You are on page 1of 5


Wireless Voice

Securing Wireless Voice Page 1

Wireless voice communication is increasingly the lifeblood of enterprise,

government and industrial workflow. But as mobile phones, smartphones
and voice-enabled PDAs become more and more like full-fledged computing
platforms (e.g., mobile Linux, Java, Symbian, Windows), they are exposed to
vulnerabilities that were previously associated only with wired IT systems,
such as eavesdropping on calls and data sessions (mobile intercept), user
masquerading, theft of service, theft of personal data, session spoofing,
device cloning, backdoors and mobile identity theft.

Like any IT resource, smartphones, mobile With conventional security software, KoolSpan for end-to-end wireless voice
phones and PDAs are potentially vulnerable encryption routines running on mobile device security
to viruses, worms, Trojans and spyware. platforms are largely defenseless and In response to the growing array of mobile
Malware threats that were once targeted vulnerable to a large number of hacker device malware and hacker threats, and
at LAN-based desktop and data center exploits and viral threats at the applica- the security deficiencies of enterprise and
computers are now attacking mobile tion, operating system and network levels. wireless operator networks, KoolSpan
devices and mobile service provider net- In the current era of escalating cyber delivers plug-and-play secure connections
works. Mobile malware has been found to threats, mobile platforms need a better for wireless productivity devices, including
be very effective at attacking mobile voice approach to network encryption and smartphones, PDAs and various ruggedi-
and data sessions through open protocols authentication. This new approach must zed mobile voice platforms (e.g., Symbol
and services. shield device-based security software from Technologies and Motorola).
the vulnerabilities of open platforms and
networks, so that wireless mobile CDMA
and GSM voice traffic can be fully protected,
end to end.

Securing Wireless Voice Page 2

Figure 1. Secure mobile voice sessions with AES 256-bit encryption and
mutual authentication

Small footprint device driver Small footprint device driver

Secure voice and files on data channel

Circuit switched call setup


KoolSpan TrustChip SD Card KoolSpan TrustChip SD Card

KoolSpan’s solution is end to end from hardened silicon hardware with on-board certificate management (PKI, IKE, Keberos,
the originating mobile device, through the crypto processing and secure memory RSA, etc). KoolSpan authentication is
network, to the destination device. This operations. The crypto card platform conducted bidirectionally at three levels: 1)
can be visualized as a two-way secure creates an ideal tamper-proof, tamper- at the device level, 2) at the session level,
tunnel that encrypts and continuously evident environment for running advanced and 3) continuously on a per-packet basis,
authenticates traffic, regardless of encryption routines, and storing keys and which ensures that hackers cannot conduct
vulnerabilities in underlying cellular other security data. KoolSpan offers a vast man-in-the-middle attacks, dictionary
networks. improvement over conventional security attacks, replay, and cloning or spoofing
software products that store secret keys exploits.
KoolSpan crypto software and hardware on end-user or server hard disks that are
can be easily embedded by OEMs in vulnerable to human and malware attacks, KoolSpan’s powerful encryption technology
mobile devices, mobile application servers, including a wide range of Trojan Horses, is necessary for protection of critical
wireless portals and VoIP systems. Crypto backdoors, rootkits, etc. infrastructure, but many attack vectors
processing hardware in the form of the aren’t directed exclusively at the encrypted
KoolSpan TrustChip is embedded through The memory and processing resources data in transit. Hackers and blackhats will
the industry-standard SD Card form on crypto cards and embedded silicon are also hack into end devices and servers via
factor. To complement the TrustChip hardened to defend against digital and internal backdoors, rootkits, bots, or
silicon, KoolSpan crypto software is physical attacks. By running encryption through VPN tunnels. Badly implemented
available in quickly deployable API processing on specialized hardware, IT security infrastructure and misconfig-
libraries that can be added to mobile KoolSpan off-loads computationally inten- ured security settings are of great
devices and management platforms as a sive CPU demands and storage overhead assistance to hackers and many types of
driver that is loaded during boot-up. from the mobile device. This approach malware. In contrast, KoolSpan encrypted
KoolSpan management console software ensures minimal device footprint and high and authenticated connectivity is, by
is also available for integration and OEM performance, even on resource-constrained design, an out-of-the-box security
product development. mobile device platforms. solution. KoolSpan requires little or no
setup and completely isolates critical
KoolSpan hardware and software KoolSpan encryption software sets up an device traffic and operator console traffic
KoolSpan’s award-winning enhanced 256- AES 256-bit secure tunnel between end from outside attack, end to end.
bit AES cryptographic algorithms run on points without any need for public keys or

Securing Wireless Voice Page 3

In operation, KoolSpan’s integrated function allows network administrators to

TrustChip crypto hardware and proprietary dynamically create security groups and
software together provide a hardened and permit/deny security associations for
dedicated “security engine” in each mobile participating users and client mobile TRUSTCHIP

voice device, enabling a very wide range devices. Managing KoolSpan centrally
of secure wireless voice interactions for presents an opportunity to create a granular
corporate, industrial and government set of privileges for mobile devices and
users. KoolSpan’s high-performance secu- mobile application servers. Access rights
rity engine supports encryption, authenti- for secure KoolSpan connections can be
cation, user identification, mobile device defined for each device and each
PINs, and key management services for upstream application. This means that Small software driver

popular mobile phones and wireless voice corporate mobile users will have
devices. When the TrustChip is inserted in connectivity only to mobile devices and
a mobile device via standard SD card slot, services for which they have explicit rights. Scalability. KoolSpan’s significant advantage
it enables device-to-device 256-bit AES in scalability means there’s no need to cre-
encrypted TrustedConnections, which fully In the peer-to-peer version, all the neces- ate complicated traffic management rules or
protect end-to-end voice traffic. The sary authentication keys, identity codes security key administration procedures and
KoolSpan engine grants mobile devices and crypto algorithms are pre-loaded into policies. KoolSpan-protected security
membership in a virtually limitless number the KoolSpan TrustChip or SD Card hard- devices can authenticate and encrypt
of security groups - referred to as ware during installation. From that point sessions with little or no centralized
TrustGroups. In peer-to-peer mobile device on, mobile devices authenticate sessions administration across all types of CDMA
communities, TrustGroups do not require and set up secure end-to-end tunnels and GSM networks. KoolSpan security
central administration after initial installa- automatically. Once peer-to-peer devices scales seamlessly to a very large number
tion. In centralized configurations, security are installed and operational, they can of devices/end points that all benefit from
groupings and associations within continue to dynamically form secure con- simple plug-and-play connection protection.
TrustGroups can be managed from a cen- nections within their security groups for an
tral KoolSpan console on an ongoing basis. indefinite amount of time without operator Secure processing and storage. Often, the
intervention. open nature of Linux, Java and Windows
KoolSpan’s streamlined mobile device systems, which all have many well-known
service API makes it easy for developers In both the peer-to-peer and centralized components including network ports/sockets,
and OEMs to deploy product that support versions, KoolSpan secure mobile device operating software libraries, I/O architec-
very scalable communities of secure connectivity is essentially plug and play, tures and application interfaces, hampers
mobile voice devices. The KoolSpan requiring none of the complex configuration, conventional network security. Hackers and
TrustChip is the optimum approach to administration and network architecture blackhats take advantage of vulnerabilities
secure mobile voice for popular cell modifications that are associated with in open security device platforms to com-
phones, smartphones and PDAs that don’t conventional IP firewalls and VPNs. promise and defeat VPNs and firewall
have the processing power, memory or perimeters on a regular basis. KoolSpan
built-in crypto processing capabilities that KoolSpan strengths and benefits avoids these problems by running its rou-
are necessary for simple, secure voice In non-traditional IT spaces where tines on hardened, tamper-proof crypto
communications. special-purpose online machines and hardware. Critical data and application ses-
terminals (enterprise, government and sions are fully authenticated and encrypted
Peer-to-peer or centralized other mission critical voice communication end-to-end on a packet by packet basis,
Security relationships between mobile environments) need improved end-to-end leaving no holes in security for traffic that
devices can be either peer-to-peer or security, the KoolSpan connectivity solution is inside or outside the firewall.
centrally administered. In the central delivers a wide range of benefits including:
KoolSpan model, a management console

Securing Wireless Voice Page 4

Device footprint. Today’s desktop and data Network latency and overhead. Many communications. KoolSpan has responded
center systems feature ever-increasing security device applications require to this need with advanced crypto software
amounts of disk and memory space to real-time or near real time network and hardware that is specially designed to
accommodate more and more robust communications to support point of sale easily integrate into existing mobile
applications and operating systems. Infinite transactions, financial services, and other devices in enterprise, public and government
storage space is not always the case with interactive applications. Due to the voice networks. The KoolSpan solution
online security devices that often have complexities of the key exchange, provides machine and terminal applications
constraints on memory and disk resources. encryption and security handshaking, with end-to-end encryption and authenti-
KoolSpan is ideal for constrained devices VPNs and other conventional IT security cation that is not readily available from
because it has a very small footprint on methods can introduce substantial network conventional security software solutions.
end devices in terms of how much code latencies during session initiation and Whether you are an OEM, systems integra-
space is required. KoolSpan encryption and traffic forwarding. KoolSpan, by contrast, tor, consultant or enterprise end user,
authentication routines run on TrustChip minimizes network overhead and session please contact KoolSpan for detailed
hardware in SD Cards. Along with the start-up time, introducing an absolute information on how your specific online
TrustChip hardware, a small software driver minimum delay into secure connections. machine or terminal application can
is loaded into each mobile device, which benefit from simple secure connectivity
means that the footprint is minimal and Simplicity and ease of use. KoolSpan- today.
non-intrusive, requiring no expensive protected security devices can set up P2P
upgrades to systems or operating software. security associations that require no external For more details on the underlying
key management administration or certifi- security technologies please see
Device processing demand. IPsec and cate servers. The KoolSpan end-to-end KoolSpan’s Foundation Technology
related IT security programs typically run security model allows highly automated white paper
on the main memory and processors of authentication and encryption in an
client and server computer devices, which extremely scalable plug-and-play, peer-to- For More Information
is known to cause substantial overhead in peer security architecture—without complex Please call 240.880.4400, or go to
terms of memory and processor usage. configuration and administration. If cen-
Mainstream IT security methods can rob tralized controls are needed, they can be
horsepower and code space from online deployed without the major administrative
security devices with computationally and policy burdens that are associated
intensive processing and contribute to with VPNs and PKI.
reduced performance. In contrast,
KoolSpan runs its routines using the Conclusion
advanced dedicated crypto processor that Our current climate of heightened security
is available in TrustChip SD Cards and demands for a more proactive and com-
related embedded hardware that KoolSpan prehensive approach to providing wireless
and partner OEMs manufacture. voice device users with secure network