Thursday, February 7, 2013

Securing Mobile Telecommunications Talk from LinuxConfAU 2013

The full video of my recent talk from Linux Conf AU 2013 is now available:

http://mirror.linux.org.au/linux.conf.au/2013/mp4/Making_Mobile_Communications_Secure.mp4

The abstract for my talk is here:  http://linux.conf.au/schedule/30058/view_talk?day=wednesday

"GSM/3G are surprisingly insecure, which is sad since good cryptographic frameworks exist. During the past year the Serval Project has been working on integrating very strong security into voice, text and data transfers on a mesh network. Rather than implement a secure SIP and secure RTP combination, we have taken a fresh approach and created a light-weight but secure packet and voice transport that is designed from the ground up with mesh networking in mind. One of the key innovations is using public keys as the network address, so that no key exchange or verification is required to setup an end-to-end encrypted channel. Consideration has also been given to how to defeat man-in-the-middle attacks for peers who are not able to verify each others keys prior to connection.

The system will be demonstrated in it's intended application in open-source Serval Mesh telephones to allow secure telephone calls.
Part of the talk will discuss the technical details of the security model, but (hopefully) in a fairly accessible manner that most developers should be able to follow, and in particular avoiding getting buried in mathematics. Feedback on the security model is invited so that any obvious vulnerabilities can be addressed before the software becomes widely distributed."

No comments:

Post a Comment