 Ich hoffe, es stört euch nicht, wenn ich mit dem Bein noch ein bisschen Mittag esse. Machen wir Englisch oder Deutsch? Ja, okay. Englisch? Ja, okay. So, er hat den Englisch erkannt, wir halten ihn Englisch. I hope you don't mind if I have my lunch while I talking. This workshop is about the state of various projects and telephony voice encryption that are underway in the family and surrounding. We are trying to get an overview on how difficult it is to build up devices for telephony voice encryption or how easy it is. What different approaches have been taken to get to this goal of having a secure and comfortably encrypted telephony signal by using a device, not a PC. There are several projects right now on the net that have done that by using simply a PC in the software and doing an encoding on it, encrypting it and getting it out. If I look at the number of software based voice encryption systems, I see that there is a strong demand for such a system because the competition gets more heavy in the economy and the people tend to talk a lot about the telephone. So it's far more secure to have something that cannot be so violence both for your private communication and the communication of the company. So that is something that will have an increased demand, especially after the publications on the economic system from the NSA do some more like an Hoover-like approach to the telephony surveillance. It seems to be necessary to have secure voice encryption. You can achieve different levels of security from technical security that is only secure for some hours. If someone is after you to real security where you need to apply really heavy measures to get to your goal of having secure encryption, I think we will cover some aspects of this in this talk. We have today here to my left the current CAVOS project on telephony voice encryption and to my right is Lucky Green who will hopefully tell us something about the current status of the Starium project, which is a project that is emanating from the cyberpunkts corner of the net. So maybe we start with the Starium project and then go over to the CAVOS project. Good morning folks, I'm Lucky Green. How are you all doing this morning? Everybody awake? Who didn't get a shower this morning? Raise your hand. Okay. Alright, about 30%. Anyway, let me first say that I don't work for Starium. I absolutely have no connection with the company other than the fact that the owner is a personal friend of mine, a long-time cypherpunk and that I'm a very satisfied customer. But I don't get any money for saying good things about them nor do I believe Eric Blossom would be too happy if I said bad things about his project, but I actually like it. Starium is a company that is located in Monterey, California. It's just south of Silicon Valley. The company used to be called, was it used to be called Comsec? It used to be called Communication Security Corporation, Comsec. They have a box that is the form factor for standard external modem. It contains a GSM codec and a hardware random number generator, triple des encryption engine. Unfortunately, it requires only a 14.4 modem, but unfortunately the modems talk sync, which means that they have to talk sync, otherwise they can't fit a GSM data stream into a 14.4 modem. The only way to make it happen is for the modems to talk sync. It won't work in ASync. So unfortunately software emulation is somewhat challenging. I've used this device now for a number of years and I must say I'm quite impressed with it. Sound quality is excellent. I frequently use it for international phone calls. I use it for phone calls to Europe. I use it for phone calls to Japan. The voice quality is many cases better than the voice quality of the existing line. So, I'm serious. It's quite amazing. Even though nowadays most phone calls run on fiber, international calls certainly, but the voice quality is actually better in many cases. Anyhow, I meant to bring one of those boxes. In fact, I meant to bring two of those boxes, but I forgot mine and I guess the other person I was supposed to bring the other forgot his, so I can't show them to you. So, we've been making these boxes now for a number of years, but never really greatly commercialized on it. I doubt he's sold more than 500 of them. They have a company now, once the company was renamed in a dystarium and received some funding. They're now building a device about the size of a palm pilot, actually not quite smaller than a palm pilot, that is the next generation of their voice encryption device. It looks pretty slick. I've seen some early designs. The packaging is designed by the same person that designed the Palm 5. So, if you guys have seen that, it will be a really nice finish, a steel-brushed finish. And now the good news is that it will be under $100. Currently these boxes cost $750 each, so you need to spend at least two times $750, but you'll be able to do that for under $100, once they actually go commercial. We also are talking currently with a number of cell phone vendors to actually include these devices in their phones and have made some serious progress there. Much to my surprise, I must confess. When will it ship? Oh, yeah. Yeah, yes, it will ship to Europe. Basically what Eric will do is a very similar plan as PGP has done, namely to export the design documents and source code in paper form, which, of course, is explodable from the US. These things will be mass produced in Hong Kong and Taiwan. So, yes, they will be available worldwide. Let's see, what else did it say? When are they supposed to ship? Well, they were supposed to ship long ago. The new ship data, I think, for the first Alphas is sometime fourth quarter of this year. It's pretty nifty device. So, we'll get a chance to try one out and do so. So, it will not be open source, I'm afraid. But I'm not sure whether... Well, I mean, it's a hardware design. They're using custom chips, so, yes, you can make that open source, of course, but no, it won't be open source. Sorry, guys. Still cool, though. However, we do have an open source solution here and Hakko, right? Do you remember correctly? I met this guy at the CCC Congress. Hakko here, however, has an open source solution. Ja, wir präsentieren. Sorry. You're about to tell about Tron's project? Later. Later? Yeah. Okay, I got it. Sorry, I'm so hungry. Our friend Tron, who is now not anymore with us on the Earth, has an own project on ISDN, was encryption, that was, in fact, his doctorate Diplomarbeit. And he did a complete hardware design based on DSPs, where he used an external digital analog chip and DSP to do the encryption and ISDN9-Interface. So, it's an ISDN-only device. And the problem that he had was that his colleague wanted to do all the key handling stuff and all the ISDN-nuller stuff. He had a heavy disease, so that he couldn't do his part. So Tron was forced to do everything himself and ended in there that he did the whole ISDN stuff, all the D-Channel protocol in Assembler. I've never heard of anything that crazy. No, no, the old telephone PAB-Exels were programmed in Assembler, completely. Okay, but that's long ago. Also the D-Channel. Okay. Also, das Telefon, everything about this phone is published as his work on our server. But so far the projects, to take this thing further, were not that successful, because the software that he left behind was not very well documented, in fact, it was not documented at all. So, das ist nearly impossible for anyone to understand this software without putting in the same effort than it would require to do the whole stuff again. Yes, the general in main problems has he just solved and the way that he has solved are described in his text, so that might be an inverted point to start, but what we found was, that is extremely difficult to do such a project and convince someone to continue someone else's work that is not very well documented. So, this project, I think one guy is trying to bring it forward in the context of his university workings, but at this time I must admit that this project is nearly dead. And so, I don't think that it will be continued. Someone proves me that I'm wrong, I would be very, very happy, but at this time it doesn't look like it does. Okay, now, Hako or Ingo, we will introduce the Analog Chaos Telephony Wars Encryption Project and what they did, yeah. So, we had the same idea of, well, the need of private communication from point to point and started up to do the design or still have an idea. Like we want to have, we have a phone, regular phone line, not ISDN, Analog line and we will have the same thing on the other side, so we need a device which will do the encryption and in a way we can securely say it is an encryption or it can be verified or modified by anyone who wants or who understands about the software encryption and so on. So, what we wanted was a standalone device which don't need a computer or anything else. Also, yeah, like a box or whatever size and have it connected to the telephone and the telephone line. Like we will have the telephone on one side, we will have the box, harmless little box named in the middle and the phone line to the other side. So, if you start a connection, it is just like you respond a regular phone call, you will pick up the phone if you want to have the line secured. You will just put a button to activate the device, so it will establish a connection to the other side via modem, which means there will be modem connected to the harmless little box. At that point, there will be an handshaking, the voice will get digitized by Analog to Digital. There will be voice compression by GSM Algorithm and it will be encrypted and get to the other side. So, we can handle whatever algorithms on encryption and yeah, well, by the way, we wanted to have it in open source, which means in any point if somebody wants to verify this or have another idea or want changes, he will be able to do so. Everything on this phone will be free, it will be released, the barred, the software and so on. Just the only thing is that commercial use is prohibited. That was the idea and the question at this point so far, no. So, yeah, so we will just show what our progress is right now. We have some development over about three and a half years. There have been different microcontrollers with different capability of processing. And yeah, right now we have design we will present right now. What we have right now after a long-term development process is this board, sorry, yeah, it's only beta. So, we are going to change that. The current design consists of Hitachi Supya Hey Risk CPU and that is the CPU you will find in handhelds, and you see like Casio Paya. So, it's a normal CPU. This version runs about 80 MHz and we think that 120 MHz version will be the final version. So, it does everything in software. We don't use any DSP, you don't have to hassle any DSP code if you want to program something on the box. And, yeah, the basic design is just the CPU, RAM, ROM, and a serial interface. We have two of them. An analog digital converter, that's the most common from TI. You will find it in every USB-Rotix modem. So, it's really easy to build that box. The only, at this point, specialized device is the line interface. But the line interface can be changed by discrete logic implementations, but then the box will be a little bit greater. And, yeah, that's the hardware. So, what we are doing was a calculation power. We got a lot of them. What do you mean? So, what we need this calculation power for is mainly the encoding of GSM. We need a lot of compression to have regular voice and we use it on GSM phones to get it over the phone line. On ISDN we don't have a problem because we had a lot of bandwidth of 64 kbit per second. And if we want to have an analog device, we will use regular modem, which means we will go down to 14 far, or 9200 bits per second over the line. Not synchronous. So, yeah. That's the main point. We need a calculation power for. Encryption don't need that much calculation power. But that's why we use the processor and so on. Yeah, we don't provide the modem on the board. But that's your choice. You can hook up an ISDN TA or an analog modem to the box. That is for communication. So, there's no hassle with FCC regulations. If you bring that box to another country, you must confess that this modem is FCC compliant to just buy a modem in your country where you are and hook it to the box. And at this point of view, without modem no longer in use, it will still be enough for the device to use for the encryption. I don't know who has a 44 modem and is not using it anymore. It will be some around. It will be really cheap to get. Don't throw it away. Yes, don't throw it away. Okay, so, yeah. Just presenting what we are doing right now is we have the GSM decoder and encoder running. So, the sound you will hear is coming from the ROM right now because we don't have two devices in the phone line here. But mainly we present you the calculating power of the protocols and algorithms we are using. Tut nicht. Beta. Just checked. Two minutes ago. Hello. Oh, no. What's going on? Okay, that was Neil Armstrong because this sound is not copyrighted. On the software side, we use at current a normal GNU compiler for the C software and for the assembler part also because you can cross compile that package under Linux and build code for the machine. The other software parts that are ported to the machine is the newlib because this library is re-entrend and it utilizes functions like malloc, printf and stuff you always need. The next part is we are using the GNU multiposition library so you need a Bignum library to do things like LSA, encryption, Elgamal, Diffy-Hellman and this stuff and perhaps you can do it in assembler but I won't recommend that. So if you have just a Bignum library porting LSA to it is just take you a few hours and then it will run and it's very easy. They did a great job. It was easy for me. Yeah. The part of how you will encrypt the data is the part of what security do you need which means of course we can provide open key exchange systems but perhaps if you for instance choose LSA you must take care that your private key is never published outside so I won't recommend storing that box because somebody can temper that box if he has access to it so if you are choosing systems like LSA you will probably provide a smart card interface and then you will have to store it on the smart card and take it away if you are not communicating with the box. So LSA, Siehelman und Elgamal this is not required to have a key stored on the box because they are generated on demand and as I now see an exchange and a calculation of through 1084 bit key exchange so you have to wait until this key is exchanged and calculated and then you can communicate and then you must take care that the key you have to exchange for symmetric key exchange is another secure communication way which we will provide is Triple Desk, Two Fish and the stronger ones for communication or IDEA but IDEA is more a problem because licensing, if you put it on commercial perhaps is not permitted but the key system you choose is more a user option because the box comes with the software and if you tell if you are in fear that the key lag is not big enough you have to can change it and just calculate with bigger keys if it's working or if it's working not the most problem is the software GSM code which now utilizes about 50% of the CPU so the other 10% will be the IO communication so you have 40% of the CPU CryptoSync, what is that? ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... Wir kommen in und raus zu dem Telefon hier, der Musik-Renngeber. Das hat uns geboist. Wir haben die digitalen Seiten digitalized. Konvertert was? Ich werde enttript und kompromissiert, um durch das Modem zu kommen. Das ist die Idee, wie es funktioniert und wie es transportiert wird. Wir haben ein Modem. Wenn man ein weiteres Modem-Version hat, wird das Modem noch zu einem Telefon, via das HLB, der zwischen der Telefon-Line direkt verbindet. Oder geht es durch das HLB zu dem Modem, zu der Linie? Ein weiteres Problem mit den Elektronik-Designern ist, dass die Leute versuchen, die Analog-Signal-Signal in die digitalen Telefon-Signale zu verbinden. Das ist eine der größten Formen der Attack gegen Void-Encryption-Devices. Wenn man die Analog-Signal-Signal-Signal in die Telefon-Signal-Signale anschaut, ist das eine Sache, die für die Digitalen-Measuren ist. Aber eine Sache, die auf der Sicherheitslevel ist, ist, dass dieser Device nicht gegen den Bug in deinem Fladern protectiert. Das wird dir nicht helfen. Das Ziel eines solchen Projekts ist nur, um die Telefon-Signal-Signal-Signal zu verbinden. Sie werden in dieses NSA-Huva-Eckelon und werden aufgeräumt und analysiert. Das ist der einzige realen Purpose des Projekts. Und wie viel Sicherheit du achieved mit diesem System ist nicht so viel vorhanden? Das ist eine Frage, die du in der Länge des Keys benutzt. Das ist eine Frage des Projekts, die du benutzt, wenn die Telefon-Signal-Signal-Signal sicher ist. Du musst die Telefon-Signal-Signal-Signal verabschieden, aber du musst die Telefon-Signal-Signal verabschieden, dass dein Raum nicht verabschiedet ist. Das ist ein sehr wichtiger Problem. Das andere Problem ist, dass wir die Free Software benutzen. Das Problem ist, dass dieser Software auch auf PC-Signal-Signal-Signal-Signal-Signal-Signal verabschiedet. Du musst nur die low-level Drivers und für Serien- und Audio-Munikationen verabschieden. Und dann kann dieser Software auch auf Linux, Windows oder Macintosh verabschieden. Also musst du nicht die WLAN-Signal-Signal-Signal-Signal-Signal verabschieden, aber das ist nicht unser Punkt. Also vielleicht, wenn die Leute das Projekt liken, finden sie einen Weg, mit anderen Plattformen zu portieren. Das ist nicht unser Punkt. Es ist einiger Problem, Wenn das Device nicht korrekt schildert, dann könnte es eine Möglichkeit sein, dass der Staat der Inklusion-Engine mit Tempesterminationen, d.h. die Minationen, die von der CPU sind, die der HF generiert werden. Also, ein Bildungseptionen-Device ist nicht nur ein schwieriger Problem, um die Elektronik in der CPU zu arbeiten zu können, um die Kompressor zu arbeiten und die Inklusion-Engine zu arbeiten und alles zusammen zu stecken, aber auch in Form eines realen Entschlossens für die Line-Interface, die nicht verbindet. Das ist nicht ein leichtes Problem. Die Real-Data, die durch die Modem- und Digitivform verbindet. Was kann sein, dass die Elektronik verbindet, dass man die Digital-Signal blockiert, von den restlichen Elektronikern, von der Galvanik, also ... Das ist ein Alkohol-Signal. Das ist ein Alkohol-Signal. Das ist ein Alkohol-Signal. Das ist ein Alkohol-Signal. Das ist ein Alkohol-Signal. Das ist ein Alkohol-Signal. Meine D Angst ist immer Gfood, mit Então atoms. Es hataju Hansitzer gesagt, das ist nicht ein effektives Problem. Das istirkulpartangen. Aber ich greife an, nach einer coolen Geräusche mit dem Stot Natalie Er meinte, dass die Gitarre und die andere nicht streichen, dass dieser Kassel durch diese Leitung und dann normalerweise die Rückkehr nach draußen ist. Ja, why not? Der Status ist, dass wir alle die low-levelen Sachen gemacht haben. Das bedeutet, dass wir jetzt am Punkt, wo wir denken, was in der Software sein sollte, wie das Device über die Serial-Line kommuniziert. Und das nächste Punkt, das ist ein paralleles Punkt, ist, um ein finaler Hardware zu bauen. Denn dieser ist nur Beta. Also won't it take nearly a half a year to make it market-ripe? Sollte es eine Kommunikation dass es bereit wäre für den Kongress, aber das Problem ist, dass es bereit ist für den Kongress. Ich habe das nicht zwei oder drei Mal gehört. So, okay, so, wir sehen uns in dem Kongress, was passiert ist. Der Punkt ist, wenn du ein Key-Exchange machst, kannst du Ergammal und Diffy-Helman benutzen, ohne dass du any keys oder any things onto the device. Wenn du als A SmartCard-Interface geben musst, um dein private Key auf die SmartCard zu stellen, und ich rekommendere, dass der jüngste Weg der deutschen Krankenkassenkarte sein wird, weil es über 4K-Memory nach deinem Adress verwendet wird. Insuranz-Karten und so kannst du dein Key auf any card, aber das ist nicht, der Punkt ist, dass du dein public key system choosest. Wenn du es duest, benutzt du Ergammal und Diffy-Helman. Es funktioniert für dich. Aber ich kann dir zeigen, wie es das calculiert, wenn dieser Pilot nicht durch die Serial-Kommunikation stoppt. Das wird jetzt eine neue Weise sein, in der wir ein Diffy-Karten benutzen können. Wir haben die Armourstilung. Wir haben hier die Moden. Was wir hier verbinden können, ist, zum Beispiel, ein PC. Hier, wo wir das tun, können wir jetzt die Managerien des Keys oder was so weiter verändern, mit der Agent D, während es läuft. Wir haben hier ein Software, das noch nicht verwendet ist. Wir können auch die Messages in der Spare planen, wenn es keine Konversation auf der Linie gibt. Sie können auch auf dem Display direkt, das heißt, auf der anderen Seite, dass es nur eine Agent D gibt, um eine Message zu spezifizieren oder so, wie ein Smart-Karten. Ist das nicht ein 1980er-Solution? Wir haben PC oder Verwaltungen. Warum nicht auf dem PC zu sprechen und nur mit IP? Und haben alle die Inklusion von IP-Sankern? Weil der Software-Temper ist? Ich denke, das ist nur eine Option. Man kann es auch als Inkruption für Fax-Systems benutzen, weil man die Modem in der HLB inzwischen hat, mit dem PC zu kommunikieren. Also kann man so eine Art Inkruption machen, oder so. Es kann als Transparen und als Modem auf der PC-Site sehen. Kann man auch ein Palm-Palette oder ein Storage-Device für Key-Stuff machen? Oder kann man auch ein Palm-Palette kommunikieren oder ein Checker-Mail oder so? Das ist die Idee. Der HLB ist auf der anderen Seite auf der rechten Strecke. Also, da gibt es noch eine Art Weg. Wir sehen, dass wir die Formation von PC und das andere Weg in die HLB erhöhen. Das ist unser Telefon. Das ist eine Art Weg. Und das Modem ist nicht verbunden mit der HLB. Es könnte hier sein. Auf der PC kann man eine Idee oder ein Problem machen, die auf der anderen Seite ist. Also kann man auch ein Telefon machen, um die HLB durch die PC mit der Software auf die Modem zu gehen. Das ist ein Wachstum. Ja, bitte add eine Soundcard und dann auch auf der PC. Ja. Auf dieser Weise können wir auch eine PC und ein IP und eine IP-Protest. Das ist der HLB. Das ist eine Art Weg. Und das ist eine Art Highway. Ein Keyboard auf der HLB und ein Internet-Port. Gut gemacht. Ach, war das ein IP-Stack? Ein basices Rohr-Device? Nein, nein, nein. Okay, we were thinking about, at the present time we know two solutions that can handle it. One point is porting Linux to the HLB, which is possible, requires a little more flash RAM, because Linux utilizes about one Mac of flash RAM. And the current RAM configuration is no less than four megabytes. That's crazy. We never ever use four megabytes of RAM, but it's the lowest SD RAM we can get. If you think that IP is a solution for everything, you can port either Linux, but this is just too great. Imagine, you have a whole system, and the software you are running for secure communication is that low, so you have to look if nobody has tempered your Linux implementation with something. You have to check that. As far as the software is as close to the machine and is very small, you can control it. You can see what does the software. The same goes for the solution with using IP through PC to the armors of the box. This is not the normal way of using it, but ... Can you write it back? Not for the ... no, no, no. The other way is real-time executives like Atoms, which comes with an IP-Stack, but I won't recommend it, because you don't need it if two devices are talking together. You only need it if your box is only connected to the Internet. And that gives you more pressure about latency on the Internet, and it's not really good for direct communication. Is that the point? Okay. I think one of the major advantages of this design is that you concentrate all the security onto a very small amount of hardware and software, which you can control very easily. So this is, I think, really the advantage. You can look into the hardware design, see every gate, and you can trace down the software with your debugger and verify that there's nothing wrong going on. So it's just a part, which you can plug into rather complex systems to handle the security, and the device itself is quite independent, and it's rather difficult to modify it from something outside. We paid attention to that. Yeah, yeah, yeah. No, it is not available for commercial use yet, or at least we need to think about this first, under what license it will be possible. So this is an open source project, but no commercial use or not yet. We think about it to get it distributed, as not this problem, but since we are developing it, we want to have a bit of control, like to see how it gets used and where to get it and so on. And we don't want a marketing department that putting pressure on us. And getting around bad designs very early. Yeah, and he's making big money by getting our device working. Not only working, just to manufacture. What we want is, it is free to use. If you build boxes, it's okay, but if you make money with this, I'm talking about selling it more than what you have to pay for manufacturing the box. It's not okay. What we want is to give back something, and of course we have spent a lot of money to get it working and buy an oscilloscope and you will see what it costs. Also, we want to have it distributed. If there's a user for it that somebody wants to use it, he can build it himself or herself. On the other hand, if there's commercial use, there might be somebody who will make a bit of money when selling this and doing service in this. Okay, but on the other hand, we want to have ready-built PCBs with a processor on it, which is not easy to solder on it, but we need to give it to end-users. I think we will discuss that, but first let us finish. These guys are really paranoid about marketing, so let them finish and then we market it. First get ready and then get the sales droid to sell that stuff. Okay, do you want to tell a little bit about randomness? Any questions? Yes, random. You have basically two ways. One way is that you have a shared private secret key with the other user, so you won't have to use any public key system. And if you don't have that, you have to use a public key system, which will come with the box, will be S.A. and Diffie Helman, with respect to Elgamal. So, this is not a problem. There are more problems like man in the middle attacks, where your key can be altered. So, if you are using these key systems, you have to verify that the other side is really the other side. So, you can do that by just transmitting a hash key. So, both sides independently verify the hash and if you start to communicate, you tell the other side the hash key over the secure line. And if it matches, you are on the secure side, because your key is not going to be altered through the hash key. So, this is... I think what hasn't been said here is that the Diffie Helman algorithm is a really cool way to establish a secret, which only two people know, even though they have no prior exchange secrets or exchange public keys or anything. The only thing is that you know that you have done this secure communication with eight parts. But you don't know if it's really the other end or somebody in the middle. So, if you make a short version of that key and read it to the other person, then the other person that knows your voice can then verify that you have the same hash as the other side. So, any man in the middle would then have to intercept, be the man in the middle, arrange for two different keys, because each party could verify that his own randomness was used in that key, would have to intercept both channels and would then have to wait for you to read that hash, have somebody there with your voice or some machine with your voice and then instantly insert the other hash that you're not reading and then have the conversation go back to normal, which is still possible, but it's a drag. And it's not something they can afford or easily do for millions of communications at all at the same time. So in an automated way of man in the middle attack on modern, on serial data conversation it might be possible to do a man in the middle attack but the human interface was voiced as well. But it is a form of biometric authentication because it uses the voice. But you can also do things like let your private key sign and look if the sign authority matches on the other side. But I won't recommend that because that users, you probably won't have to sign your keys. But that's for if you're doing it always automatically and you don't want to read any hash keys. Can you use the microphone please? Oh, thank you. So if the other person has the access to the hash key then why wouldn't he or she have access to you reading the real key? Pardon? The other person does not have access to the key that you've transmitted to the other party if it was really the other party you're talking to. Two parties can establish a key and establish that their randomness went into it and the randomness of some other party and one only went into it. So they can establish that only you and some party out there know a secret and that the secret is based on what you supply. And then the only thing left is a man in the middle attack but then you wouldn't have the same secrets on each hop because you can verify that your randomness is used and only one other, the other party can verify that his or her randomness is used so the man in the middle would have to establish two different secrets to each end and you could verify that you have different secrets by just reading them or a hash of them. Okay. Okay, there's another option if you're working with people you know. You can share a key by giving it to them. So this is really quite secure. You can basically use your Krankenkassekarte, the card if you're old here in Germany, it has some kilobytes, we talked about it already and fill it up with random data and use it as a one-time pet. So then there are no real key exchange problems but you have to meet the people before. This is one of the reasons... That's not a key exchange problem? No, that's a different key exchange problem. This is one of the reasons why our device has the ability to use hardware random. We've built a prototype of a hardware random generator here. So basically it's just a zina deuda making some white noise which we digitize and make some numbers out of it. You don't have to do that. You need some random data for public key stuff too. So this is a user option I think but in my opinion it makes sense. How can it be a user option if the device does Diffie Hellman? The device is not going to do Diffie Hellman if it doesn't have any randomness. There are other sources of randomness you could use. However, they are not really that good. So it shouldn't be a user option? It's a cost problem mostly because tuning a hardware random device in a production line is not that easy and you need to shield it so that you have also an age of interference Yes, you can swamp it. Yes, you can swamp it. So usually the randomness is generated like in Diff random under Linux but even Diff random is not really really random. And you don't know who owns your Linux? Yes. They could just make a sim link Diff random to Diff no? Yeah, but you need random for the communication with Diffie Hellman because you have to choose an own random and if this could be tempered for your communication. So the box should, in my mind, if it's a voice encryption box it should include the random hardware and forget about all the chip cards and second serial ports and all that because that's what I want. I want a voice encryption box that I can give to people which they can understand. No Kankenkasse cards, no PC interfaces. Just something where they read the six digits or eight digits and they know it's secure in the green and the red line. No, we have to customize that for you. Forget about the chip cards and insert the random generator because that's what people need. So if we are talking about random we have regular ways to get a random key like we measure as a key print as a duration and delay on two random key prints directly to the device. This is a regular way we get it and we can calculate from this on the other side if you're really paranoid to get spied on this we have a pin on the CPU to support a hardware serial hardware random input. You can build a device you can get a PCB for it or whatsoever. Even if it gets compromised if it is able to measure if it is not working at all for example it will get verified by the device like statistics if there's enough yes and no to get a real random or something like it if not it will not accept it from this pin but this is also the device will get bigger just for the random which is just a very small bit in relation to the key presses for example to get this random random hardware is like well but I think it's a good point our device should be very simple we started by thinking we would have just a box a blue line and a big red button that should be all that was what we started with stick with that you can it only needs 8 digits as you see the WP1 device it says it's key over the LCD display we think that we probably won't need an LCD display because we can read you over the line interface and say your key is and then you can communicate so perhaps you can some parts of the telephone are just optional but this is let's call it this would be an STK and we will see what the really needs of the users are and probably then come us to customize the things that the people need I'd like to point out that we have a very nice user interface by using a standard telephone and we are not able to do that now but I think we might do that in the future to decode the DTMF tone so you will not need a display as I said before and you don't need a keypad you just have the phone line as the user interface but let's just software there was a question yeah the biggest issue in manufacturing just this device will be making the PCB so giving you away I think a two layer PCB on Eurocard which is 10 cm to 16 cm I think the size won't ring it will cost about 500 Deutschmarks at the to manufacture one single box if the hardest part the cost intensive is the PCB the PCB and this costs about the half of this board what's on the board so you can go down to perhaps 300 Deutschmarks but then you have to to make 10 boxes also a single box will cost you 500 Deutschmarks I think there will be a lot of do-it-yourself kit available that has the nasty part soldered on there 2 chips on it 3 chips on it now that are really nasty soldered by hand because the pins are very near and so I also think that we will find a way to sell this hardware in a politically correct way and in a way that the people who developed it get the benefit from it expect to have it below the 500 Deutschmark range which I think is a very good price for a voice encryption device in comparison to 2500 which is the nearest competition from Siemens or Deutsche Telekom for one device but they are utilizing only ISDN these devices only utilizing ISDN at least they have a backdoor at least they have a backdoor the interesting part you don't have the sauce you can't look on it the interesting part the interesting part about this I should say something about commercial stuff, yes that is necessary in Germany there are currently 2 Main brands of One is made by Siemens and another one is made by Deutsche Telekom. They manufacture them by themselves, but marketing it. It's on their own, not invented by a company. It's branded Deutsche Telekom and as far as I can say the Tesla Sec.. Are they using the Tesla Sec Infrastructure, which is a chip cart system that has an RSA Co-Prozessor an es, und sie benutzen das RSA Co-Prozessor, um die Sessionkey zu generieren und das Stoff und das Secret Key safely in dieser Karte zu haben. Das Problem mit diesem System ist, dass jetzt du deine Karte mit deinem Secret Key von Dr. Telekom, der natürlich nicht nur den Secret Key zu haben, aber auch das ist ein Projekt, das jetzt nicht mehr so gut wie es ist, um diese Karte zu emulieren, damit du einfach ein Sessionbox von Dr. Telekom kaufen kannst und ein Mikroprozessor, ein Smart-Kart, und es könnte ein bisschen schneller sein als die genannte Phase, aber das ist kein reales Problem. Der einzige Problem ist, dass es 2.000 Deutschmarks kostet und du bist noch nicht ablehnt zu sagen, ob sie einen Klietext oder die Karte in den Psypha Text sind, weil der Hardware-Resign ist. Die meisten der Leute, die mit diesem System konzert sind, denken, dass der Hardware-Resign sich sicher ist, aber der Backdoor ist, dass sie das Secret Key stört, aber du nicht mehr das ist. Das ist eine Option, die in einem oder zwei Monaten, die du zu einem genannten Purpose Smart-Kart-Wendler, wie für einen Sight-Kontrollverband, und das ist normalerweise für einen genannten Purpose Smart-Kart-Prozessor, ein Lodepen und ein Software von der Internet und ein Story-Own-Secret Key. Aber das ist eine Expansive Option, so dass 2.000 Deutschmarks für einen Sight ist, ist nicht sehr schief. Der original Siemens-Kryptophone-Stuff ist auch mehr Expansiv und ist auch mehr unsequere, weil sie nicht nur das same Ding haben, dass sie dir die Karte als Secret Key geben, aber auch die Rumors, dass auf diesem System Audio-Clear-Text-Leakt auf der Linie liegt, so dass das nicht eine reale Option ist, wenn du eine Sicherheit hast. Ich war unfassbar nicht ablehnt, diese 2 Telekom-Boxen zu bekommen. Ich habe sie sehr intensiv gefragt, um mir 2 von ihnen zu geben, dass wir sie in der Riehenden-Intent teilnehmen können, aber sie haben nur 5 oder 6, und sie wollen mir nicht mehr 1,3 von ihren Hosten geben. Kein großen Marketing. Sie starten diese Boxen am 1. September aktiv. Es gab nur einen kleinen Test. Es gab nur den Komfort und die City-Magazin, die letzte Woche, glaube ich. Auf diesem Test habe ich versucht, diese Boxen zu bekommen, aber es war nicht möglich, zumindest nicht für mich und für dieses Camp. Ich glaube, wir haben sie im Kongress, und ich glaube, wir haben den Mann, der die Boxen auf dem Kongress entwickelt hat, sodass er es proved hat, dass er keine Backdose gibt. Ich habe ihm eine E-Mail gesagt, er würde interessiert sein, und ich habe ihm eine E-Mail gesagt, wir wollen, dass du die Social-School-Listung von deinem Telefon auf der Stelle hast, die alle kleine Langen, die da sind, und ich habe noch keine Antwort. Okay. Der andere Marketing war die Telefon-Systeme, die rund sind. Der eine ist der STU-3-Unit, der kommersial und NSA-sponsored Segurtelefon-Unit, das ist ein US-Gewerter. Diese Boxen haben einen NSA-Backdoor, weil NSA natürlich möchte, dass sie eine Telefonkonversation haben für die Mitarbeiter der US-Gewerter, und es gibt ein paar Telefon-Inkriptionen, Dürfen, ich glaube, ich sollte die Inkription nennen, denn was sie einfach tun, ist eine Analog-Inkription, das heißt, die Voiceband auf die Frequenzen-Splotten, und dann auf die Frequenzen flippen, so dass man das dann wiederholt. Und dann... ...just scrambling. Ja, und sie machen es auch in der Time-Splot-Systeme. Das ist sehr ähnlich, wie hier bei der Polizer-Radio. Das ist ein sehr kurzer System. Es gibt auch die Voice-Inkription-Systeme, die solche Technologien aus der Telefon-Systeme benutzen. Sie sind meistens bei den Spice-Shops. Sie haben die Inkription-Systeme, aber nicht mit Spice-Shops, weil sie von den Seventies eine neue Technologie haben, für mehrere Tausende Deutsche. Das ist keine reale Option. Man muss sich immer auf die Sicherheits- und derzeit, was man braucht. Wenn man nur eine technische Sicherung braucht, über ein private Investigator, ist es okay, ein Unit von Deutsche Telefon-Inkription zu nutzen. Wenn man etwas, was die realen Leute hinter sich machen, weil man etwas sehr interessantes machen kann, dann ist es vielleicht nicht gut, zu benutzen, etwas von einem Unternehmen, das meistens von der Regierung verabschiedet ist, wie Siemens. Aber sonst, wenn man so etwas interessantes macht, soll man nicht die Telefon-Inkription benutzen. Okay. Was ist mit Krypto, Agi? Ja, Krypto, Agi ist ein Insider-Joke. Krypto, Agi ist ein Unternehmen von Switzerland, das nur in Switzerland ist, aber es ist meistens von der Bundesrepublik Deutschland. Und durch eine Haltung, die von Lawyers ist, und diese Lawyers sind auch Lawyers der Swiss-Siemens-Korporation. Sie haben mehrere Läden von der Obfuscation in der Bundesrepublik Deutschland. Das Unternehmen war von Bruno Haagelin, einer der Krypto-Gurus, vor und nach der 2. Weltkrieg. Er hat auch viele Stoffe und enigma-like Systeme gemacht. Und das Unternehmen war nach der Wahl, ich glaube, wenn Bruno Haagelin in Amerika war, bei der NSA, oder das war nicht die NSA, sondern das war oft für eine Einrichtung, ich glaube. Und sie haben concluded, dass Krypto, Agi die NSA hat, die Keys zu brechen. Und die Läden-Assistenz von Krypto, Agi haben die Keys in der Krypto-Texte und das ermöglicht die USA und mehrere andere Secret-Ingenie um alle Kommunikation zu reden, z.B. von Libya, von verschiedenen Asianen Ländern. Es gibt viele 3. Weltkirchen, die Krypto-Agis-Stoffe oder Hefius-Krypto-Agis-Stoffe haben, bis das Problem publizierte. Sie waren nicht mühsig. Sie waren wirklich nicht mühsig. Das war wirklich lustig. 2 Jahre, 3 Jahre, wir hatten einen großen Boot auf der CBIT, das ist der größte IT-Fair hier in Deutschland. Das ist der größte Computer-Fair in der Welt. Und sie hatten einen großen Boot da, mit viel und hohe Speed-Liner-Kryptos, viele Leute da. Und ich kam da und begann, Fragen zu stellen. Und dann, nachdem ich zu mehr interessierten Fragen kam, haben sie mir Krypto, Agi, Issue, Toblerone, die Swedish, viele von ihnen hier. Und hier haben wir ein paar andere Sachen. Sie haben mir eine Hool-Plastik-Bag voll von Krypto, Agi, Merchandising. Das war wirklich lustig. Ich habe es gesagt, es waren viele andere Leute, und sie haben auch viel zu tun. Und das nächste Jahr hat die Hool-Fair in den letzten Jahren verabschiedet. Es wurde öffentlich, weil eine Technik von Krypto, Agi, in Iran war. Es war in Irak, ich weiß nicht, ich habe nur zwei Länder verabschiedet. Und sie, weil eine Suspension, die Krypto, Agi, hat, das ist der ja, der die Hool-Fair verabschiedet hat, und hat, das ist der, der die Hool-Fair verabschiedet hat, und hat einen Kryptoenhanz, GSM-Telefon, und das andere war eine 44 Megabit DS-Linus-Krypto für ATM. Und nur eine Person ist da im Boot. Sie haben kein Merchandising-Material, selbst wenn ich starte, fragte ich Fragen zurück. Sie waren komplett ignoriert. Ich glaube, sie sind praktisch aus dem Geschäft, weil sie alles in Kryptografie trauen. Ich habe es vorhin gespürt, weil ich fragte, was die Algorithmen und die Key-Lengthen sind. Und sie haben einige sehr leichte Dinge auf ihren Pages, wie lange die Key-Lengthen sind. Und wenn du fragst, was Algorithmen sie sind, dann sagst du, okay, für dich ist es so wichtig, dass wir für dich einen speziellen Algorithmen designen. Und dann fragte ich den Mann, du weißt, was du talked about, du weißt, was die Kryptografie ist, und du weißt, wie die Kryptografie funktioniert und wie die Algorithmen verwendet sind. Ja, wir haben viele Kryptografie-Experts, und wir sind customdesigniert für alle, die uns ein paar Devices von uns verwendet haben, und vor allem die Algorithmen, die wir verwendet haben. Das ist wirklich, wirklich, wirklich knackig, was sie da sind. Ich glaube, sie sind aus dem Geschäft, und es gibt einige Israeli-Kompagnen, die auch Kryptografie verwendet haben, aber sie werden nicht mehr vertraut, wenn sie Israeli-Heite-Kompagnen verwendet haben. Und dann kannst du sie verwendet haben, weil Israel ist ein sehr kleiner Land, und jeder, der da immer smart ist, ist in Kontakt mit der Sicherheitsentwicklung. Und besonders die Heite-Kompagnen sind unter heavy Influenzen von der Sicherheits-Agenz. Sie können sicherlich besser die Heite-Kompagnen als die Israeli-Kompagnen verwendet haben. Wir können alles von größeren Kompagnen, wie Krypto-Compagnen, hier in Germany, in Aachen, mehr als die Höchst-Kryptostaffel, nicht ein Single-Line-Pots-Interface-Krypto-Telefon, aber auch, wenn du einen T1 oder eine Megabit-Line hast, oder so. Sorry, ich habe das nicht. Okay. Und vielleicht haben wir 2 Locations von deinem Unternehmen, und haben einen VPN, um diese Location sicherlich zu konzentrieren. Man kann das von ihnen kaufen. Aber was mir ein bisschen gespürt ist, ist, dass die Krypto-Compagnen in den Süden afrikanischen Händen die former sehr aktiven Armsträdten und viele andere gespürteste Aktivitäten sind. Es ist besser, die Krypto-Compagnen zu bauen und zu sehen, dass die Krypto-Compagnen ein bisschen gespürt sind. Ja, ich weiß. Es gibt keine Soldaten, sondern die Süden-Afrikanischen Händen haben jetzt 8% oder so. 10% auf der neuen Wälder. Aber ich bin noch gespürt, weil ... Ich weiß nicht, wer die Krypto-Compagnen hat, weil ich nicht denke, dass es alle Jungen sind. Der Jungen. Ja? Ah, okay. Okay. Das habe ich gesagt, dass wir in der US-Import-Version versuchen, die in bestimmten Wäldern die Key-Langs zu benutzen. Also, die US-Präsidenten, wenn sie es wirklich als ein Compiler-Definien nutzen, werden keine Probleme mehr exportieren. Okay, also, um 512 und 40-Bitzen ist das genug. Wir haben auch eine Version, die nicht die Krypto-Compagnen machen, sondern nur die Voice-Over-Modem. Aber ja, das wird eine Option. Das ist eine Option für die französischen Menschen. Nein. Einfach, um eine bessere Telefonlinie zu bekommen, um die Voice-Over-Modem zu benutzen. Hast du eine Idee, um die hohe Kompressionsalgorithmen zu machen, wie die Linie-Predictive-Kodings? Ja, wir haben das verified. Und ich muss sagen, dass dieser CPU kein Flottingpunkt hat. Also, alle diese Implementationen haben wir gesehen, dass sie mit einem besserer Kodeck einen mostly Flottingpunkt haben. Also, sie sind so intensiv in den Calculationen, dass es nicht, es wirklich nicht auf diesen Hardware zu fahren. Wir haben ein paar Experimente mit Freelie sprechen. Ja, du meinst, der LPC-10-Kodeck, ja. Und wir haben völlig ein verständliches Gespräch, obwohl die Biometrics schwierig sind, es wäre schwer, um hier zu verstehen, ob es wirklich derjenige war, aber der Gespräch war noch gut genug, 2400 BPS, d.h. das war für 8, 24 war schlecht. Ja, es war noch auf einem GSM-Data-Stream, in dem man die Version des Harmlessons haben, die dann eine Infrared-LED haben, die dann einfach auf deinem GSM-Telefon zu sprechen. Wenn du, der Punkt ist, wenn du das Kodeck auf Integer-only-Hardware redesignierst und das reimplementierst, um diese, was sie tun, du kannst diese Kodecks, die bei Integer, wie LPC10, von Firmen, die Kodecks für DSPs und meistens um 100$ per License Nein, LPC10 ist kein ITU-Standard und es war für die Militärsysteme in den USA, ich glaube, es ist ein DOD-Standard und die Referenzimplementation ist noch ein Flottingpunkt, die ITU Referenzimplementation ist ein Flottingpunkt, du bist nicht allowed zu benutzen, in any way und sie werden dich retten und du musst das reimplementieren und es wahrscheinlich deinem Geist weil dieser Kodeck ist, wow, es ist ein Kodeck es ist ein lausig GSM-Standard und du musst ja zu viel um das zu bekommen LPC10 war als DOD-Kontrakt zu haben eine secure 2-Way-Radio-Kommunikation für die Armee in den Field über eine sehr kleine Bande also sie sind auf Radios wirklich 2.4 Kilo Bande auf shortwave Radios um eine secure Kommunikation da und so dieser Kodeck ist fantastisch, aber ein bisschen nöstig wir sehen, wie es mit der 120 MHz Version funktioniert vielleicht wird es, aber ich kann es nicht sagen wir könnten unser Hardware auf einen Flottingpunkt upgraden es könnte besser sein ja, vielleicht weil wir nur die SAH3 Version benutzen wenn du eine Dreamcast von Sega die nächste Generation es wahrscheinlich wird es ist stark genug aber der Punkt mit GSM da ist eine Option, wir haben IRDA Infrared Data wir könnten eine DOD-Kommunikation ermitteln und das bekommen und damit könntest du mit deinem GSM-Handy das hat diese Feature 2 und wenn wir die Datenreise reduzieren könntest du dann eine secure Spiegel via GSM ich glaube, dass wir eine faster Bandwurst über GSM dann bist du schon mit diesem Hardware nein, nein, nein vielleicht für E+, aber nicht für die D-Net nein, nein, nein und remember Infrared is light schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert ja, schildert So, come on, who's able to program on PC? The Windows software that actually talks to the box? No, that runs the software on a Windows PC. Because you need the HLB only if you have no PC with Soundcard and enough CPU ready and a modem. You can run the same software on a PC on whatever operating system. Okay, so you're planning a set of interoperable things. You're planning a hardware device, a Windows implementation. Right now, it's a standalone device. But to extend the capabilities, we want Windows software. We will need this and right now our team is just limited to develop as a hardware itself. But we want to extend our team and if there's somebody who's volunteer and is capable of programming on Windows, Windows NT, Linux, whatever. Well, feel free to contact us. Sorry? There's no license. I sue you. It's free? No, you can have the source, but if you build commercial projects with it, it is not allowed. But what if you don't use the source but you want to be interoperable? That's okay. So in other words... I have no problem with that. The protocol is open. Yes, but it's still not designed to take that in mind. It will take care of designing a good protocol. We have the protocol from the VP1 device and perhaps it will be similar to that. But perhaps not, I don't know because we have to keep more in mind not only for using it on analog or ISDN lines, we have to design it for IP networks also not to reinvent the wheel if we ported an IP stack to the box. So somebody is interested in joining our team of building this device and also software, please contact us. We want you. Okay, any more questions? Not much. The company I work for built an ISDN telephone and they cancel the ISDN telephone in the devices column. It's no problem because I'm utilizing the normal GNU multiposition library that can be downloaded from the net everywhere and the code for implementing Diffie Hellmann with this library it will fit onto this because it's very small. You only have to read applied cryptography and then hey, let's do it, just implementing it. It will take you two hours if you use this library. If you have to make your own bignum library then you will have to do more. But can you port libraries from the GNU people to your telephone? That's very difficult. But I found a short C code on the net that's doing Diffie Hellmann in only ten lines. But it's not, I think it was from a C contest because the ten lines are full of information so you have to bring it out into a beautifier but this code is very slow, very slow on a normal machine but it implements everything you need. On my machine ten seconds but this was calculating for Pentium 350 MHz so I really can't recommend that code. Perhaps if you see that which is just pure C and you say hey, that nifty little thing I ported it in Assembler, it will run faster but I can't say that. We also had earlier the idea in relation to ISDN phone to have instead connected a modem on the top line like we can have connected a handy maybe in the future with GSM also to connect or to have an interface to an ISDN telephone which means we will just get the stream of the AD over there and just encrypt the digital data like we use two serial ports right now and give it to the line once again but we skipped that design because there are too much telephones out right now and we will not write as a D-Channel protocol and so on and support it we will not get FCC and so on. This point why we skipped this also external ISDN modems are available so you can do it over ISDN or you can use an A-B-Box which will make an analog line out of your ISDN. If you have a digital already like you have in the ISDN phone design it's easy to add encryption just a question of which level. Encryption itself does not take that much calculating power. What takes the calculating power like how many percent right now from the cut-line part 50 percent und that's the old design 80 megahertz design of the voice to get it over a regular phone line which is using a modem so tunneling voice tunneling encrypted voice Okay, some more questions yes if you press a button to get encrypted or if you get a device which encryption is built in yes of course of course they can detect what kind of encryption you are using because you have to handle that in an open session also well that is always true because otherwise you have to say that this device is always using this and this type of encryption so you have to exchange the type of encryption the bits that are used in an open session so they will probably know about it but probably know okay, it's a waste of time because he is using a 4 kilobit bit key for doing the calculations on the public key system yeah perhaps you can say we won't exchange it automatically and we will set up it manually also well we will have an option like if it is the second conversation we can still have a hash key of the old conversation to know it is the same person we have talked already or the crypto phone but on the other side it is a problem of key exchanging on the first time but this is a general problem which we will have in any encryption software so in PGP if you did not talk if you did not meet a person how do you know what person that is not just on encryption on the phone if you know that person you can just exchange a piece of paper with some first hash keys this is secure this works also on PGP and so on sorry, I didn't get the point can you just take the microphone and try to explain ah, I just say that is it really possible today to commercialize any encryption system without leaving any leaks because I mean now you have you have good I don't doubt you want to do something what Fran told you, it is possible but if they know you are doing it you will make no big income afterwards but to go to commercialize to commercialize something through a lot of steps so during those steps you think you are going to go through without leaving leaks yeah, but the point is if you also on a commercial project later you can use a source and verify that it is the same which is published like you are not just getting the device as a ROM and so on but you can also have the ROM and verify it and refresh it or whatever you want to verify that you have the software available and which is publicly discussed this is an open source project if you want to discuss the encryption it will get discussed you only have to build the hardware the software you can compile on your own and you can verify and you can get it from the person you trust if it is not tampered or verify it yourself next question no questions ok, thank you all