameworks exist. During the past year the Serval Project has been working on integrating very strong security into voice, text and data transfers on a mesh network. Rather than implement a secure SIP and secure RTP combination, we have taken a fresh approach and created a light-weight but secure packet and voice transport that is designed from the ground up with mesh networking in mind. One of the key innovations is using public keys as the network address, so that no key exchange or verification is required to setup an end-to-end encrypted channel. Consideration has also been given to how to defeat man-in-the-middle attacks for peers who are not able to verify each others keys prior to connection.
The system will be demonstrated in it's intended application in open-source Serval Mesh telephones to allow secure telephone calls.
Part of the talk will discuss the technical details of the security model, but (hopefully) in a fairly accessible manner that most developers should be able to follow, and in particular avoiding getting buried in mathematics. Feedback on the security model is invited so that any obvious vulnerabilities can be addressed before the software becomes widely distributed.
Dr. Paul Gardner-Stephen is a Shuttleworth Telecommunications Fellow, and Rural, Remote & Humanitarian Telecommunications Research Fellow at Flinders University. He is founder of The Serval Project, an open-source project allowing mobile telephones to work without carrier networks, e.g., for disaster, remote or developing world situations where networks are unavailable, overwhelmed or unaffordable. Like many in the open-source community, Paul suffers from a critically high idea flux to available time ratio.