Cryptography
SECVOICE 3G encryption technology
SECVOICE 3G uses Elliptic Curve Diffie-Hellman(ECDH) Koblitz 571 bits for key exchange (as secure as Diffie-Hellman with 15.000 bits) and Advanced Encryption Standard 256 bits in CBC mode.
Cryptography and security
Key exchange
Voice encryption devices must establish a shared secret key before doing the actual voice encryption. This shared secret key is established by a key exchange, buy means of an algorithm known as diffie-hellman. SECVOICE 3G uses the variant known as ECDH (Elliptic curve Diffie-Hellman)
Encryption algorithm
After the key exchange the devices have a shared secret key that can be used for the actual encryption, which is now done by a so called symmetric encryption algorithm. SECVOICE 3G uses the one known as the AES (Advanced encryption standard) or Rijndael (the actual name of the algorithm which was made the standard).
Encryption mode
Besides the encryption algorithm, encrypting a conversation takes an encryption mode. The encryption mode must be one which will enhance the encryption security. SECVOICE 3G uses the mode known as CBC or Cipher-Block Chaining. This mode assures an extreme level of protection against any cryptanalysis attack.
Considerations and comparisons
There is an old saying that states: 'The chain is as strong as it's weakest link'. Encryption technology is as a chain and the links are the key exchange and encryption algorithm. So the voice encryption is as strong as the key exchange algorithm and there is no point in using a 256 bits symmetric encryption algorithm if the key exchange is weaker than that. Check the following table.
| Product |
Key exchange algorithm |
Security level normalized for
voice encryption |
| 1 |
Not specified |
0 |
| 2 |
RSA/DH 1024 bits |
80 |
| 3 |
RSA/DH 2048 bits |
112 |
| 4 |
RSA/DH 4096 bits |
160 |
| SECVOICE 3G |
ECDH 571 bits |
256 |
Not specified: key exchange algorithm not specified, security can not be assessed
RSA/DH: Rivest Shamir Adleman/Diffie-Hellman
ECDH: Elliptic Curve Diffie Hellman
It must be noted that each extra bit doubles the security of the encryption process. A 161 bits encryption is two times more secure than a 160 bits encryption. So SECVOICE 3G is 1.000.000.000.000.000.000.000.000.000.000 more secure than other product using RSA/DH 4096 bits.
This table lets you compare encryption and key exchange algorithms strength. The strength is defined the lowest number in the line.
Symmetric Encryption
key length |
RSA/Diffie Hellman
key length |
Elliptic Curve
key length |
| 80 |
1024 |
163 |
| 112 |
2048 |
224 |
| 128 |
3072 |
283 |
| 192 |
7680 |
409 |
| 256 |
15360 |
571 |
|
