Novel solution to better secure voice over internet communication

  • Crypto Phones consist of smartphone apps, mobile devices, personal computer or web-based Voice over Internet Protocol applications that use end-to-end encryption to ensure that only the user and the person they are communicating with can read what is sent.
  • In order to secure what is being communicated, Crypto Phones require users to perform authentication tasks.
  • Research has shown that these tasks are prone to human errors, making these VoIP applications and devices highly vulnerable to man-in-the-middle and eavesdropping attacks.
  • To ensure that a man-in-the-middle attacker does not interfere with the transmission of the message, traditional Crypto Phones rely on the users to verbally communicate and match a key, called a checksum, that is displayed on each user’s device.
  • The users must verify that the voice announcing the checksum is indeed the voice of the other user they wish to communicate with. Closed Captioning Crypto Phones fully automates checksum comparison.
  • Closed Captioning Crypto Phones remove the human element from the checksum comparison process by utilizing speech transcription.
  • When a user announces the checksum to the other person CCCP automatically transcribes the spoken code and performs a code or checksum comparison for the user.
  • In an online experiment designed to mimic a real-life VoIP call, more than 1100 audio files containing 4-word and 8-word checksums spoken by a variety people CCCP eliminated the chances of the data being intercepted or captured via a man-in-the-middle attack due to human errors or clicking through the task and complete detection of mismatching checksums was made.
  • Their work shows that by automating the checksum comparison verification users are unburdened by only having to perform a single verification task. CCCP not only eliminates the human errors, but also facilitate use of longer checksums, which further strengthen the security.
  • This may also help increase the awareness of human users in detecting malicious voice imitation attempts by attackers. In a study analyzing the security and usability of user-centered code verification tasks, found that most end-to-end encryption code verification methods offer poor security and low user experience ratings.
  • People were asked use numeric code verification, Security and usability security under remote verification settings was found to be significantly lower than in a close proximity code verification setting due to human errors.

Leave a Reply