Secure VoIP

ubi:phone Protecting your Communications over IP through End-to-End Encryption of your Calls

Nowadays, Voice-over-IP (VoIP) takes increasingly ground in the world of telephony earning the interest on both user-side and manufactures/developers part. Thanks to VoIP technology, users can now get in touch with the special people in their lives by using the Internet connection on their phones. With most major telecommunications carriers currently in the process of readying Voice-over-IP (VoIP) services for mass deployment, it’s clear that IP telephony is finally headed for prime time. However, the promise of mass VoIP consumption also increases the risk of widespread security violations, spawning a new sense of urgency to fill in potential security gaps now before hackers wreak havoc on corporate voice networks.

The need for secure applications using VoIP services that grants the safe of user’s personal information and data must be number one priority of the software developers. Most software developer companies claims in their policies that takes into account security implementations regarding the communication and user’s personal data. However their encryption policy which is a major issue for secure exchange of any sort data between users lacks of validation and fidelity as for security protocols they may use. In most of the cases only the server-side security is validated. But, are they safe, are they secure?

Being secure enough or just taking into account security issues is not acceptable, when corporate strategies, valuable business information and strategic decisions are transmitted over the wire.

In the answer of this question, ubi:phone provides encrypted voice calls and communication over IP for Android. In ubi:phone, the security issues both for the client and the server are severely taken into account and fully addressed. That’s what makes our application unique. The idea for secure communication is simple nevertheless effective. All communication between application clients and servers is encrypted using TLS. We do not use certificates signed by Certificate Authorities (CAs). Instead, we have our own “certificate” that is distributed with the application client. Individual application servers have certificates that are signed by and validated against the “certificate” of ubi:phone, eliminating any requirement to trust unknown CAs. Furthermore two-way Secure Socket Layer (SSL) authentication is used. In two-way SSL authentication, the SSL client application verifies the identity of the SSL server application, and then the SSL server application verifies the identity of the SSL-client application. This is the absolute solution used to prevent the Man-in-the-Middle attack (MITM).

Our Solution

ubi:phone is a very promising application that enables encrypted voice communication between ubi:phone application users. ubi:phone integrates with the system dialer to provide a frictionless call experience, but uses ZRTP to setup an encrypted VoIP channel for the actual call. ubi:phone was designed specifically for mobile devices, using audio codecs and buffer algorithms tuned to the characteristics of mobile networks, and using push notifications to maximally preserve your device’s battery life while still remaining responsive. Even more, ubi:phone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in. It’s easy to use, and functions just like the normal dialer you’re accustomed to. ubi:phone uses your normal mobile number for addressing, so there’s no need to have yet another identifier or account name; if you know someone’s mobile number you know how to call them using the ubi:phone application for Android. When you receive a ubi:phone call, your phone will ring just like normal, even if it is asleep. Although ubi:phone comes with many smart and usable features in which highlighting the following:

uConference: Stands for encrypted conference call, allowing more than two users speak together simultaneously.
uMessage: Sending an encrypted message to your partner or a friend knowing that only the actual receiver is able to read it.
uSafe: Now every user has his/her own electronic safe on-line. You can choose to keep any message or call you have recorded, secure and encrypted to the server. Even if your phone is stolen or broken you are able to access your data from a web browser or by installing the ubi:phone on a new device.

Other features include: voicemail, missed call notification, delivery report of uMessage, hide number during a call or send a private message. Furthermore, ubi:phone gives you the ability to record the conversation during a call or even forward a call to another ubi:phone user. The major asset of ubi:phone is that regardless of the feature(s) the client uses, communication safety is guaranteed.

Security Features

Our solution makes use of the current state-of-the-art encryption algorithms and cryptographic protocols in order to provide to users the best possible effort among security issues. In specific the following algorithms and protocols are implemented:

  • Data Encryption Algorithm: Advance Encryption Standard 256 bit (AES-256)
    The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. AES is a winner data encryption-algorithm among many Cryptography Research and Evaluation Committees including CRYPTREC, NESSIE and NSA.
  • Cryptographic Protocol: Secure Sockets Layer (SSL) SSL are cryptographic protocols that provide communication security over the Internet. SSL uses symmetric encryption for confidentiality (AES-256 in our solution).
  • Cryptographic Key-Agreement Protocol: Zimmermann Real-time Transport Protocol (ZRTP)
    ZRTP is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over Internet Protocol (VoIP) phone telephony call based on the Real-time Transport Protocol.
  • Voice Encryption Protocol: Secure Real-time Transport Protocol (SRTP)
    The Secure Real-time Transport Protocol (or SRTP) defines a profile of RTP (Real-time Transport Protocol), intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast applications.

The ubi:phone application for Android could be tailored and customized for your specific organization’s needs, allowing you to install a private ubi:phone secure communication server in your premises and to build your own, private community of ubi:phone users.