Embed Size (px)
Citation preview
SERBUS“Our knowledge, your solution”
Cryptify Call
Technical Overview
OfflineOnline
CryptifyRendezvous
Server
GPRS, EDGE3G, 4G, WiFi
Mobile Network
CryptifyCaller
ApplicationSerbus Secure
Securing
End
Serbus - demo
SerbusSerbus - demo
Is calling you
AnswerDecline
Certified Product
FoundationVOIPC33470913
UK RESTRICTED / OFFICIAL NATO RESTRICTED
CMSCryptify
ManagementSystem
Internet
The Cryptify Management System (CMS)
- is a user friendly administration tool for the security officer or IT administrator who provides the end user with key material
- provides absolute and exclusive control of all cryptographic material
- implements Sakai-Kasahara Key Exchange in Multimedia Internet KEYing - Mikey Sakke - using ECCSI signatures
- generates key material for all the end users
- distributes initial key material through a printed QR code
- “one command” renewal of key material on monthly basis
- off-line computer and hence completely protected from any kind of Internet threats
Certified Product
FoundationVOIPC33470913
UK RESTRICTED / OFFICIAL NATO RESTRICTED
Cryptify Call
Cryptify Management System (CMS)
SERBUS“Our knowledge, your solution”
CMS
SERBUS“Our knowledge, your solution”
The Cryptify Rendezvous Server (CRS)
- the CRS Service is provided free of charge by Cryptify AB.
- CRS software is also available free of charge to customers who wish to operate their own CRS
- the CRS does not handle any sensitive data
- automatic account registration
- session establishment functionality to support VoIP
- media relay support
- distribution of monthly key renewal material
Cryptify Call
Cryptify Rendezvous Server (CRS)
Certified Product
FoundationVOIPC33470913
UK RESTRICTED / OFFICIAL NATO RESTRICTED
SERBUS“Our knowledge, your solution”
Certified Product
FoundationVOIPC33470913
UK RESTRICTED / OFFICIAL NATO RESTRICTED
Securing
End
Serbus SecureSerbus - demo
The Cryptify Caller Application
-is available on iPhone and Android
- easy to use – similar to making an ordinary phone call / SMS
- uses your standard mobile phone number for secure calls and messaging
- can connect via both Wi-Fi and mobile networks
- works at home and abroad
- provides end-to-end protected phone calls through an AES encrypted VoIP session with an unique session key
- receives all initial key material from the CMS as printed QR code, or scanned directly from the CMS screen
- automatically receives new key material from the CMS every month distributed via the CRS
Cryptify Call
Cryptify Caller Application
SERBUS“Our knowledge, your solution”
The traditional dilemma:A trade off between security and cost
Cryptify Call
Key Exchange and Authentication
Certified Product
FoundationVOIPC33470913
UK RESTRICTED / OFFICIAL NATO RESTRICTED
Key Exchange Authentication
Distributed
Servercontrolled
Handled by the clientClients authenticate
each other(e.g. using certificates)
Clients authenticatetowards the serverHandled by the server
Security assured by the system
Security left to the users to assureSimpe IT Environment
Complex and expensiveIT environment
MIKEY -SAKKE ECCSISAKKESecurity assured by the system
Simple IT environment
MIKEY-SAKKE: combines the best of two worlds
SERBUS“Our knowledge, your solution”
Cryptify Call
MIKEY-SAKKE Key Management
Certified Product
FoundationVOIPC33470913
UK RESTRICTED / OFFICIAL NATO RESTRICTED
MIKEY-SAKKE provides a method for an unlimited number of users to create an authenticated and encrypted relationship to any user without using any online key server. This is done through provisioning of five keys to each user.
Entrophy KMSz
Z
KSAK
KPAK
KMS Master Secret
KMS Public Key
KMS Secret Auth. Key
KMS Public Auth. Key
Z
Ka
KPAK
SSKaPVTa
User A
Secret Signing KeyPublic Validation Token
Z
Kb
User B
KPAK
SSKbPVTb
ReceiverSecret Key
SERBUS“Our knowledge, your solution”
Cryptify Call
MIKEY-SAKKE Key Management
Certified Product
FoundationVOIPC33470913
UK RESTRICTED / OFFICIAL NATO RESTRICTED
Z and KPAK are common and known to all users
Z
Ka
KPAK
SSKaPVTa
User A
Secret Signing KeyPublic Validation Token
Z
Kb
User B
KPAK
SSKbPVTb
ReceiverSecret Key
Generate a SSV, Shared Secret Value
Send: f(a,b,SSV,SSKa,PVTa) + PVTa
Receive: f() + PVTaF(a,b,f(),PVTa,Kb) => SSV
SERBUS“Our knowledge, your solution”
Cryptify Call
Initial Key Material Distribution
Certified Product
FoundationVOIPC33470913
UK RESTRICTED / OFFICIAL NATO RESTRICTED
Welcome Mr. Johns
OfflineOnline
CryptifyRendezvous
Server
GPRS, EDGE3G, 4G, WiFi
Mobile Network
CryptifyCaller
ApplicationSerbus Secure
Securing
End
Serbus - demo
SerbusSerbus - demo
Is calling you
AnswerDecline
CMSCryptify
ManagementSystem
Internet
Z
Ka
KPAK
SSKaPVTa
User A
SERBUS“Our knowledge, your solution”
Cryptify Call
Monthly Key Material Renewal
Certified Product
FoundationVOIPC33470913
UK RESTRICTED / OFFICIAL NATO RESTRICTED
OfflineOnline
CryptifyRendezvous
Server
GPRS, EDGE3G, 4G, WiFi
Mobile Network
CryptifyCaller
ApplicationSerbus Secure
Securing
End
Serbus - demo
SerbusSerbus - demo
Is calling you
AnswerDecline
CMSCryptify
ManagementSystem
Internet
The CMS generates newKey Material for all users.This is exported from the CMSlaptop via a DVD
Users automatically fetchtheir new Key Material
on monthly basis from the CRS- protected with the Key Exchange Key
