[guardian-dev] The sound of an encrypted audio stream

Frank Rieger frank at ccc.de
Wed Jul 24 20:08:44 EDT 2013 

2009: http://www.cs.jhu.edu/~cwright/voip-vbr.pdf
2011: http://www.cs.unc.edu/~amw/resources/hooktonfoniks.pdf

And that is just the published stuff. We have ruled out VR codecs 2003 for CryptoPhone after running some simple tests (word length statistics) already. Basing your threat model for any crypto system on "might help today against a script-kiddie" is irresponsible for obvious reasons. VBR does not give a sufficient advantage in telephony to even go near that risk.

Greetings from Berlin,

Frank

---


On 25.07.2013, at 01:28, Lee Azzarello wrote:

> Hello Frank,
> 
> Are you referring to the two papers published through American
> universities on the subject? I'm looking for a way to evaluate the
> development of this science since I don't know of any generic
> utilities that a script kiddie could use to do phrase recovery on a
> SRTP stream.
> 
> From the content of one paper, it sounds like the science is in the
> development process, rather than a solution to bring truth to the
> assertion that "encryption over a VBR codec is broken." If you have
> any conclusive publications on the subject could you share them?
> 
> Thanks,
> Lee
> 
> On Wed, Jul 24, 2013 at 7:18 PM, Frank Rieger <frank at ccc.de> wrote:
>> VBR codecs should under no circumstances be used for encrypted calls. The science for recovering enough structure to gain partial content information is way too well developed to ignore this. This has been a constant point of trouble with ZRTP-solutions and needs to be handled (crudely) at the phone software level or (better) with a patch to the repsective ZRTP library that rejects VBR codecs based on the header information.
>> 
>> Best regards,
>> 
>> Frank Rieger
>> 
>> ---
>> 
>> On 23.07.2013, at 22:47, Lee Azzarello wrote:
>> 
>>> Hello all,
>>> 
>>> There have been some conversations recently on IRC and on the web
>>> about VBR audio codecs and plaintext recovery.
>>> 
>>> It's an interesting conversation and one which will change a lot in
>>> our times. While I was testing some video call clients, I saw a bug
>>> between a custom build of Linphone on Android and a nightly of Jitsi
>>> on OS X where Linphone tried to play back the encrypted audio through
>>> the speaker without first decrypting it.
>>> 
>>> This is what a SRTP audio stream sounds like to a wiretap. The codec
>>> is speex at 16 kHZ, I believe it is VBR but I'm not certain.
>>> 
>>> http://ge.tt/9FG7Tem/v/0?c
>>> 
>>> -lee
>>> _______________________________________________
>>> Guardian-dev mailing list
>>> 
>>> Post: Guardian-dev at lists.mayfirst.org
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>> 
>>> To Unsubscribe
>>>       Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>       Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/frank%40ccc.de
>>> 
>>> You are subscribed as: frank at ccc.de
>>> 
>> 
>> _______________________________________________
>> Guardian-dev mailing list
>> 
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>> 
>> To Unsubscribe
>>        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>        Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info
>> 
>> You are subscribed as: lee at guardianproject.info
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>        Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/frank%40ccc.de
> 
> You are subscribed as: frank at ccc.de
>

More information about the Guardian-dev mailing list