Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Phone Taps Just Got Impossible
strategypage.com ^ | 4/12/06 | James Dunnigan

Posted on 04/12/2006 12:45:55 PM PDT by teddyruxpin

INTELLIGENCE OPERATIONS: Phone Taps Just Got Impossible

April 12, 2006: Eavesdropping on phone calls just got a lot harder. Phil Zimmermann, the guy who invented PGP encryption for Internet mail, has developed a similar product, Zfone, for VOIP (telephone calls over the Internet). Zfone, like PGP, is free and easy to use. PGP drove intelligence agencies nuts, because it gave criminals and terrorists access to industrial grade cryptography. PGP doesn't stop the police or intel people from reading encrypted email, but it does slow them down. Zfone, however, uses stronger encryption. This means more delays, perhaps fatal delays, in finding out what the bad guys are saying. There's no immediate solution for this problem, unless Phil Zimmermann has provided a back door in Zfone for the intel folks. That is unlikely, but at least possible.


TOPICS: News/Current Events; War on Terror
KEYWORDS: counterterrorism; encryption; pgp; voip; wiretaps; zfone
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-99 last
To: Physicist; RadioAstronomer
But the data stream of an ideal digital phone is presumably "economical": most of the traffic is transmitted in real time as the person is speaking, and not when he is silent. If the syllables are relatively self-contained, and the time slices are sufficiently short, then the "cadence" of the bit stream might reflect the cadence of the person's speech.

I wonder: to what extent might a sentence be understandable or recoverable, based on cadence alone? Most likely not everything could be understood: "yes" seems as if it should end up the same as "no" when encrypted, but perhaps not...but how far could it work? Syllable counting at least should be possible. If someone sang the ABC song, that should be detectable (and even distinguishable from "Twinkle, Twinkle, Little Star"). So cadence gives more information than nothing, but how much, if you really pushed it?

Interesting point, but, FWIW, I'm under the impression that encryption systems used by the military make this impossible, by transmitting encrypted data even when there's no data to transmit! There's a technical term for this, maybe RA knows what it is. "Deedling"? Basically, when the DoD doesn't want the Other Guys to get a clue as to what is going on, they go to a mode where the system is constantly sending encrypted data, whether or not there is any real data to be sent. Conversely, when the DoD wants the Other Guys to know whatever it is that we are doing, that we aren't trying to start WWIII, they can either broadcast the in the clear, or use an encryption mode that reveals the message length, though not content. If the message length is short enough, the assumption is even though you can't decypher the message, you CAN conclude they aren't transmitting detailed instruction on the invasion of some country or the launch of a massive nuclear strike.

I guess the point is they anticipated the type of techniques (or something similar) to what you are suggesting; that the cadence, or even length of a message can by used as a clue to aid in decyphering.

Even the old 4/5 number codes (which can still be heard on SW) defeated this approach, by breaking each coded message into packets of fixed length.

Clearly this introduces a certain amount of inefficiency to the coding scheme, which poses problems for real time encryption, but for systems used by Law Enforcement, they defeat the "cadence" approach by simply broadcasting an encrypted signal for the entire time the microphone is keyed. All you hear is a white noise "pshhhhhhhhhhhhhhht" for as long as the mike key is held down, not just during each syllable.

In conclusion, the cadence system is defeatable by using an encryption technique where the length of the encrypted "syllables and pauses" are not directly related to the length of the unencrypted syllables and pauses, or the encrypted syllables and pauses aren't discernable at all.

81 posted on 04/12/2006 8:29:02 PM PDT by longshadow (FReeper #405, entering his ninth year of ignoring nitwits, nutcases, and recycled newbies)
[ Post Reply | Private Reply | To 74 | View Replies]

To: longshadow
All of what you say is true, but perhaps not for commercial VOIP systems. These depend on sending as little information as possible. If customers started using an encryption scheme that maximized the amount of data sent, rather than just rearranging it, the provider will quickly put a stop to it one way or another. They'll either prevent the practice or drop those customers. Bandwidth is money.
82 posted on 04/13/2006 3:42:45 AM PDT by Physicist
[ Post Reply | Private Reply | To 81 | View Replies]

To: Physicist; longshadow

However, if you broke it up into tiny packets with fill bits filling in the blanks and sent the fixed length packets across at a reasonable bit rate, it would mask the phonetics.

Just my two cents. :-)


83 posted on 04/13/2006 6:44:46 AM PDT by RadioAstronomer (Senior member of Darwin Central)
[ Post Reply | Private Reply | To 82 | View Replies]

To: RadioAstronomer; Physicist
However, if you broke it up into tiny packets with fill bits filling in the blanks and sent the fixed length packets across at a reasonable bit rate, it would mask the phonetics.

Exactly; the question is in normal VoIP, does the system send as many packets for five seconds of silence as it sends for five seconds of sound? If the answer is yes, then an encrypted version of the message should "mask" the cadence.

From the stand-point of the VoIP carrier, they don't know what you are sending; all they see is a stream of packets. I'm not sure how they would differentiate between encrypted voice and a chatter-box - if the data rates are the same, there's no difference to the network.

84 posted on 04/13/2006 7:48:46 AM PDT by longshadow (FReeper #405, entering his ninth year of ignoring nitwits, nutcases, and recycled newbies)
[ Post Reply | Private Reply | To 83 | View Replies]

To: Physicist
Of course, a quantum computer can factor a big number with only a few operations. It would not surprise me in the least to hear that the NSA has them.

For quantum computers, we're up to, what, 7 qubits now? It would take just over 2048 qubits to crack 1024-bit encryption.

85 posted on 04/14/2006 1:48:34 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 73 | View Replies]

To: Tribune7
Sure, it gives some tools to the enemy who will probably be early adopters,

It also gives tools to dissidents in Iran, N. Korea, China and Saudi Arabia.

Ultimately, it's to our advantage. Effective privacy technologies may make things a bit more difficult for police in civilized societies, but they make the situation impossible for totalitarian regimes. Think of it as a sort of chemotherapy that stresses healthy cells while killing diseased ones.

86 posted on 04/14/2006 2:20:49 PM PDT by steve-b (A desire not to butt into other people's business is eighty percent of all human wisdom)
[ Post Reply | Private Reply | To 15 | View Replies]

To: 4CJ; teddyruxpin
Encryption protects your BANK accounts, credit cards, financial transactions with the Fed, sensitive personal data etc.

That's why repressive regimes can't solve the problem by simply outlawing encryption -- their economies would be cut off from the rest of the world (and economic stagnation is a greater spur to overthrow than abstract ideas about human rights).

87 posted on 04/14/2006 2:25:55 PM PDT by steve-b (A desire not to butt into other people's business is eighty percent of all human wisdom)
[ Post Reply | Private Reply | To 51 | View Replies]

To: dead
On 911, the force that killed the most people in the terrorist attacks was gravity. It's unfortunate that the terrorists have access to gravity, but I don't blame the guy who invented gravity for the deaths.

Don't blame me; I voted for Velcro[tm].

88 posted on 04/14/2006 2:26:47 PM PDT by steve-b (A desire not to butt into other people's business is eighty percent of all human wisdom)
[ Post Reply | Private Reply | To 53 | View Replies]

To: antiRepublicrat
For quantum computers, we're up to, what, 7 qubits now?

That depends what you mean by "we". That's university research, which doesn't necessarily involve the very best people, nor very many people, and doesn't have a lot of funding.

The NSA can spend a gigantic amount of money on something they consider to be important, and quantum computation cuts to the very core of its mission. It could lay the world's secrets absolutely bare.

If they're not spending hundreds of millions to tens of billions of dollars right now to crack this problem as soon as possible, then they aren't doing their jobs. But if they are doing their jobs, "we" won't hear about it until long after the fact.

89 posted on 04/14/2006 2:56:32 PM PDT by Physicist
[ Post Reply | Private Reply | To 85 | View Replies]

To: steve-b
Effective privacy technologies may make things a bit more difficult for police in civilized societies, but they make the situation impossible for totalitarian regimes.

I'm inclined to agree.

90 posted on 04/14/2006 4:38:17 PM PDT by Tribune7
[ Post Reply | Private Reply | To 86 | View Replies]

To: tfecw
I'm still missing the part that makes decryption impossible

Because there is no known way to efficiently factor large integers. A quantum computer could do it efficently, but we're really far away from building one big enough to crack even encryption with a short key that would be considered very weak these days.

91 posted on 04/15/2006 1:40:22 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 21 | View Replies]

To: Physicist
The NSA can spend a gigantic amount of money on something they consider to be important, and quantum computation cuts to the very core of its mission. It could lay the world's secrets absolutely bare.

Until we have feasible quantum cryptography systems, which may well arrive even before large-scale quantum computing ;)

92 posted on 04/15/2006 2:00:01 PM PDT by Senator Bedfellow
[ Post Reply | Private Reply | To 89 | View Replies]

To: teddyruxpin
I have to wonder just how big of a key is a mere 'impediment' rather than an impossibility...

The largest known RSA (public key encryption) that has been broken by throwing massive amounts of comupting power against it is 663 bits. Remember that each bit doubles the amount of computing power to solve it, so breaking the commonly used 1024 bit encryption just in RSA would take that much computing power times about four with 108 zeros after it.

93 posted on 04/15/2006 8:05:08 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 27 | View Replies]

To: teddyruxpin
Yeah, but those are 'side channel attacks,' and you have to have probable cause to get the warrant

They still do that? I thought warrants were so last century.

94 posted on 04/15/2006 8:06:15 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 28 | View Replies]

To: teddyruxpin

Well, this should piss off Ted the swimmer and mortician Harry because it removes one of their favorite bush bashing topics!


95 posted on 04/15/2006 8:08:48 PM PDT by MHGinTN (If you can read this, you've had life support from someone. Promote life support for others.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Senator Bedfellow
Been there, done that. The claim is that the U.S. government does use quantum cryptography in specific circumstances. It's dreadfully inconvenient and inefficient, though, so it will probably never have widespread use among our enemies. The problem is that unlike any trapdoor cipher, which can be applied at any layer, quantum cryptography can only be applied at the physical layer. It's as feasible as it can get, but it can't be made portable, and it can't use public bands or cables.
96 posted on 04/15/2006 8:15:33 PM PDT by Physicist
[ Post Reply | Private Reply | To 92 | View Replies]

To: Physicist
Most likely not everything could be understood: "yes" seems as if it should end up the same as "no" when encrypted, but perhaps not...but how far could it work? Syllable counting at least should be possible.

Congratulations, you just guessed one of the classic ways to break a cipher. But they type of encryption used in ZFone (AES 128/256 -- Rijndael) is immune to attacks like this.

97 posted on 04/15/2006 8:25:10 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 74 | View Replies]

To: longshadow
Exactly; the question is in normal VoIP, does the system send as many packets for five seconds of silence as it sends for five seconds of sound?

There's no such thing as perfect silence at the mouthpiece, and I'm not even sure if the compression algorithm would be able to compress the "silence" more than the voice, especially if the background noise happened to be white noise. White noise is random, and randomness doesn't compress well, plus white noise is commonly piped into sensitive meeting rooms.

98 posted on 04/15/2006 8:32:20 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 84 | View Replies]

To: Physicist
That depends what you mean by "we". That's university research, which doesn't necessarily involve the very best people, nor very many people, and doesn't have a lot of funding.

The science just isn't there yet. It's like saying NASA must have a ship capable of near light speed hidden away somewhere.

OTOH, if you're really paranoid, quantum encryption is here now, provided by the private sector. As long as the equipment is not compromised, I don't believe there is even a theoretical way to intercept the communication.

99 posted on 04/15/2006 8:41:34 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 89 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-99 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson