Seriously Secure Mobile Voice With Custom Crypto

We all have security needs, but at the top of the heap are those who need a secure line and self-destruct capabilities. There may not be an app for that, but there is a fascinating hardware solution.

KoolSpan accomplishes this level of protection through a different kind of hardware add-on: A microSD card with an embedded system that does hardware AES-256 cryptography, including over-the-air key management.

My first question about it was: How do they run a coprocessor of any kind through a microSD card interface? This part is clever. The TrustChip and the TrustCall Secure Voice app communicate through the storage on the microSD card. Like TrustCall, any application can use the TrustAPI to communicate over the secure channel.

The KoolSpan TrustChip is a full crypto coprocessor in the phone.

Obviously the encrypted communications use data, not voice bandwidth, but KoolSpan says that it is designed for low bandwidth consumption, about 16-Kbps full duplex, little enough to work on GSM Edge networks. KoolSpan says that they discarded the idea of using SIP/RTP and wrote a proprietary VoIP protocol that was more frugal with bandwidth and connections.

Also obvious is that there needs to be KoolSpan hardware and software on each phone in the conversation. Currently only two parties are supported. They believe they will eventually support multi-party calls, but there are bandwidth issues to face.

As shown in the diagram below, encryption and authentication are performed peer-to-peer between the phones, but a relay server is used for call setup and device discovery. It also shows how, after the discovery, the phones use an SMS message as a further part of the call initiation process.

Initiating a call using TrustCall and TrustChip hardware involves several steps, but the call and encryption themselves are direct peer-to-peer.

The initial setup and deployment process for the phone involves a one-time tethering for key exchange. After that, all key exchange is over the air and secure.

Because the user may also be asked for a password, TrustCall is automatically a two-factor authentication device, as the microSD card is (in authentication parlance) "something you have."

The KoolSpan approach doesn't just plug into any phone architecture. The most obvious problem is on the iPhone, which has no microSD card. External dongles on the 30-pin connector were just too clumsy. The iPhone market is too big not to try for, though, so they do plan to keep trying.

Finally, in the realm of physical security, the remote management system can not only remotely disable the TrustCard (by resetting the password to something nobody knows) but has a self-destruct mode that can be invoked remotely to make the TrustCard unusable. It's also possible to bind a TrustCard to a particular SIM card so that it can't be stolen and reused. And maybe the NSA could pull something useful out of the physical card itself, but probably not.

The administration of the system can be run in-house by an enterprise or as a service by KoolSpan. In this sense it is something like a trusted certificate authority, validating parties to a conversation.

This is not the kind of security that everyday people and businesses need, but the market for people with such serious requirements is not small.