This is the fourth post in a series of posts (part 1, part 2, part 3) describing a secure alternative to applications like WhatsApp. I started with the following statement:
I believe it is possible to build a system with the simplicity and functionality of WhatsApp or Viber, which provides end-to-end encryption, is built on free software and open protocols, that supports federation and is almost decentralised, and that would allow interested companies to turn a profit without compromising any of these principles.
Now that most of the infrastructure has been described, in this post I will talk about the user-visible part: a mobile SIP client specially tailored for this architecture.
Features
For Yakker to be successful, an application that is visually attractive and simple to use, while providing excellent call quality and stability, is critical. This idea is useless if only geeks adopt it: I want my parents to use it, I want my non-techie friends to use it. I want to tell them to switch from any of the other applications, not only because it is more secure, open and community-based, but also because it is better.
For Android, there is already some excellent free applications that could be used as a starting point: Lumicall, CSipSimple and Linphone. I haven't tried it yet, but Linphone has a port to iOS too.
Apart from the quality considerations, the following features must be added:
- Certificate creation and proper storage in the mobile device.
- An account creation wizard that interacts with the directory service and the account providers. Lumicall currently does something like this already, but only for their own ENUM and SIP server only.
- Proper DNSSEC validating resolver to securely get the callee's certificate and ENUM record.
- Optionally, use the directory service API to query records instead of DNS, to enhance privacy.
- Periodic verification of the user's own ENUM and certificate records in DNS.
- Use of those certificates to set up the SRTP stream, instead of unauthenticated encryption. Text messages must be encrypted in the same way, but included in the SIP message. SIPs encryption is not enough, as the proxies and service providers can read them.
- Integration with the system's address book.
- ENUM lookup, and SIP SRV lookup to detect phones with an associated SIP account.
- When the called party does not have a SIP account, the client must offer to call using the PSTN gateway at service provider, if it provides one, and to call using the GSM network. It needs to be fast and reliable, so people can use it as the default texting and calling application.
- Provide an interface to query account's balance, calling rates, and to buy credit. Possibly, offer this by opening a web browser, but negotiating authentication first, so the user does not need to enter an user name or password.
- Capabilities to migrate to a different service provider.
- A secure way to share the key pair with another trusted device.
- A way to import a key pair created by the user manually.
I am probably missing a bunch of other capabilities that need to be implemented. It is a lot of work.
Some of these features would only be useful for participants of the Yakker network, but there are others that could be useful for every SIP user, and therefore, implemented first.
For example, SIP accounts that are not associated with a phone number could publish certificates under the same domain, and have the client use them to have secure communications with legacy infrastructure.
Funding
I am aware that this amount of work is not going to happen overnight. In fact, without a bunch of people from the community interested in the project, it is never going to happen.
The good news is that I think that companies might be interested in investing in this. A company could create their own branded version of the client, and use advertisements or service provider preference (the provider the user gets unless they choose one manually) to generate income.
As long as the code remains free, and the client is compatible with the whole system, there could many competing clients out there. Their own promotion schemes would work for the benefit of the whole system, by bringing more users.
Risks
The biggest threat would be of one client monopolising the network, and then changing the protocols to make the system a walled garden. It has already happened with GTalk, so there is precedent for this.
I don't think there is any way to stop a big company from doing this, but one strategy to mitigate the risk a bit would be to create a brand (Yakker or whatever this ends up being called) and have it managed by a trusted community organisation, which can revoke the right to use the brand when a party is not behaving.
my biggest concern is how to (create and) store certificates on an insecure (i.e. NSA owned, and there are not many others) mobile device. do you have any thoughts on this issue? -- gregoa
Hi Gregor!
I completely understand what you mean. But if the device is compromised, you already have no hope. This at least tries to avoid anybody else to eavesdrop on your conversation. The important thing is that the key material is only used for communications with that device, so the exposure surface is diminished, not enlarged.
for secure voice calls moxie's red phone is a serious option: https://github.com/WhisperSystems/RedPhone/wiki/Architecture-Overview
Alois,
My comment on TextSecure also applies to RedPhone: they use a custom protocol, and OTR for peer authentication. I think these two are important problems for the idea I have.