I said open source for the baseband was a must for security.
I did not say that was all that needs doing :-)
There is no easy way to be certain that the silicon is secure. You would have to have faith in a chip fab and also all the designers.
What can be done quickly is to create blu tooth enabled snap-on hard cases for the most common smartphones. Inside this case would be an ARM processor, a microphone and two speakers.
The ARM processor inside the case would encrypt/decrypt audio to/from the phone using perfect forward secrecy public key protocols.
The case would cover the front facing camera of the phone and the 2nd speaker in the case would be directly above the mic of the smart phone so it can emit white noise audio to ensure that mic is useless for snooping.
Secure calls could only be made to similarly equipped phones. Call audio would suffer slightly.
This would give secure audio but would not protect against metadata collection.
This device would cost less than 20 dollars to manufacture in quantity.
It is possible to have faith in a common blu tooth chip and a simple ARM processor. Plus, there would be no way possible to tamper with the firmware remotely. To compromise the security of the device would require physical interdiction.
This is how you create secure data transfer across an untrusted link.
I’m an embedded systems guy, such a device would be very easy to construct using COTS devices.... I’d say not more than 200 man hours for the hardware and firmware.
The NSA would not like such devices.
You wrote:”I said open source for the baseband was a must for security.
I did not say that was all that needs doing :-)
There is no easy way to be certain that the silicon is secure. You would have to have faith in a chip fab and also all the designers.
What can be done quickly is to create blu tooth enabled snap-on hard cases for the most common smartphones. Inside this case would be an ARM processor, a microphone and two speakers.
The ARM processor inside the case would encrypt/decrypt audio to/from the phone using perfect forward secrecy public key protocols.
The case would cover the front facing camera of the phone and the 2nd speaker in the case would be directly above the mic of the smart phone so it can emit white noise audio to ensure that mic is useless for snooping.
Secure calls could only be made to similarly equipped phones. Call audio would suffer slightly.
This would give secure audio but would not protect against metadata collection.
This device would cost less than 20 dollars to manufacture in quantity.
It is possible to have faith in a common blu tooth chip and a simple ARM processor. Plus, there would be no way possible to tamper with the firmware remotely. To compromise the security of the device would require physical interdiction.
This is how you create secure data transfer across an untrusted link.
I’m an embedded systems guy, such a device would be very easy to construct using COTS devices.... I’d say not more than 200 man hours for the hardware and firmware.
The NSA would not like such devices.”
I ask:
Please form a start-up and market such a device for my Android Tablet. A similar device for a desktop server would also be appreciated. I understand the theory but do not have the technical skill to create such a device.