Secure Calling Initiative Reaches Second Milestone
GNU Telephony Secure Calling is intended to make it both possible, and easy, for individuals, private organizations, and public institutions to deploy secure realtime voice and video communications (VoIP) both in closed and openly accessible networks, and to do so in a manner which helps make passive and warrantless communication intercept of private communication a thing of the past. In doing so, we intend to help both national governments and private corporations comply with their obligations to the general public and with national laws in many countries which explicitly forbid such practices. With the introduction of GNU SIP Witch, the GNU Telephony Secure Calling Project has entered it's second phase.
SIP (Session Initiation Protocol) is an IETF standard protocol for interconnecting communication devices and applications over IP networks. RTP is a protocol for exchanging realtime voice and video over IP networks. Many VoIP (Voice over Internet Protocol) systems in use today make use of these protocols, but in a manner that is both invasive to privacy and that compromises fundamental security, even when such systems claim to use encryption. Very often, such systems are explicitly designed to pass all communication, including voice & video, through a central server, where they can be monitored, and are also centrally decrypted. Such systems are often designed around encryption methods that use centralized encryption key management which offer further opportunities for abuse. The GNU Telephony Secure Calling initiative was formed to offer technical solutions that anyone can use and trust, and without these inherent limitations.
The GNU Telephony Secure Calling initiative started in 2006 with the introduction of a GNU GPL licensed version of Phil Zimmermann's ZRTP protocol stack (GNU ZRTP). This stack allows for distributed peer encrypted RTP sessions that use keys locally generated on the fly that can be exchanged directly between the parties using Diffie-Hellman methodologies, thereby removing central control over key management along with the ability to poison centrally issued certificates. This software was licensed as free software and designed to encourage wide adoption and easy embedding into existing VoIP communication software, such as the Twinkle softphone developed by Michel de Boer. Releases of the GNU ZRTP stack are maintained current and interoperable with Phil Zimmermann's drafts of the ZRTP protocol.
With GNU SIP Witch, it now becomes possible to easily organize secure calling networks composed of both secure and generic SIP softphone devices, as well as introduce secure calling as a generic feature for SIP based VoIP business and residential phone systems. When using GNU SIP Witch, media is exchanged directly between remote extensions in a peer-to-peer fashion rather than processed at a central point. As a call server, it is possible through GNU SIP Witch to introduce common and familiar features like ring groups, hunting, call distribution, and call forwarding, while at the same time doing so in a manner that promotes privacy and security in all communications. Using ZRTP assures that all keys are privately generated, and that individually compromised keys do not compromise the entire network. With no central point for media to pass through and no central certificate authority, it is not possible to passively intercept or decrypt arbitrary secure communication sessions.
The use of a complete free software stack for secure calling was chosen explicitly to facilitate wide peer review of all components of such a system and thereby to promote best security practices as consistent with â€œKerchkhoffs' Principleâ€. The third and final phase of this project includes the introduction of anonymous "Internet voice/video relay" and conferencing services (IRV) to facilitate intercept-free realtime anonymous communication and collaboration anywhere in the world.
For further information:
* Secure Calling Initiative
About GNU Telephony:
This topic does not have any threads posted yet!
You cannot post until you login.