The "Top Secret" level applies an End-To-End security model, with audio data encrypted on one end point of the call and decrypted on the other end point without any possibility to intercept it in the middle.
relies on ZRTP protocol so there is no need to deploy a PKI infrastructure, but a human verification is required to exclude the presence of a MITM (Man In The Middle).
Verifying call security
Professional uses an encryption and security system based on ZRTP protocol. This protocol is based on "human" verification of two words (called
Short Authentication String or
SAS) displayed at the beginning of a call. The SAS are made up of two words in English, randomly generated for each call. The same SAS displayed on the two phones must be verbally compared by the two callers to guarantee call security. After the security was verified the two peers could trust each other.
Verify call security on BlackBerry: matching key exchanges, so the call is secure!
| Subtitle |
|---|
| Prefix | figure |
|---|
| SubtitleText | SAS on the caller's phone |
|---|
| AnchorName | bb sas 1 |
|---|
|  |
| | Subtitle |
|---|
| Prefix | figure |
|---|
| SubtitleText | SAS on the callee's phone |
|---|
| AnchorName | bb sas 2 |
|---|
| |
|
...
The caller reads his key out loud (
) and the callee can check they match his owns (
).
Verify call security on iPhone: matching key exchanges, so the call is secure!
| Subtitle |
|---|
| Prefix | figure |
|---|
| SubtitleText | The caller reads his key out loud |
|---|
| AnchorName | iphone sas 1 |
|---|
| |
| | Subtitle |
|---|
| Prefix | figure |
|---|
| SubtitleText | The called party makes sure it matches his one |
|---|
| AnchorName | iphone sas 2 |
|---|
| |
|
...
The caller reads his key out loud (
) and the callee can check they match his owns (
).
Verify call security on Android: matching key exchanges, so the call is secure!
| Subtitle |
|---|
| Prefix | figure |
|---|
| SubtitleText | The caller reads his key out loud |
|---|
| AnchorName | android sas 1 |
|---|
|
|
| | Subtitle |
|---|
| Prefix | figure |
|---|
| SubtitleText | The called party makes sure it matches his one |
|---|
| AnchorName | android sas 2 |
|---|
|
|
|
...
| Warning |
|---|
|
If the SAS does not match with your peer's one you should immediately hang up the call as this might be a sign of a Man in the Middle interception attack. |
Identifying a wiretapping attempt
Attempt to wiretap a call to a "trusted" contact
If a third party attempts to wiretap a call to a contact previously "trusted" by you
automatically detects the wiretapping attempt, interrupts the call and displays the following security alert.
...
After receiving a security alert, you must always verbally re-verify the SAS after the cryptographic key exchange and re-trust your contact for future calls (see chapter Verifying call security).
In the event of a third party attempts to wiretap a call to a contact not yet saved as trusted,
displays two different Short Authentication String on the two phones. The callers should verbally verify the differences between the two key exchanges and interrupt the call.
...