A recent blog post on the impacts of Snowden's leaded documents on encryption softwares skyrocketed on this blog. Thanks folks!
However several questions came up concerning Secfone's solution let me answer them here. I try not to be too technical, so it will be understandable for non-infosec users too.
How Secfone protects encryption keys?
One of the fundamental issues in communication encryption is how the solution protects the encryption keys. If the keys are compromised, than the communication can easily be tapped. Encryption softwares can use only the device's (smartphone) store and CPU to store, generate, manage and use encryption keys. However these hardware elements are not designed to protect anything. This is one of the biggest weak-point of all encryption software.
Secfone uses TPM technology (Trusted Platform Module), a cryptochip integrated into a micro SD card (the card goes into the micro SD slot of the smartphone). This hardware piece is designed to generate, store, manage, use and PROTECT encryption keys. The cryptochip is designed to be very sensitive on purpose. That means the information can't be retrieved from the chip (it is not readable by design). If you try to hack the cryptochip - with an oscilloscope, or put it under an electro-microscope, try to freeze and remove it - it damages the chip and all the information it stores is lost immediately. This is the only proven technology today that can protect encryption keys (More on TPM technology: 5 functions of TPM you did not know about).
Interesting: One of an early version of cryptochips was hacked by Cristopher Tarnovsky in 2010. The hack required very high level of expertise and physical possession of the chip. This hack does not work anymore with the new hardwares.
What about stealing the encryption keys?
Good question. There are some companies that use cryptochip (they call it security card or trustchip, this is the very same thing) and put the keys into the chip at production. The keys are safe inside the cryptochip, it is no question, but can be compromised BEFORE they put it into the chip.
Secfone has its own method. Secfone does not put keys into the cryptochip, but uses cryptochip's functions to generate the keys for itself at production. What does it mean?
- Keys needed to decrypt the information that arrives to the device NEVER leave the safe storage of cryptochip.
- Keys can not be stolen from the factory or from a sysadmin.
- Nobody knows the keys (producer of the cryptocard, Secfone, the customer, nobody)
Interesting: Cryptochip is a military-grade technology under special export regulations. Strict legislation apply to keep information on who possesses the technology. It can not be exported to "sensitive" countries.
Now the keys are safe. However, there are more layers of security in Secfone, I will write a post about them soon.
Thanks for reading. If you found this blog post interesting, please spread the word.