Do secure phone lines exist?

Question

I could be out of context here about security, but , I would like to know if phone lines or phone calls over VOIP could be made secure .

I know that Skype and other VOIP service providers have to give access to respective governments of countries who request authorization of phone calls from their country . The normal phone lines themselves are unsecure.

I am talking from a perspective of a kid(in terms of security) who watches movies and thinks what does it mean and how do they do it ? I would really like to know the secret that if its actually possible.

• "The phone line at our end is secure , is your connection secure ?"
• "Are we on a secure phone line ?"

Answer 1

A secure phone line is conceptually possible; this is not really different from, e.g., a secure communication between a Web browser and a HTTPS server (there are technical subtleties about lost packets and whether they should be tolerated, but that is not the issue here). However, the movie-secure phone is not secure, and that's a structural problem.

The problem lies in the question: "is your connection secure ?". If you need to ask to the other guy whether the line is secure, then the line is not secure. That's as simple as that. A "bad guy" could hijack the line and, when you ask whether the connection is secure, the bad guy could simply respond "yes it is !", counterfeiting the voice of the intended recipient (and, in the other direction, he could "replace" the question by an innocent sentence).

In a secure phone line, the caller and the receiver shall be authenticated to each other, which can be done with various cryptographic tools (e.g. digital signatures, or, more simply, a shared secret). Variants of the same tools also establish a session-specific shared secret which can be used to symmetrically encrypt the data. Bottom-line is that once people begin to actually talk, the line should already be secure and both participants shall have ways to know it (e.g. they are using special phones which refuse to communicate if security is not achieved). Otherwise, there is no security.

On a more practical point of view, if I were to implement a phone-like secure system between two entities, I would investigate using VoIP over a VPN. This would require some delving into the details of the VoIP protocol, so I would do that with an open protocol (i.e. Ekiga, not Skype).

Answer 2

Or dedicated, isolated phone lines, such as the famous "red phone" between the US president's office and the USSR premier, back in the days of yore (Don't know if this is still around).
(or the batphone in Commisioner Gordon's office...)

Answer 3

These still exist, and many countries military and law enforcement agencies use them. Dedicated devices acting as line encryptors are very expensive to run, with requirement to securely deliver keys/certs to each endpoint so for most people software equivalents are appropriate.

You can secure your VOIP link the same way you would encrypt any IP link - you just need to be a little cleverer as voice calls are not as tolerant of lag and jitter as data comms.

Answer 4

Yes they can be made secure by encrypting data or through mutual authentication of both parties.

for more information check http://en.wikipedia.org/wiki/Secure_telephone and http://www.helpturk.org/telephone-line-encryption.htm

Answer 5

This is more of an interesting tidbit than an answer: given a common way of implementing the compression and cryptography for VoIP (VBR and stream cipher), it is still possible to see the length (in time) of spoken words as the data goes past. Based on this information, you can do interesting things like infer the language being spoken or even recognize certain phrases. These attacks have been the subject of two recent papers at top security conferences.

Answer 6

The "secure government phone line" in movies is due to a keyed, programmed encryption device built-in to each phone. The data is encrypted/decrypted on each end.

Answer 7

Here in the Netherlands, until recently all electronic payments with a debitcard (and creditcard) were done through a secured telephone line. This was demanded by the government to ensure consument security. Hence, the simple answer to you question is yes, you can secure a telephone line.

Answer 8

A secured phone line would indicate that there is encryption in place. This would be similar to how we do encryption in networks using TLS, etc. The line on it's own would not typically be encrypted, but the data flowing over the line would be encrypted. Typically, there is encoding software/hardware built into the phone units or you could encrypt the data using an external device that then goes over the phone line. If this is a digital phone system, the encryption can be just like TLS, SSH, etc. You can have mutual authentication, a lookup table for the shared key, etc. It is also possible to do "analog encryption" by doing modifications to the carrier signal and demodulating them on the receiver's end, though analog encryption is typically more complex to use and frequently requires synchronization since you are not dealing with discrete chunks of data (see scrambling).

You should know ahead of time if you are using an encrypted line or not. There may also be other considerations such as securing the physical medium to limit the ability for someone to tap the line and know that any repeaters, switches, etc are secure. If the line is secure on one side, the other side would hear gibberish if they were not in secure mode. Assuming you had a phone system where you could switch from secure to not secure, if both sides forgot to turn on the encryption it might be a valid question, but if at least one side was encrypted, it would not be able to send or receive intelligibly (if you try to decode unencoded information, it will be gibberish). The last consideration would be if the message was encrypted end-to-end. It is plausible that within "a trusted network" the message is passed decrypted, especially in an analog system, to reduce the possibility of timing delays, etc. Based on the classification of the communication this may or may not be acceptable (require greater assurance if you are talking about a mole).

It is possible to say that a cellular connection or phone system is encrypted. GSM and CDMA have encryption capabilities; however, if you do not encrypt at the two endpoints, then you leave opportunities for interception, and the encryption of the network may not be sufficient to meet your needs.

Further reading:

• Secure Voice at Wikipedia
• Automatic Secure Voice Communications Network <-US Government's Secure Voice Network until about the 80s
• Defense Red Switch Network / Multilevel Secure Voice <- US Secure Voice Network
• DISA Info about voice services