Secure VoIP based mobile communication for Android™ phones Secfone Secure VoIP based mobile communication for Android™ phones

INTRODUCTION Security is facing more and more popularity and becoming the focus of technology: Extreme viruses Sophisticated spy applications Thousands of malwares + Easily accessible and cheap spy hardwares from internet web stores More and more company tries to reply and develop its own application choosing from good available encrypting mechanisms, however inadequate utilization involve more serious vulnerability and false safety feeling

To be secured and protected: INTRODUCTION To be secured and protected: Best available encryption technology has to be used Hidden and real secure authenticated method has to be used Have to be ensured that softwares cannot access to encryption keys Have to ensured that encryption method cannot be deciphered Have to be ensured that 3rd party application cannot use our device and by-pass applied security The solution is MVCN™ based security devices

Secfone is part of MVCN product line… The MVCN™ network Secfone is part of MVCN product line…

Hardware based encryption The MVCN™ layer Patented 3 level key exchange mechanism: 2048bit RSA keys for Authentication 1024bit RSA keys for communication key exchange 448bit Blowfish CBC for voice/data encryption (variable) with constantly changing keys Hardware based encryption and authentication

Role of MVCN™ layer Authentication Encryption Privacy Hardware based Authenticates an ensures the participants Hardware based Encryption Encrypt and decrypt dataflow with continuously changing keys between communicating devices Hardware based Privacy No 3rd party device, no server, no central application can access to user communication

Hardware encryption device No known method can access to keys (x-ray, electron-microscope, etc.) CRYPTOCARD Keys and encryption method never revealed to application TPM chip in: Secbox Secbox H Secbox Industrial Rabbit Cryptocard: Secfone Red Secfone Orange iSecfone SecBerry

MVCN™ - key exchange w Burned into MVCN™ server Stored on MVCN™ server Server decoding key SF1 encoding key SF2 encoding key SF1 IP address, encoding key request Connection request to SF2 Server response SF1 IP address, SF1 encoding key Server response: SF2 IP address, SF2 encoding key Secfone 1 (SF1) Secfone 2 (SF2) Connection request from SF1 to SF2 Stored on Crypto card Stored on Crypto card Server encoding key Server encoding key SF2 IP address, encoding key SF1 IP address, encoding key Server response: SF2 IP address, SF2 encoding key Burned into Crypto card Burned into Cypto card SF1 decoding key SF1 decoding key

VoIP communication Calls are VoIP based: Encrypted communication is working on almost any kind of IP based network (Wi-Fi, WiMAX, LTE, HSDPA, UMTS, EDGE, etc.) 3 VoIP layer: Session Initiation Protocol Session Description Protocol Realtime Transport Protocol

Session Initiation Protocol in Secfone SIP protocol IETF defined signaling protocol Opens communication sessions over IP network The protocol enables to open, modify and close two or multiparty sessions Secfone uses modified SIP protocol: Basic SIP P2P call (through MVCN network) Basic SIP signaling (ringing, ringtone, busy tone, waiting tone, etc.) Caller name and number display Call waiting, muting Voice compressing and time fragment size (packet time) negotiation through SDP Missed calls and call history Local user directory Volume control

Session Description Protocol Session Description Protocol (SDP)  A format for describing streaming media initialization parameters in an ASCII string. SDP is used in Secfone in conjunction with the SIP and RTP protocols Constrained to general session and connection description parameters. The media section of the SDP protocol is used for media attributes negotiation: The speech codec to be used by both peers during the negotiated session The RTP packet time (ptime) to be used by both peers during the negotiated session

BEST AVAILABLE VOICE QUALITY Applied speech codecs Automatic and optimized speech codec selection by network quality WiFi (ptime: 60ms): Speex10 (24.6 kbps) Speex9 (18.2 kbps) + the complete 3G offer 3G (ptime: 100ms): Speex8 (15 kbps) Speex7 (15 kbps) BroadVoice16 (16 kbps) + the complete EDGE offer EDGE (ptime: 140ms): Speex6 (11 kbps) Speex5 (11 kbps) Speex4 (8 kbps) + the complete GPRS offer GPRS (ptime: 180ms): AMR_NB 4.75 (4.75 kbps) Speex4 (8 kbps) BEST AVAILABLE VOICE QUALITY Speech codecs are user selectable Speech codecs are changed during calls by network quality AMR codec rate changes during calls by network quality Narrow Band Adaptive Multirate Codec (AMR-NB) is applicable AMR-NB 4.75 kbps AMR-NB 5.15 kbps AMR-NB 5.90 kbps AMR-NB 6.70 kbps AMR-NB 7.40 kbps AMR-NB 7.95 kbps AMR-NB 10.2 kbps AMR-NB 12.2 kbps

Realtime Transport Protocol The Real-time Transport Protocol (RTP) defines a standardized packet format for delivering audio and video over IP networks Altering network characteristics would result in non-enjoyable voice quality *note that „jitter” comes from that latency which is the delay of receiving and playing the sound – not network latency RTP jitter control was developed for Secfone Low latency playback with a low packet rejection rate, ensuring both high quality sound and good conversation properties

Secfone infrastructure and characteristics CRYPTOCARD Encryption / decryption by HARDWARE Nothing can access to encryption keys Authentication and encryption protocol is MVCN™ Adaptive and safety software application for : Best quality voice communication over IP networks 3rd party spy application detection Continuous and hidden key changing during communication

Secfone infrastructure and characteristics Secured voice/data communication with other Secfones Voice SMS File sharing Secured data/voice communication through Secbox Printer Computer File sharing Etc. Secured data/voice communication in industrial environment Survaillence Camera systems Monitoring Etc.

Minimal data requirement for Secfone Requriements: The device needs to have a functional MicroSD Card slot Minimum CPU requirement of the device is 1 GHZ Minimum RAM requirement is 512 MB Minimum free space on the phone: 6.3 MB Supported devices: HTC Desire Android 2.2 Sense HTC Desire S Android 2.3.3 Sense HTC Incredible S Android 2.3.3 Sense HTC Sensation Samsung Galaxy S Android 2.1/2.2 Samsung Galaxy S (NTT Docomo) Android 2.3.3 Samsung Galaxy S II LG p350 Android 2.2.2

MVCN™ protocol for Secfone

P2P communication In case the Secfones are behind a firewall type not supported by MVCN they use proxy

Retail server options for customers Private Server The server is installed by Navayo and hosted by the customer One time fee Absolutely private infrastructure Hired server The server is installed and hosted by Navayo Monthly fee Navayo guaranteed service

Secure telephone conferencing Secfone enables secure teleconferencing for a large number of users at the same time Conference rooms can be accessed through Secbox connection Up to 500 participants at one time depending on hardware set-up Voice messages can be left in the conference rooms

Secfone secure mail service E-mail server is connected to the Internet through Secbox network security device Proxy is set on the Secfone device to enable connection to the e-mail server E-mail traffic is encyripted between the device and the e-mail server 3rd party SCB technology allows logging of Administrator activity providing added security The phone’s default e-mail client is used

Secure data access

Thank you for your attention!