[cryptography] Silent Circle Takes on Phones, Skype, Telecoms

Dominik Schuermann dominik at dominikschuermann.de
Fri Jul 11 18:51:13 EDT 2014

On 07/11/2014 04:23 PM, StealthMonger wrote:
>> While I'm interested in how they're doing that, I'm far more interested
>> in how Ann convinces Bob that she is Ann, and Bob convinces Ann that he
>> is Bob.  We left the OpenPGP/cert building a long time ago, we need more
>> than just 1980s PKI ideas with elegant proofs.
> Note there's a philosophical issue here.  A very good actress could
> convince Bob that she's Ann no matter how high the bandwidth of their
> communication, such as intimate body contact.

Besides getting the timing of your MitM right, attacking ZRTP requires
to mimic _both_ persons' voice. So you need (at best) more than one Eve
that mimic Bob and Alice at the right time by speaking out some words
displayed on the phones. I am leaving out all the details of Hash
Commitments before ZRTP's DH etc, because they are not relevant here.

There is a new somewhat related paper presented here on SOUPS about
mimicing voice:

The next question here is how the implementation handles that
verification. Does the implementation a) ask to cancel the call if
something seems wrong or b) does it prevent you from proceeding by
asking you "is the spoken word equals the displayed and sounds the voice
like Bob?" yes/no.
I don't know of any app that implements b), but I haven't tested
SilentCircle's apps.
I personally think that people will _not_ cancel the application without
being explicitly ask to do so, even when the words do not sound like
being said by your friend Bob.

Conclusively, I think ZRTP is a nice approach, but thinking of your
average Jonny: He will not cancel the conversation just because the
voice sounds strange (only when the verification words were spoken,
maybe the voice quality was just bad...)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 555 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140712/a4d7c6d2/attachment-0001.asc>

More information about the cryptography mailing list