Users gain options for mobile voice encryption

U.S. President Barack Obama's dilemma over the security of his BlackBerry has given rise to an increased interested in systems that can scramble voice calls to avoid interception.

At this year's Cebit trade show, mobile device security vendors rolled out an array of systems for governments and companies looking to protect their voice calls.

[ The brouhaha over whether President Obama would continue to use his BlackBerry highlighted two ideas: information security isn't what it should be and top-level execs make the juiciest targets for information theft | Get the latest on mobile developments with InfoWorld's Mobile Report newsletter. ]

In some cases, employing mobile voice encryption can save companies money, as it can allow top-level executives to discuss sensitive information without needing to travel to secure company offices, said Christoph Erdmann, managing director and founder of Secusmart, which makes a flash card with hardware-based encryption for voice calls.

Erdmann used to work in security in Nokia. He frequently had to travel to Finland to discuss important company information to avoid speaking over a phone.

Nokia eventually decided that the market for supersecure devices was too small, so Erdmann started his own company to provide higher security for Nokia smartphones.

Secusmart's microSD flash card, called SecuVoice Version 1.0, fits into Nokia Series 60 devices, which are frequently issued to government employees. The software is installed on the phone when the card is first inserted into a device.

Secusmart's card uses Elliptic Curve Cryptography, a proven method for establishing a secure connection between two devices. It's also faster than using the RSA algorithm, which employs large keys or certificates that increase the time needed to connect a call by up to 15 seconds. ECC does it in under five seconds.

"In mobile systems, every bit counts," Erdmann said.

Voice calls are encrypted using 128-bit AES (Advanced Encryption Standard) keys. The card is tamper proof. It has been approved by Germany's Federal Office for Information Security, which tests IT security products for the government, for use at a "restricted" classification, the lowest rank for sensitive material, Erdmann said. The microSD card costs €2,200.

Another option for encrypted voice is a system from Rohde and Schwarz of Munichy. Its 55-gram TopSec Mobile device encrypts voice calls using 128-bit AES keys. In a few months, the company will upgrade it to accommodate 256-bit AES keys, said Henning Krieghoff, Rohde and Schwarz's president.

The device, which resembles a small phone but without number buttons, is carried along with the person's regular mobile phone. It encrypts the voice traffic and then sends that data through the user's regular mobile via Bluetooth.

While a person has to carry two devices, the system offers the advantage of being compatible with nearly every mobile device with Bluetooth, said Mark Dencker, product manager. TopSec Mobile costs €1,800.