Philip Zimmerman Unveils Encryption for VoIP
Philip R. Zimmerman, the creator of Pretty Good Privacy("PGP"), unveiled a prototype for encrypting data carried on VoIP (Voice over Internet Protocol) at the Black Hat Security conference in Las Vegas in late July. The prototype, called zFone, will be written in Python mainly because it is built to run off the open-source Shtoom, which is also written in Python. Currently, zFone runs on the Mac OS X and Zimmerman hopes to make the prototype available for download by the end of August.
Unlike PGP, zFone relies on the Diffie-Hellman public key exchange with keys generated on a per-call basis. Zimmerman decided not to adopt a full Public Key Infrastructure ("PKI") for zFone to avoid adding layers of complexity to the software and to avoid the hassle of dealing with the exchange of digital certificates.
To avoid "man in the middle" attacks, to which the Diffie-Hellman public key exchange protocol is vulnerable, zFone will display a hash of shared secret information. The two parties can read the hash to one another to confirm that the call has not been compromised. zFone will also store a list of the hash of the shared secret information (although zFone will delete the shared secret information after each call), so users can confirm that a MITM attack has not compromised their call at some point in the future.
Posted by K.M. Das