ZFone

1
ZFone
2
ZFone

• Zfone is software for secure voice communication
  over the Internet (VoIP), using the ZRTP
  protocol. It was created by Phil Zimmermann, the
  creator of the PGP encryption software. Zfone
  turns many existing VoIP clients into secure
  phones. It runs in the Internet Protocol stack on
  any Windows XP, Mac OS X, or Linux PC, and
  intercepts and filters all the VoIP packets as
  they go in and out of the machine, and secures
  the call on the fly. A variety of different
  software VoIP clients can be used to make a VoIP
  call. The Zfone software detects when the call
  starts, and initiates a cryptographic key
  agreement between the two parties, and then
  proceeds to encrypt and decrypt the voice packets
  on the fly. It has its own separate GUI, telling
  the user if the call is secure. Zfone acts as if
  it were a "bump on the wire", sitting between the
  VoIP client and the Internet, but implemented in
  software in the protocol stack.

3
Phil Zimmermann

• Philip R. "Phil" Zimmermann Jr. (born February
  12, 1954) is the creator of Pretty Good Privacy
  (PGP), the most widely used email encryption
  software in the world. He is also known for his
  work in VoIP encryption protocols, notably ZRTP
  and Zfone. In 1991, he wrote the popular Pretty
  Good Privacy (PGP) program, and made it available
  (together with its source code) through public
  FTP for download, the first widely available
  program implementing public-key cryptography.
  Shortly thereafter, it became available overseas
  via the Internet, though Zimmermann has said he
  had no part in its distribution outside the
  US.public-key cryptography. Shortly thereafter,
  it became available overseas via the Internet,
  though Zimmermann has said he had no part in its
  distribution outside the US.

4
How Zfone Works

• Zimmermann's Zfone uses public key algorithms
  without relying on PKI. Instead of using
  persistent public keys, it destroys the keys at
  the end of a call.
• However, it saves some of the key material and
  uses it in the next call to provide key
  continuity. This helps prevent man-in-the-middle
  (MITM) attacks. The software displays a hash of
  the symmetric key used to encrypt the call, which
  you can compare to the hash displayed to the
  person at the other end of the call. If they
  match, you're good to go. If not, you may be the
  victim of a MITM attack.
• The ZRTP protocol negotiates the cryptographic
  keys over the Real-Time Transport Protocol (RTP)
  stream and doesn't involve the Session Initiation
  Protocol (SIP) servers in the process. Key
  management is peer to peer, and it doesn't rely
  on servers.

5
RTP(Real-Time Transport Protocol)

• The Real-time Transport Protocol (RTP) defines a
  standardized packet format for delivering audio
  and video over the Internet. It was developed by
  the Audio-Video Transport Working Group of the
  IETF and first published in 1996 as RFC 1889, and
  superseded by RFC 3550 in 2003.
• RTP is used extensively in communication and
  entertainment systems that involve streaming
  media, such as telephony, video teleconference
  applications and web-based push to talk features.
  For these it carries media streams controlled by
  H.323, MGCP, Megaco, SCCP, or Session Initiation
  Protocol (SIP) signaling protocols, making it one
  of the technical foundations of the Voice over IP
  industry.
• RTP is usually used in conjunction with the RTP
  Control Protocol (RTCP). While RTP carries the
  media streams (e.g., audio and video) or
  out-of-band signaling (DTMF), RTCP is used to
  monitor transmission statistics and quality of
  service (QoS) information. When both protocols
  are used in conjunction, RTP is usually
  originated and received on even port numbers,
  whereas RTCP uses the next higher odd port
  number.

6
VoIP(Voice over Internet Protocol)

• Voice over Internet Protocol (VoIP) is a general
  term for a family of transmission technologies
  for delivery of voice communications over IP
  networks such as the Internet or other
  packet-switched networks. VoIP systems employ
  session control protocols to control the set-up
  and tear-down of calls as well as audio codecs
  which encode speech allowing transmission over an
  IP network as digital audio via an audio stream.
  Codec use is varied between different
  implementations of VoIP (and often a range of
  codecs are used) some implementations rely on
  narrowband and compressed speech, while others
  support high fidelity stereo codecs.

7
References

• Front Photo
• http//www.voipsecuritytraining.com/padlocksmall.j
  pg
• Biography
• http//en.wikipedia.org/wiki/Phil_Zimmermann
• Zfone
• http//en.wikipedia.org/wiki/Zfone
• VOIP
• http//en.wikipedia.org/wiki/VoIP
• How Zfone Works
• http//articles.techrepublic.com.com/5100-10878_11
  -6175940.html