Ostel.co began as a R&D effort sponsored by The Guardian Project. The question: Is a peer-to-peer secure voice and video call network possible to build with open Internet standards and Open Source software? After two years and tens of thousands of users later, the answer is a resounding YES!
Two of the crucial components of any standards based VoIP service are infrastructure to route calls and a database to locate end users.
[Read More]
VoIP security architecture in brief
Voice over IP (VoIP) has been around for a long time. It’s ubiquitous in homes, data centers and carrier networks. Despite this ubiquity, security is rarely a priority. With the combination of a handful of important standard protocols, it is possible to make untappable end to end encryption for an established VoIP call.
TLS is the security protocol between the signaling endpoints of the session. It’s the same technology that exists for SSL web sites; ecommerce, secure webmail, Tor and many others use TLS for security.
[Read More]
Jitsi, ostel.co and ISP censorship
Earlier last week n8fr8 suspected something changed on the ostel.co server, due to many users emailing support specifically about Jitsi connectivity to ostel.co. The common question was “why did it work a few weeks ago and now it doesn’t anymore?”
The tl;dr follows, skip to keyword CONCLUSION to hear only the punch line.
To support n8fr8’s hypothesis, there was a small change to the server but I wan’t convinced it effected anything since all my clients continued to work properly, including Jitsi.
[Read More]
Carrier Grade, Verizon and the NSA
Last week Glenn Greenwald at The Guardian broke the news that Verizon has been providing the NSA with metadata about all of the calls over a subsidiary’s network. This subsidiary is called Verizon Business Network Services. It is a privately held company that “owns, operates, monitors, and maintains data and Internet networks in North America, Europe, Asia, Latin America, Australia, Japan, and Africa. The company provides converged communication solutions, such as local and long-distance voice, messaging, and Internet access services.
[Read More]
Lower Bounds of The Narrow Bands
Voice is becoming a standard feature of any messaging app on mobile phones, in various forms using many different protocols. There’s the old guard, whom I will refer to as “Skype”. Some tough questions have been thrown their way by many groups who support a free Internet. There’s Google Voice, which is not really VoIP. Apple is playing around in the hedge maze inside their walled garden with iChat. There’s also Facebook, who is rolling out voice calling in Canada and the USA in their Messenger app on iOS.
[Read More]
Mumble and the Bandwidth – Anonymous CB radio with Mumble and Tor
The journey towards anonymous and secure voice communication is a long one. There’s lots of roadblocks to get your voice from point A to point B over the Internet if you need to prevent eavesdropping or censorship. There is the limited bandwidth of mobile data connections. There is the high latency of the TCP protocol. To achieve anonymity via Tor, there’s even more latency added to each packet.
Mumble is a non-standard protocol that was originally designed for realtime voice chat for video games.
[Read More]
Voice over Tor?
Voice calls over Tor are supposed to be impossible. It seems this may no longer be the case.
Without being able to do voice over IP (VOIP) conversations over the Tor network, people are prevented from being able to route calls outside of censored networks. People ask us if there is any way they can route voice traffic through Tor to avoid blocks. To our surprise, we tested Skype and found that it can work acceptably over Orbot.
[Read More]
Threats and Usability of Secure Voice
In my previous post I found that end-to-end encryption with OSTN is both effective and usable. There are two important things the user must be aware of when using OSTN. They must confirm with each phone call that the encryption icon is present and they must correctly complete SAS verification dialog boxes. So on a basic level, encrypted voice just works. But, what does this all mean? This post looks at the threats to security and usability of encrypted ZRTP phone calls in CSipSimple.
[Read More]
A Network Analysis of Encrypted Voice over OSTN
Introduction to OSTN
The OSTN network stands for Open Source Telephony Network. It is a federated network standard for supporting Internet calling with end-to-end encryption ala ZRTP. Its very similar to e-mail in that VOIP calls can be routed to addresses such as user@domain.tld. Its a simple concept, but I believe it to be ground breaking implementation! Never before have I seen such an accessible solution to encrypted VOIP calls. OSTN is platform independent, is a federated network, and it is an open standard such that it is widely adoptable.
[Read More]
<!--:en-->OSTN secure VoIP wizard now built into CSipSimple for Android<!--:-->
If you saw our last post about how to
setup your own secure voice-over-IP server instance, then this news is for you.
If you are an Android user looking for the best open-source VoIP app, and really need one that can support secure communications, then this post is ALSO for you.
CSipSimple, the previously mentioned “best VoIP app”, now includes a wizard for setting up an account configuration for any server which complies with our Open Secure Telephony Network specification.
[Read More]
<!--:en-->Build your own Open Secure Telephony Network, some assembly required<!--:-->
The Open Secure Telephony Network is a standard that defines how to configure a VoIP softswitch with the capability to have secure two-way VoIP conversations if both parties are using the same server. The system requires both backend and frontend components, which makes OSTN is a little different than some of the other Guardian apps. Unlike Gibberbot, there are few public SIP services that support secure signalling for a mobile app to connect with.
[Read More]
Cross-Domain calling, or “toll-free long distance VoIP”
In a standard OSTN configuration, the Fully Qualified Domain Name (FQDN) of the server running Freeswitch is a core dependency to operate the service. For example, the domain ostel.me was first configured as a DNS record, a server was bootstrapped with ostel.me as the local hostname and a Freeswitch cookbook was run using the Chef automation system. Because the domain was configured both in DNS and locally, the cookbook has enough information to automatically build an operational OSTN node.
[Read More]
Mobile mesh in a real world test
Nathan, Mark, Lee, and I tried some OLSR mesh testing during the May Day protests and marches. We were able to get 4 devices to associate and mesh together, but not without some trials and travails. Two pairs of devices setup two separate BSSIDs, so were on separate networks. We turned them all off, then associated them one at a time, and then they all got onto the same BSSID and olsrd started doing its thing.
[Read More]
Singing and Dancing for Encryption
If you see me dancing or signing with my phone in my hand, I may not just be having a great time, but also creating an encryption key. Part of the issue with security is that it can often be difficult to implement or an added step in what users want to be an easy and seamless process. What if we can make secure and private communications fun and easy?
[Read More]
Acrobits Groundwire – OSTN supports iPhone
The Guardian Project develops open source software primarily for the Android platform but we strive for security by design to be a part of all platforms. With OSTN, there are two major components. The the first is the server, which operates as the primary user directory and call switch. The other is the client, which is the program you interact with to send and receive calls.
While the Apple App Store forbids distribution of GPL licensed software from their service, the underlying protocols used by OSTN are open, so even iPhone developers may implement them in a proprietary client application without breaking any intellectual property laws.
[Read More]
VoIP Survey Results of NGOs, Human Rights Groups and Activists
In November 2011, 25 individuals were surveyed using an online form, representing typical end-users, global journalists, activist and human rights organization perspectives (Thank you to all the participants!). The goal of the survey was to establish a baseline understanding of the types of tools and expectations our target user community has around making “telephone calls” over the internet, otherwise known as Voice over Internet Protocol (VoIP).
This survey is part of our work on the Open Secure Telephony Net (OSTN).
[Read More]
Free SIP Providers with ZRTP support
This post is part of a series on our work researching the Open Secure Telephony Network. After you have CSipSimple installed on your mobile handset, you will need a place to register a SIP username so you can contact others. The fastest way to get started with this is to use one of a handful of free SIP providers. I like the Ekiga free SIP service.
The only drawback to this service is the userbase is large enough that the namespace of easy to remember words is frequently occupied.
[Read More]
Open Source SIP Client for Android
The first step in the Open Secure Telephony Network (OSTN) is a client. We can’t make a phone call without a phone. In this case there are three primary goals and a number of optional features. The primary goal is an application which speaks the SIP protocol for signalling. It must also speak the ZRTP protocol for peer to peer encryption key exchange. Finally the client must have source code freely available with a license that allows free redistribution.
[Read More]
Open Secure Telephony Network
Over the last two months, I have been working on a project to research and develop a set of tools to provide secure peer to peer Voice over IP on the Android mobile platform. It is called the Open Secure Telephony Network, or OSTN. This work is done under the umbrella of The Guardian Project.
this is not the type of “open” we mean, and definitely not secure
The project will continue for another four months and I will post my public findings here.
[Read More]
How To: Setup a Private VOIP Phone System for Android
MAY 2011: Learn more about our new efforts on the Open Secure Telephony Network at https://guardianproject.info/wiki/OSTN – we currently recommend the CSipSimple Android app instead of SIPDroid, for secure voice calls.
Near the very top of Guardian’s open-source application suite wish list is something that might seem like a no-brainer for a secure mobile device: voice. When we take into account network performance and audio fidelity requirements, as well as the International nature of Guardian’s target users (everything from average citizens to multi-national journalists or humanitarian organizations), the prospect of a truly real-time secure VOIP solution starts to reveal itself as quite the challenge.
[Read More]