Secure Voice Communications While Travelling? 85
captnitro asks: "My father works for the US Dept of Commerce in the Eastern Bloc. His hotel room phones are routinely bugged -- a few (former) coworkers have had their stays 'shortened' and politely asked to leave the country, when they said dumb things over the phone. A few days ago he asked me what I use for secure voice when I don't have broadband. Remembering PGPfone from a while back, I looked up the link, but apparently they're no longer supporting/distributing it. While I wouldn't recommend he say much of anything in a bugged room, it got me thinking -- what do *you* use for simple, no-nonsense (requiring modem + sound card), low-bandwidth secure voice app? Unix works, and scriptability gets geek points, but I'll take what I can get."
solution (Score:3, Funny)
Within a cone of silence
Talk very loudly
NCT (Score:5, Funny)
Re:NCT (Score:2)
Man I'm naieve (Score:4, Funny)
Can somebody explain to me the dynamics involved here? I've been sent to my room before for telling everybody at the dinner table that my mom had to buy larger underwear after gaining some weight, but I've never been told to leave the country...
Re:Man I'm naieve (Score:3, Funny)
If the phones are bugged (Score:1, Informative)
Maybe speaking in a special way interchanging important words and phrases for nonsensical words and phrases or using voice inflections or a predetermined voice signals could help bypass that. We could call this a "code"...
asterisk or gnuphone (Score:3, Interesting)
You could use gnuphone with a SSH or other VPN tunnel, or even a full blown asterisk [asterisk.org] point and use encrypted IAX transfers. Any old SIP phone would work too.
All of these are IP solutions. Any decent pair of phone encoders (where you encrypt and decrypt the audio stream) would be a lower-tech solution that might work better.
Analog Hole (Score:5, Insightful)
So given that you want to be secure, you *really* have to rule out speach.
So try IM.
Re:Analog Hole (Score:1)
Apparently bouncing a laser off a window doesn't work well in practice- the vibrations are too small and any wind gives bigger deflections than the persons voice does.
Re:Analog Hole (Score:1)
Re:Analog Hole (Score:1)
Re:Analog Hole (Score:2)
IM would be great for this situation, but when if you want a "peer to peer" solution it just doesn't hold up. Assume there are two road warriors out there that need to communicate securely. Their best option really is the phone system. You could do an old-school modem to modem link that used encryption to filter the communications but the problem with this is that it's hard to verify that the person on the other end re
Re:Analog Hole (Score:2)
Perhaps you could use normal unsecured teliphone for authentication:
You: Hi Bob! How's it going?
BOB: Fine, how's the weather there in Vienna?
You: Fine. Say, who was it that had the lampshade on their head at the company party?
Bob: Sally.
You: OK bob, see out on IM.
Then you could use cheap IM technology, like a Palm Device that has TopGun SSH over a cell connection to the internet.
bad idea (Score:5, Informative)
hehe (Score:3, Funny)
Gung'f tbbq. Yrg'f xvpx fbzr ovt-oebgure nff naq fhccbeg frangbe Trbetr'f vqrn gb oblpbgg nyy pbzzhavfg angvbaf.
Bu fuvg! Gurl'er ng zl qbbbe! Qnzavg, jrer lbh frevbhf jura lbh fnvq guvf jnf yrtny
dood, it's soooo simple! (Score:2)
Home Brew One Time Pad (Score:2)
If obvious crypto voice links are simultaneously needed and illegal, you're between a rock and a hard place.
Rehearse beforehand with a few phrases, much like what the BBC used to broadcast to undercover groups in occupied Europe during WW2.
"Mr Green likes to eat bananas near the pharmacy."
Translation: "They're stalling."
"My socks were laundered yesterday."
Translation: "I think they're willing to settle for a contract in the projected amount."
Etc.
You won't have the full flexibility that you'd like, b
Tricky, may need tempest shielding (Score:3, Insightful)
It all depends on how secure he really needs to be though; in theory they can tap his laptop keyboard remotely, and/or watch his display just by analysing the emitted radio waves. The only solution to that is tempest-level shielding. I do vaguely remember somebody selling a conductive tent that you go inside and it blocks the laptop's emissions.
Of course if he goes the voice route then he has to worry about being physically overheard- it doesn't matter how encrypted his laptop link is then! Similarly if his typing or screen is being videoed; or if somebody subverts his laptop then all bets are off.
Tempest and laptops (Score:3, Informative)
Re:Tempest and laptops (Score:1)
Of course, I could be off my rocker about this one.
Re:Tempest and laptops (Score:3, Informative)
Trouble is, LCDs don't flicker significantly; only CRTs (the persistence of phosphors is really quite tiny.)
Still, the scan circuitry for LCDs can in some cases be electromagnetically sniffed and the picture recovered. More carefully designed circuitry may not have this problem though.
Re:Tempest and laptops (Score:2)
Re:Tempest and laptops (Score:2)
Re:Tricky, may need tempest shielding (Score:2)
Or he could encrypt the message before he types it into the computer, perhaps using a deck of cards and solitaire [counterpane.com], though that's a bit slow, but at least he wouldn't have to have encryption software on his laptop. Obfuscating the encrypted text might be tough though.
Re:Tricky, may need tempest shielding (Score:2)
i'd think if you're being hosted by a hostile nation, tempest security would be very amusing to them.
"That's an awfully nice 50-lb laptop, sir. Did you notice you wer
Thanks, didn't want to type all that (Score:2)
When I heard about it, it was "room sized". I believe they were aiming for briefcase size, and that was a few years back now.
No idea on the range.
Q.
Linphone over SSH? (Score:2, Interesting)
It seems like it should be possible to use Linphone (www.linphone.org) over an ssh tunnel. ssh compression may also help with the bandwidth constraint.
You should read Slashdot more often (Score:3, Funny)
Don't talk (Score:5, Funny)
Re:Don't talk (Score:1)
speakfree (Score:4, Informative)
Or you could just send GPG-encrypted emails..
Sorry, Speakfree scheduled to be End-of-Life'd (Score:2, Informative)
On January 15th, 2004, Speak Freely will be discontinued and removed from this Web site. Existing users may continue to use the program as long as they wish, but no further releases will be forthcoming. For details and the reasons why Speak Freely is being discontinued, please see the full end of life announcement.
Full annoucement at:
http://www.fourmilab.ch/speakfree/eol/
Nothing (Score:5, Funny)
What do I use? Nothing. Either of these are true: 1) the gov't in question can crack any lame, consumer oriented encyrption I use; therefore any security I use just provides me with a false sense of security. Or, 2) the gov't in question can't crack it, and their interests are raised. In this instance, "their interests are raised" means I am dragged down to the police station and my testicles have electrodes taped to them; my screams aren't encrypted, natch.
I would suggest that your father not talk about stupid things on the phone when visiting hostile foreign countries, and when he does so, to not depend on consumer grade security. He may as well use the decoder ring he got with a box of cereal.
Re:Nothing (Score:2)
PGPfone is still available (Score:3, Informative)
Might not work on newer hardware, but it's still available.
Eastern Bloc??? (Score:4, Funny)
To maintain my privacy (Score:2, Funny)
But for the average Commerce Dept. worker, he should record his messages on an mp3 device while walking through a park. Then use steganography to hide the messages inside emails that appear to be spam generated by some common mutating virus with titles like, "Your mortgage is approved", "Prize Award Notification", and "Enlarge y
encryption may not be the answer (Score:3, Insightful)
Be aware of the risk (Score:4, Insightful)
Email may be better. It stands up to cryptanalysis better, and room bugs don't get it. But, it is vulnerable to a lot of new problems: Van Eck emissions, screen flicker, and even a good ol' pair of binoculars across the street.
If you use these, remember that the security of the mechanism is only as good as the security of the computer. If you get 0wnz0r3d, then you're screwed.
Now, consider the idea of "proportional response". Right now, your dad gets phone taps. What do you think will happen if he starts encrypting communication? Sure, a regular phone tap falls apart under almost any sort of encryption. But start using encryption, and they're more likely to put more resources into finding out what you're up to. That's when the things like room bugs and Van Eck attacks come into play.
So, you have to figure out: how much of a risk does your dad represent to them? How much are they willing to spend to monitor his communications? That's the first step to deciding what appropriate encryption would be.
Isn't the government good at that sort of thing??? (Score:3, Insightful)
He's a government employee; I'd expect that if they wanted his communications to be secure, they would be. I'm sure they have all kinds of nifty toys that are provided to those they think need them.
If it really is bugged... (Score:2)
In the first case, try any of the suggestions listed in previous comments to make him feel better.
In the second case, he simply shouldn't talk about anything that is considered sens
Secure Langague (Score:2)
Rus
location, location, location? (Score:1)
whoever monitors this will feal like a moron (Score:1, Interesting)
Yelling plant the bomb o
EQ (Score:2)
Given how determined the 1337 crew is about getting their phat lewtz and how determined Sony is about not having that happen, four years in the making has made EQ a pretty secure communications (typin
NSK 200 - Secure GSM/DECT phone (Score:4, Insightful)
If you really want to get secure you should take a look at the NSK 200 [kdefence.com], a GSM/DECT-phone which is approved for NATO Secret. I don't know if it is available for everyone though.
Re:NSK 200 - Secure GSM/DECT phone (Score:2)
Re:NSK 200 - Secure GSM/DECT phone (Score:3, Insightful)
From the bottom:
Confidential - Not a very big deal - getting cleared for confidential stuff is fairly easy. A lot of times, it's used for things like - a plant works on secret/TS stuff in parts of the plant. Your the employee of a subcontractor who is working on something non classified. If you visit, and you don't have a clearence, you will have to be escorted EVERYWHERE - including the rest room, even if you stay in the "Open" part of the plant (aka, not secret stuff i
Re:NSK 200 - Secure GSM/DECT phone (Score:2)
To quote a us-military site:
TOP SECRET: Applied to information or material the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security.
In addition to the above, some classified information is so sensitive that even the extra protection measures applied to Top Secret information are not sufficient. This information is known as "Sensitive Compartmented Information" (
Re:NSK 200 - Secure GSM/DECT phone (Score:3, Interesting)
NATO Secret != Secret (or at least I think so).
Nato levels are: NATO Restricted, NATO Confidential, NATO Secret and Cosmic Top Secret.
To know stuff like missile and radar performance data etc you usually need NATO Secret.
Zaurus, IPSEC and tkcPhone? (Score:2)
Or some such?
Tunneled through ssh?
Sharp Zaurus [zaurus.com]
tkcPhone [thekompany.com]
IPSECon Sharp Zaurus [liebchen-online.de]
I would imagine that you could get a SIP phone to compile for the Zaurus or some one that uses another VOIP protocl. As someone above suggested, connect it through an Asterisk [asterisk.org] server. I've got a test one setup myself on an old PIII 500 w/ 256 MB RAM, a nic and a sound card working with software based SIP phones. Then, if you are near someplace with Ethernet, wireless access or have a phoneline handy, you can connect out.
Goo
IAD (Score:1, Insightful)
If you just use some random program recommended by random slashdotters you don't know how secure it really is. Even if the crypt is good there are other things to worry about (e.g. EM emissions, your laptop getting hacked).
Cell Phone (Score:2)
Buy a prepaid cell phone at a store. If you talking about low level class stuff you should be fine. It is much harder to track the cellphone and then tap into it. If your attacker has the hardware to do that, you should worry about other things then.
If you travel a lot you can look into getting a sat phone. Remeber that they work best outdoors, so that will not help much unless you have a seperate antenna unit.
Eastern Bloc??? (Score:1)
Pardon me? This is 2003. There hasn't been an "Eastern Bloc" for well over a decade. That's like saying your father works in the USSR, or in Yugoslavia.
Some Options (Score:2, Funny)
2 - Quenya Syndarin and stuff
3 - Parseltongue
4 - Windtalker
Or just talk like Sean Penn in I AM SAM. Anyone listening to the conversation will die before he finishes the phrase
Esperanto (Score:1)
Re:Esperanto (Score:2)
Skype! (Score:1)
Encryption could get him arrested, talk in code (Score:1)
An encrypted communication could look suspicious or be made to look suspicious. Have him use a series of code phrases agreed to in advance with the other party to send coded messages in the clear.
If he really needs to have privacy, arent there embassy resources he could use?
Iridium satfones? (Score:2)
The product is an "Iridium Secure Module". Read about it here: http://www.disa.mil/ca/buyguide/cont [disa.mil]
US Embassy (Score:2)
Re:US Embassy (Score:2)
Use encrypted Fax (Score:1)
ATA-186 + laptop (Score:2)
This may not be the best answer given the criteria in the article, but when I have this need I use a $5 phone (which I bought at a drugstore on the way to the airport one time) plugged into a Cisco ATA-186 box that is in turn connected to a Linux laptop running Asterisk [asteriskpbx.org]. The laptop connects using IAX-over-SSH to a server back here in Washington that in turn connects to the office phone system. From there the calls get routed to local extensions, out to POTS, or to other Asterisk systems, as required.
In ad
Um, nyet... (Score:2)
Re:Um, nyet... (Score:2)
When, in 1995? I'm not aware of any countries at this time with such limited bandwidth.
Also keep in mind that the State Dept IT infrastructure is horribly backward and is no barometer of anything except for how little funding Helms let slip throu
Re:Um, nyet... (Score:2)
Dips can put up what they want, but most didn't have bandwidth to do so. The only ones that impressed me were the Worldbank who had oodles of bandwidth to spar
I was in the Eastern Bloc for a while.... (Score:2)
It depends upon the country. Some are advanced, some are advanced but with little money and some are stone-age.
If the target group is small, expect more surveillance because they have the time available. For example in one of the 'stans, you can assume that your telephone is bugged and if it is known to belong to a foreigner, then you are probably right. Foreigners tend to get better lines to make interception
RTFM (Score:1)
Along the lines of speaking in Esperanto, the universally-ignored language, but easier to implement:
speak in Technical Manual. I speak this language and find that it is TRULY universally ignored. Even my Esperanto-loving friend frequently ignores it. For example:
Commerce 1: Please follow these directions. Please do not begin parsing my meaning until you have finished following these directions.
Secure phones (Score:2)
Global Teck [global-teck.com] has some stuff.