by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : April 2013
[BrieFing] 10 GCN APRIL 2013 • GCN.COM The new secure communications service offered by Silent Circle intends to solve the BYOD security challenge by harness- ing the computing power of smart phones for crypto key management, cutting the middle man out of the equation. "We've pushed the key management out to the endpoints," said company CTO Jon Callas. "We never have the key." For a $20 monthly subscription users can communicate securely with each other by downloading a suite of apps for peer-to-peer encryption. Calls, texts and video are routed through the Silent Circle network, but keys are generated on the mobile devices when a call is initiated and are not held on a central server. All secu- rity information is deleted from the device when the call ends. Much has been made of the fact that this model could make it impossible for law enforcement and intelligence agen- cies to listen in to calls or look at data, images and video being exchanged between secured phones. But company executives say that instead of pushback, government has been an early adopter of the service, particularly U.S. military and intelligence agencies. "This is not 1991," said Philip Zim- mermann, the company's president and creator of PGP (Pretty Good Privacy), the widely used e-mail encryption software. Zimmerman is a veteran of the crypto wars of the 1990s, when the National Se- curity Agency threatened the emergence of strong cryptography being developed commercially. "Times have changed," he said. "Today you're in trouble if you don't use strong crypto." "The government is our largest cus- tomer," said CEO Mike Janke. The rapid adoption of the service-based technology by the military and intelligence communi- ties has left the company scrambling to scale up and meet demand. "We didn't see this coming," said Janke, a former Navy Seal. Silent Circle focuses on the security issues raised by users bringing their personal, unmanaged mobile devices into the enterprise. Although originally envisioned primarily as a consumer tool, it has become popular with secure enter- prises as a way to manage BYOD. The Silent Suite of end-user applica- tions for iOS and Android include Silent Phone, Silent Text, and Silent Eyes. With a subscription, each user receives a phone number for the applications, separate from the cellular number for the physical device. The application uses the customer's cellular carrier service to establish an IP connection with Silent Circle, which routes the encrypted communications to the appli- cation phone number at the other end, encrypted end-to-end and bypassing the regular phone service. The Silent Mail e-mail encryption app uses what the company calls an elegant solution that uses server-side key en- cryption rather than peer-to-peer. Users can place a time-to-die on les that are sent, and a sender can recall or "burn" a le that is in the recipient's application. "The roots of what we are doing go back to STU III," the government's stan- dard encrypted telephone through 2009, said Callas. But STU could not be easily deployed to consumer devices on the y. What makes Silent Circle's service practical is the increased computing power of smart phones that enables them to handle strong encryption and key management with an onboard app. "We started thinking about the phone as if it were a server," Callas said. "This would have been dif cult to do ve years ago." How does the company ensure that its services are not used for evil? "We don't," Zimmerman said. "We know bad people will use this," Janke said. "It's not our place to stop it." But law enforcement has other tools to pursue the bad guys and the bene ts of strong peer-to-peer encryption outweigh the risks, he said. • How to secure mobile comm? Cut out the trusted third party. BY WILLIAM JACKSON Peer-to-peer • Key management is done by end devices rather than a central server operated by the service provider. • Separate phone number for Silent Circle applications. • Cellular provider becomes a carrier for IP tra c rather than providing phone service. Technology Zimmermann Real Time Transport Protocol, a VOIP crypto key agreement protocol using the Di e-Hellman key exchange and the Secure Real Time Transport Protocol. Encryption NSA Suite B cryptography, a public interoper- able set of crypto tools that includes: • The Advanced Encryption Standard • The Secure Hash Algorithm 2 • Elliptic curve digital signature and key agreement algorithms. Transparency Published protocol specifications and appli- cation source code so security implementa- tion can be verified HOW SILENT CIRCLE REMOVES THE TRUSTED THIRD PARTY FROM SECURE COMMUNICATIONS