Technologists from the University of Alabama at Birmingham have devised an automated verification model aimed at boosting the security of voice over Internet communication, making the communication method secure from eavesdropping or so-termed “man-in-the-middle” attacks.
The application is intended improving the protection offered to Crypto phones. Crypto phones are mobile telephonic devices intended to provide security against electronic surveillance. Advances in technology mean that any conventional device (a commercial smartphone for example) is easily accessed; moreover it is difficult to determine who is intercepting and recording private communications.
Crypto phones are designed to protect calls from interception by using algorithms to encrypt the signals, via personal computer or web-based Voice over Internet Protocol applications. These devices contain a cryptographic chip that processes encryption and decryption. The two algorithms are programmed into the chip, consisting of a key-exchange algorithm for the key agreement protocol and a symmetric-key algorithm for voice encryption.
Led by Dr. Nitesh Saxena, the researchers have devised an automated crypto key called checksum. This is displayed on each user’s device. Each users must verify that the voice announcing the checksum is the voice of the other user they wish to communicate with. When a user announces the checksum to the other person the key automatically transcribes the spoken code and performs a code or checksum comparison for the user. Trials conducted unsurprisingly showed that the automated process, that allows for longer and more complex keys, was superior to any human attempting to ‘guess’ the voice of the other user.
