Wednesday, February 19, 2014

5 questions your boss will ask you on encrypted mobile communication


Companies working with valuable technologies and information have to protect their ideas from the beginning. Employees work on valuable ideas for a while before the idea becomes a product or a service. Meanwhile they communicate with each other through mobile communication too. It is essential to protect the information in transit. If you work a company like that, and you do not use high security level mobile communication solution, than be prepared to brief your boss on encrypted mobile communication. You will have to make the brief, sooner or later…

1st Question: What encryption software should we use?
Answer: Encryption software provide very limited security level. One of the most fundamental features of a secure mobile encryption solution is to protect the encryption keys, because once the key is compromised, the communication is leaked. Software reside on smartphones non-protected storage and run on smartphones non-protected processor. These parts of the smartphones are not designed to protect any information. There is no way to protect the keys on any smartphone.

2nd Question: Is there a mobile encryption solution that can effectively protect the encryption keys?
Answer: Yes, there are some solutions on the market. Only special hardware, designed for generating, storing, managing and using encryption keys can protect the keys. These hardware are not readable by design and hack-proof. Often referred to as cryptochip or trusted platform modul. They are sensitive by design, so any attempt to read out the information from them damages the hardware and destroys all the information it stores, including the encryption keys.

3rd Question: Which TPM or cryptochip based solution should we choose?
Answer: TPM or cryptochip is just the bottom line. For the highest level of security the solution has to implement the protection of the communication, the encryption keys and the smartphone too. If let’s say the smartphone is not protected, than the communication can be eavesdropped directly through the microphone before any encryption takes place. Known backdoor called DROPOUTJEEP exists on all iPhone and BlackBerry smartphones. It is totally useless to use any mobile encryption solution on these smartphones.

4th Question: What kind of encrypted mobile solution should we use?
Answer: We should use a cryptochip based solution with triple-level protection. The solution has to protect the communication, the encryption keys and the smartphone. It has to run on a smartphone and operating system which has no known backdoors. 

5th Question: How much does the most secure solution costs? Is it expensive?
Answer: Surprisingly not the highest level of security is the most expensive. The most expensive software solution, Crypttalk costs 250 euro/month with all the defects mentioned. Yet we can reach the highest level of security at a reasonable price of 55 euro/month. A one-time fee of 300 euro applies that includes the price of a unique cryptochip. We do not have to buy new smartphones, we just have to insert the cryptocard into the micro SD card slot of our smartphones. The solution is called Secfone.

If you liked this post please Google+ it or share it on Facebook, Twitter or any social media you prefer. Thank you!

2 comments:

  1. Wow really interesting and informative post. thanks alot for sharing the information and can help the newcomers to deal with their bosses in a better way. i will help me as well..

    ReplyDelete