Nowadays, there is a strong trend toward the integration of public communication networks. This is especially the case of the mobile phone networks and the Internet, which are becoming increasingly interconnected as to create a single unified network. One of the possible consequences of this integration is that the security issues, which already exist within each of these networks, become even more menacing in such an enlarged context. The possibility to operate voice calls is one of the most popular services that run on these networks. At the time of this writing, the user who calls another user by means of a mobile phone or a desktop computer equipped with Voice-over-IP software is subject to several threats. In this paper, we examine some of these threats and present SPEECH, a software system for making "secure" calls by using Windows Mobile 2003 powered handheld devices and a wireless data communication channel. The notion of Security implemented by SPEECH is stronger than the one available in other secure conversation software, because it includes the mutual authentication of the endpoints of the conversation, the end-to-end digital encryption of the content of a conversation and the possibility to digitally sign the conversation content for non-repudiation purpose. SPEECH is able to operate on different types of networks and adapt its behaviour to the bandwidth of the underlying network while guaranteeing a minimal-Acceptable quality of service (currently GSM and TCP/IP networks are supported). This has been achieved by adopting a very light communication protocol and by using a software codec explicitly optimized for the compression of voice data streams while retaining a good sampling quality. As a result, SPEECH is able to work in full-duplex mode, with just a slight delay in the conversation, even when using a 9600 bps communication channel, such as the one provided by GSM networks. There are several application areas for SPEECH. For example, it can be used in an economic transaction conducted over a public phone line to verify the real identities of the parties who are participating to the transaction, to prevent the possibility for an eavesdropper to access the content of the conversation and to ensure that either party of the call could not deny the content of the conversation in a later moment.
Secure Personal End-to-End Communication for Handhelds / A., Castiglione; G., Cattaneo; A., DE SANTIS; FERRARO PETRILLO, Umberto; F., Petagna. - STAMPA. - Nota: Sono presenti su Scopus delle citazioni al prodotto reperibili attraverso la query REF("SPEECH: Secure Personal End-to-End Communication with Handheld"):(2006), pp. 287-297. (Intervento presentato al convegno EEMA Information Security Solutions Europe tenutosi a Rome; Italy nel 10--12 Ottobre 2006) [10.1007/978-3-8348-9195-2_31].
Secure Personal End-to-End Communication for Handhelds
FERRARO PETRILLO, UMBERTO;
2006
Abstract
Nowadays, there is a strong trend toward the integration of public communication networks. This is especially the case of the mobile phone networks and the Internet, which are becoming increasingly interconnected as to create a single unified network. One of the possible consequences of this integration is that the security issues, which already exist within each of these networks, become even more menacing in such an enlarged context. The possibility to operate voice calls is one of the most popular services that run on these networks. At the time of this writing, the user who calls another user by means of a mobile phone or a desktop computer equipped with Voice-over-IP software is subject to several threats. In this paper, we examine some of these threats and present SPEECH, a software system for making "secure" calls by using Windows Mobile 2003 powered handheld devices and a wireless data communication channel. The notion of Security implemented by SPEECH is stronger than the one available in other secure conversation software, because it includes the mutual authentication of the endpoints of the conversation, the end-to-end digital encryption of the content of a conversation and the possibility to digitally sign the conversation content for non-repudiation purpose. SPEECH is able to operate on different types of networks and adapt its behaviour to the bandwidth of the underlying network while guaranteeing a minimal-Acceptable quality of service (currently GSM and TCP/IP networks are supported). This has been achieved by adopting a very light communication protocol and by using a software codec explicitly optimized for the compression of voice data streams while retaining a good sampling quality. As a result, SPEECH is able to work in full-duplex mode, with just a slight delay in the conversation, even when using a 9600 bps communication channel, such as the one provided by GSM networks. There are several application areas for SPEECH. For example, it can be used in an economic transaction conducted over a public phone line to verify the real identities of the parties who are participating to the transaction, to prevent the possibility for an eavesdropper to access the content of the conversation and to ensure that either party of the call could not deny the content of the conversation in a later moment.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
