TMCnet
ITEXPO begins in:   New Coverage :  Asterisk  |  Fax Software  |  SIP Phones  |  Small Cells
 

Product Reviews
 August 2001

 

SecurePhone

Information Security Corporation
1141 Lake Cook Road, Suite D
Deerfield, IL 60015
Ph: 847-405-0500
Fx: 847-405-0506

Price: Ranges from $200 - $595 per user depending on the number of users. Prices vary when bundled with a specific headset or handset. Lite version is free.

Editor's Choice Award

RATINGS (0-5)
Installation: 5
Documentation: 4.9
Features: 4.25
GUI: 4.25
Overall: B+


There are many applications that allow for VoIP calls over the Internet, but few of them take extra precaution when it comes to security. Often, the conversations that normally take place over the Internet or regular phone lines are recreational, so it is doubtful that anyone would attempt to tap into these calls. However, for more confidential calls, users may need an application that focuses on the security of their data and phone networks. Information Security Corporation's SecurePhone does exactly that by implementing 112-bit triple DES voice encryption and using public key cryptography authentication to recognize the identity of the person with whom you are speaking. SecurePhone Lite, which is free software with less functionality than the real product, comes with 40-bit DES voice encryption.

INSTALLATION
The installation of SecurePhone can be completed for a single user in less than five minutes. With a few clicks of the mouse, and by entering identity information, the process is just about complete. Users do not even need to reboot their PC, even when using the Windows 98 operating system. When users open the SecurePhone application for the first time on a particular PC, they must move around the mouse for about 30 seconds so that the application can find a good source of random numbers in order to generate cryptographically secure session keys for calls. This only needs to be done once for each individual installation.

DOCUMENTATION
Besides a description of the features that can be found at Information Security Corporation's Web site, the documentation comes in the form of help files. Since they are understandable and completely context-sensitive, the help files provide valuable information and offer a healthy dose of troubleshooting in case of problems. Users can even bookmark files that are especially helpful to them. The only minor complaint we have about the help files is the lack of a keyword search option.

FEATURES
The following is a list of the main features of SecurePhone Lite:

  • Security -- 40-bit DES voice encryption with authentication.
  • Internet voice calls or direct dial calling via a modem through the PSTN.
  • Call logging -- log of incoming and outgoing calls with length of conversation and IP address of the other party stored; numbers from incoming modem connections can also be logged with Caller ID.
  • Do Not Disturb functionality.
  • Fifteen speed dials.

The complete SecurePhone offers these main additional features:

  • Security -- 112-bit triple DES voice encryption and additional authentication.
  • Encrypted voice mail with any MAPI client and optional embedded callback request.
  • Full duplex instead of the half duplex sound offered with SecurePhone Lite.
  • Low- and high- bandwidth codecs instead of just a low-bandwidth codec offered with SecurePhone Lite.

OPERATIONAL TESTING
The graphical interface of SecurePhone looks like a square, two-dimensional executive phone, equipped with an LCD, speed dial buttons, and keypad. There are a number of ways to call another SecurePhone client. An IP address or direct telephone number (only if the user is dialing up with a modem) can be typed, selected via the drop-down box, or entered using the keypad. Contacts can be entered and stored in the phonebook settings. Then, by pressing the Setup button, these listings can become speed dials by simply selecting the name and adding it to the speed dial list. Users can also add or remove names by double clicking on them. In addition, selecting a name and clicking either the Shift Up or Shift Down button can reposition the speed dials.

By clicking the Options button, we checked all of the settings to see if they were to our liking. We tested the sound for the microphone and speakers by recording some dialogue and playing it back. We also decided to use UDP (User Datagram Protocol) for our Internet calling even though we could have used TCP (Transmission Control Protocol). UDP is preferred because the protocol ignores dropped or out-of-sequence packets, thereby usually achieving better audio performance. However, TCP may be preferred when calling from a wireless network or if the network's firewall is not compatible with UDP.

We could also choose which algorithm key type we wanted. These algorithms are used mostly for authentication purposes. The most common one used is DSA-1024, although the less powerful DSA-512 is automatically used for SecurePhone Lite. If a user of the complete application is allowed to talk to SecurePhone Lite users, SecurePhone will generate a temporary DSA-512 key to compute the session key. The user's preferred public key will be used for authentication by the Lite user.

We then placed a number of VoIP calls over our LAN. When a call is accepted, a screen pops up showing the status of the call and the codec and encryption being used. A shared secret code is also given to further prevent an attempt for someone to tap into the conversation. However, the only options that can be adjusted by the user are the speaker and microphone settings and the latency (from 1-20, 1 being the lowest amount of latency). One might ask why anyone would want anything other than the lowest possible latency. The reason is this: At a higher latency, the quality of the call may actually be better for someone using a low-bandwidth dial-up connection that many laptops use. Adjusting this setting during a call may help alleviate interruptions in voice transmission. As far as our calls were concerned, we were able to hear a difference in latency when changing that setting. Since we were using a high-speed connection, the lower latency was better for us. For the most part though, the sound quality was adequate but not as good as some other applications we have used.

As for the voice mail, the user essentially sends a recorded WAV file via e-mail. Many applications commonly do this. The difference here is that these messages are encrypted, so the recipient must decrypt the message before playing it. The recipient can also place a secure callback to the sender.

ROOM FOR IMPROVEMENT
SecurePhone has all the basics for an encrypted VoIP application in that it offers one to one calling with different levels of DES encryption and such features as speed dials and voice mail. The next step to such an application would be to add fundamental call control functionality, such as transferring and holding calls using the GUI. Voice and even video conferencing would also make SecurePhone more appealing. Of course, the difficult part would be to provide these features with the same encryption and authentication capabilities as when making a one to one call from one SecurePhone application to another. Interoperating with other applications, such as NetMeeting, would sacrifice security unless a partnership between companies was struck, so interoperability would therefore not be a room for improvement issue.

CONCLUSION
As the name implies, security is the key to this product, and that is indeed where its strength lies. There are many software applications that have more Internet telephony VoIP capabilities and these applications may even have better voice quality, but none of them have the encryption and authentication capabilities to match that of SecurePhone. For this reason, those that find security of utmost importance would find this product very useful, so we recommend SecurePhone for these customers. We also award Information Security Corporation with our award for addressing these security concerns.

[ Return To The August 2001 Table Of Contents ]



Today @ TMC
Upcoming Events
ITEXPO West 2012
October 2- 5, 2012
The Austin Convention Center
Austin, Texas
MSPWorld
The World's Premier Managed Services and Cloud Computing Event
Click for Dates and Locations
Mobility Tech Conference & Expo
October 3- 5, 2012
The Austin Convention Center
Austin, Texas
Cloud Communications Summit
October 3- 5, 2012
The Austin Convention Center
Austin, Texas