Call encryption for Nokia cell phones
While phone calls over GSM are always encrypted, it is relatively easy to decrypt them if you have the right hardware. Now, a microSD card with a crypto-processor is to provide greater security. Secusmart of Düsseldorf, Germany has released a product it calls Secuvoice, which encrypts calls with 128-bit AES; for negotiations of the symmetric encryption key, it uses the Elliptic Curve Cryptography (ECC) method. In this procedure, shorter keys can be used than in asymmetric approaches, so that negotiations only take three seconds, which the company says is "very fast".
The Secuvoice software uses the GSM codec to encode analogue call data before they are sent to the crypto chip for encryption. Once encrypted, the data are transmitted via the GSM network's CSD channel at 9.6 kB/s. A certificate that authenticates both callers regardless of the directory number is stored on the card, which is itself protected by a PIN.
The vendor says that all data related to security remain on the microSD card at all times, which is not the case with GSM encryption via software. This means that the company's approach fulfils the prerequisites for Germany's upcoming Bundesamt für Sicherheit in der Informationstechnik (BSI) certification for utmost confidentiality – "VS-nfD" (Verschlusssache-Nur für Dienstgebrauch, meaning – classified, keep in a secure place, for official use only). The microSD card can be used with the following Nokia models E51, E66, E71, N78, N81, N82 and N95.