1. Cyberespionage and cryptography: protecting information in
the Information Technology era June 2015 Marco Pozzato CTO
PrivateWave Italia S.p.A.
2. Once upon a time... In old ages Paper and envelops Horses or
vehicles Espionage was: expensive and time consuming no mass scale
invasive and visible
3. 3rd Millennium Nowadays Voice: landline and mobile
Asynchronous messaging: SMS, email Instant Messaging: whatsapp,
facebook Communications are: digital espionage is transparent and
undetectable pervasive mass wiretapping is cheap
4. Mobile Networks Are Insecure GSM is broken! Cracked in 2011
with 20$ hardware UMTS is theoretically flawed, practically secure
Phones are dual mode a jammer forces them to GSM protocol
5. Threats Privacy, Business and national security threats:
Government espionage Mass surveillance Industrial espionage Secure
Voice & Text Communications
6. Choose Secure Communication Solution Define Risk Context Who
are my attackers? Which factors affects decision?
7. Technologies & Networks Data Over Voice (DoV) codec
impractical Circuit Switched Data (CSD) phased out TETRA expensive
devices and poor network coverage Solution is Secure Voice over
Internet Protocol
8. Usability and Devices Secure Phone: hard security Blackberry
OS 5/6/7: push email Iphone: cool device Android: power users and
geeks Blackberry 10: security & EMM Users want their beloved
smartphone and apps
9. Software VS Hardware HW with Crypto SD card Expensive No SD
card trend in new devices Not replaceable SW only Cheap Flexible
Easily replaceable
10. Architecture
11. Architecture - Wiretapping Software as a Service in cloud
Provider is responsible On premise Customer owns communication
infrastructure
12. Communications Protocols Proprietary Geopolitical Standards
SCIP SNS Internet Open Standards SIP/TLS SRTP SDES ZRTP
13. Vulnerability assessment Made by third party company
Different methodologies
