hardware with secure key for linphone

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

hardware with secure key for linphone

accounts-linphone
I was looking into getting a hardware SIP phone today, but couldn't find
any alternatives which tell me that key is not potentially compromised
with a back door somehow.

Putting linphone on an Android kind of suffers the same fate, with
google ultimately controlling the bottom layer.

So I'd like to ask: Are there any certified (open) hardware solutions to
put linphone on, where I can have a greater guarantee that key integrity
is kept and no (deliberate by design) backdoors are implemented?

Thanks.

_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: hardware with secure key for linphone

David Kuehling
>>>>> "Louis" == Louis Holbrook <[hidden email]> writes:

> I was looking into getting a hardware SIP phone today, but couldn't
> find any alternatives which tell me that key is not potentially
> compromised with a back door somehow.

> Putting linphone on an Android kind of suffers the same fate, with
> google ultimately controlling the bottom layer.

> So I'd like to ask: Are there any certified (open) hardware solutions
> to put linphone on, where I can have a greater guarantee that key
> integrity is kept and no (deliberate by design) backdoors are
> implemented?

Not a direct answer to your question, but still:

If the hardware phone is located in a network you control, you could
force it to communicate outwards via a trusted (open source) SIP media
server and otherwise firewall it off and/or put it onto a VLAN etc. so
that it has no way to leak any information to the world outside your
network.  In theory any audio/video would then be (re-)encrypted on your
SIP server (e.g. asterisk/pjsip with direct_media disabled) so that's
the only place that you need to trust with that solution.

David


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: hardware with secure key for linphone

Russell Treleaven
In reply to this post by accounts-linphone
How about a PC?

On Mon, May 4, 2020 at 11:44 AM Louis Holbrook <[hidden email]> wrote:
I was looking into getting a hardware SIP phone today, but couldn't find
any alternatives which tell me that key is not potentially compromised
with a back door somehow.

Putting linphone on an Android kind of suffers the same fate, with
google ultimately controlling the bottom layer.

So I'd like to ask: Are there any certified (open) hardware solutions to
put linphone on, where I can have a greater guarantee that key integrity
is kept and no (deliberate by design) backdoors are implemented?

Thanks.

_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users


--
Sincerely,

Russell Treleaven
[hidden email];transport=tcp


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: hardware with secure key for linphone

accounts-linphone
In reply to this post by David Kuehling
David,

wouldn't the device still be creating the key material though? And
potentially however are in control of that hardware would be able to
compromise that key material and access backdoor? Whether the server is
here or there won't change that?

I'm thinking of end-to-end encryption here, of course.


On Mon, May 04, 2020 at 06:32:26PM +0200, David Kuehling wrote:

> >>>>> "Louis" == Louis Holbrook <[hidden email]> writes:
>
> > I was looking into getting a hardware SIP phone today, but couldn't
> > find any alternatives which tell me that key is not potentially
> > compromised with a back door somehow.
>
> > Putting linphone on an Android kind of suffers the same fate, with
> > google ultimately controlling the bottom layer.
>
> > So I'd like to ask: Are there any certified (open) hardware solutions
> > to put linphone on, where I can have a greater guarantee that key
> > integrity is kept and no (deliberate by design) backdoors are
> > implemented?
>
> Not a direct answer to your question, but still:
>
> If the hardware phone is located in a network you control, you could
> force it to communicate outwards via a trusted (open source) SIP media
> server and otherwise firewall it off and/or put it onto a VLAN etc. so
> that it has no way to leak any information to the world outside your
> network.  In theory any audio/video would then be (re-)encrypted on your
> SIP server (e.g. asterisk/pjsip with direct_media disabled) so that's
> the only place that you need to trust with that solution.
>
> David
>

_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: hardware with secure key for linphone

accounts-linphone
In reply to this post by Russell Treleaven
Russell,

right :) the whole point of this exercise was NOT to use a PC.


On Mon, May 04, 2020 at 12:32:47PM -0400, Russell Treleaven wrote:

> How about a PC?
>
> On Mon, May 4, 2020 at 11:44 AM Louis Holbrook <
> [hidden email]> wrote:
>
> > I was looking into getting a hardware SIP phone today, but couldn't find
> > any alternatives which tell me that key is not potentially compromised
> > with a back door somehow.
> >
> > Putting linphone on an Android kind of suffers the same fate, with
> > google ultimately controlling the bottom layer.
> >
> > So I'd like to ask: Are there any certified (open) hardware solutions to
> > put linphone on, where I can have a greater guarantee that key integrity
> > is kept and no (deliberate by design) backdoors are implemented?
> >
> > Thanks.
> >
> > _______________________________________________
> > Linphone-users mailing list
> > [hidden email]
> > https://lists.nongnu.org/mailman/listinfo/linphone-users
> >
>
>
> --
> Sincerely,
>
> Russell Treleaven
> sip:[hidden email];transport=tcp

> _______________________________________________
> Linphone-users mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/linphone-users


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: hardware with secure key for linphone

Stuart D Gathman
On Mon, 2020-05-04 at 20:00 +0200, Louis Holbrook wrote:
> Russell,
>
> right :) the whole point of this exercise was NOT to use a PC.

Mount an rPi3 in an old phone case.  If impedence of handset doesn't
match rPi audio input/output, buy one of the "retro" handsets with
smartphone compatible audio jack - it has impedence matching built in.

P
ros: mostly already done except for buttons/display and final
assembly/mounting cleverness (standoffs for the win!).

Cons: you'll have
to hook up buttons to GPIO and test how to read them.  Ditto for
display, or buy a designed for rPi display.

Anticipated answer: right :) the whole point of this exercise was NOT
to spend a week in hardware hacking.

Maybe it's easier to just buy a
retro handset, and plug it into an existing rPi case or other mini-pc
with more standard keypad/display.


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: hardware with secure key for linphone

David Kuehling
In reply to this post by accounts-linphone
>>>>> "Louis" == Louis Holbrook <[hidden email]> writes:

> David, wouldn't the device still be creating the key material though?
> And potentially however are in control of that hardware would be able
> to compromise that key material and access backdoor? Whether the
> server is here or there won't change that?

> I'm thinking of end-to-end encryption here, of course.

With TLS+SRTP(SDES) there is no proper end-to-end encryption and this is
what I'm used to (and that's the state-of-the art with the hardware
phones I know/own).  How a proper end-to-end encryption protocol like
ZRTP integrates with use of an intermediate SIP media server, I don't
know.

But what I suggested amounts to using the SIP media server as one end of
the link and do end-to-end encryption betwen the media server and your
peers.  Your hardware SIP phone could even use totally unencrypted SIP
protocol talking to the server, which isn't a problem if you can trust
your local network.

End-to-end encryption is usually employed so that you can analyze the
security properties of a system without having to think about security
aspects of all the middlemen in the network.  However, if you cannot
trust your endpoint (your hardware phone) that doesn't really make
sense.  You may get a system with higher security guarantees by just
isolating the untrusted phone and doing the encryption somewhere else.

David



_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: hardware with secure key for linphone

Stuart D Gathman
In reply to this post by accounts-linphone
On Mon, 4 May 2020, Louis Holbrook wrote:

> I'm thinking of end-to-end encryption here, of course.

To get end-to-end, ditch the SIP server and use linphone (and any other
IPv6 compatible SIP phone) in peer to peer mode with an IPv6 VPN like
Cjdns or Yggdrasil.  Use the IPv6 address as the "phone number"
in your address book.  It really is slick.  I need to get a recent
version going on Fedora to check if anything is broken since 3.6.1.

The Cjdns IPs are a hash of the public key of the node, so are
authenticated to prevent spoofing and man in the middle.  Packets
are end to end encrypted.  It is a mesh VPN, but relays are untrusted
and have no access to cleartext.

It is probably possible to support true end-to-end using an untrusted SIP
server, but you really don't need sip servers with IPv6 unless you are
doing conferencing or something.

_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users