使用zfone加密google talk
myself
使用zfone加密google talk
网络电话(或VOIP电话)物廉价美,品质上也不会比固定电话系统(PSTN)差太多,还能支持视频对话,所以使用者越来越多。然而VOIP电话跟电子邮件等互联网通讯一样脆弱。攻击者完全可以劫持VOIP电话,并将通路转发到另一个号码上去,从而实现窃听 [1]。窃听的软件主要有VOMIT(Voice Over Misconfigured Internet Telephones),和SIPTap。
面对这种情况,Philip Zimmermann先生与他的团队推出了能加密网络电话的软件——Zfone [2]。Philip R. Zimmermann是Pretty Good Privacy(PGP)邮件加密软件的创建者。他因为在密码学方面的的先驱性贡献而获得了多项技术和人道主义者的奖项 [3]。
Zfone使用了一种称为ZRTP的新加密协议,它在架构上比其它加密网络电话的方法要好,它能抵御中间人攻击。Zfone的特点有:
1. 完全不依赖编码协议(就是把语音转换成数字信号时所采用的编码方法,不同的编码协议得到的音质是不同的),PKI(public key infrastructure ),或任何服务器。完全是媒体流的点对点(peer-to-peer)交流。
2. 与任何SIP/RTP电话互通,自动检测其它终端是否支援加密。
3. 可作为已存在的VOIP客户端软件的一个插件,从而高效的将其转换成加密电话。
4. 提供Zfone软件开发工具包,方便将Zfone整合进其它VOIP程序。
5. 已向IETF(互联网工程任务组)提交公共标准草案,源代码已公布于众。
Getting Started with Zfone
What is Zfone?
Zfone is a new secure VoIP phone software product which lets you make secure encrypted phone calls over the Internet. Zfone is not itself a VoIP client, but lets you make secure calls with your existing VoIP client, by filtering, encrypting and decrypting all your VoIP media packets as they pass in and out of your computer. You can use a variety of different software VoIP clients to make a VoIP call. It's as if Zfone were a "bump on the wire", sitting between the VoIP client and the Internet. Think of it as a software bump-on-the-wire, or a bump in the protocol stack.
Downloading and Testing the Zfone Beta
There's no online HELP with this release of the Zfone beta software, so study this page carefully for instructions on installing and running it.
Step 1: Getting your VoIP client software ready
Many things can go wrong with VoIP client software. There could be problems with your firewall, with getting VoIP calls totraverse your local network's NAT router, with your audio configuration choices (especially your microphone), with your VoIP service provider. For this reason, it is important that you get your VoIP client tested and working before you install Zfone. And get the other party to do the same.
First, you will need to get yourself a VoIP client, install it, sign up for a VoIP service provider, get a VoIP phone number (a SIP URI), and test your VoIP client to make sure it all works. Many VoIP service providers provide an echo server to make a test call, and it will echo your voice back to you. To call the echo server at Free World Dialup, enter this SIP URI in the "Call" text box: sip:6...@fwd.pulver.com, then press the call button.
Zfone has been tested with these VoIP clients: X-Lite, Gizmo (audio, no video yet), XMeeting, Google Talk VoIP client (but only when Google Talk is using RTP),Yahoo Messenger's VoIP client (for audio), Magic Jack, and SJphone. Zfone will encrypt audio and video for Apple iChat calls on Mac OS X (Leopard). Zfone has been tested with these VoIP service providers: Free World Dialup, iptel.org, and SIPphone. It does not work with Skype.
Step 2 : Downloading and installing Zfone
Register to Download ZfoneThe Zfone public beta is available now for Mac OS X (10.4 or later), Linux, and Windows (both XP and Vista, either 32-bit or 64-bit versions). To download your copy right now, go to our Zfone Register-to-Download Page. If you have trouble downloading Zfone, visit our Zfone Download Help page.
This new 22 Mar 2009 version implements the latest ZRTP Internet Draft protocol document (draft 15).
After you download it, run the install program and follow the installation instructions. Windows users should not interrupt the installation process, despite multiple warnings stating that the ZRTP Miniport driver is not Windows Logo certified. Just ignore the warnings and proceed with the install. It's dangerous to interrupt the installation of any device driver on Windows, including this one.
Before starting the installation process, Zfone for Windows creates the restore point, which stores your system information at the moment of installation. If you have any problems you can always restore your system state back to this restore point. For additional information see
- http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx and
- http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx.
As usual, Mac OS X users will find the installation procedure self-explanatory. Linux users will actually have to compile the source code and build it, but we figured typical Linux geeks can handle that. Later, we will provide Linux binaries so you won't have to build it.
Testing Zfone
When you have Zfone installed, you should run it before you launch your VoIP client software, and leave it running all the time, in the background. Zfone should secure any VoIP call you make to another Zfone client while it's running, and it will tell you the call is secure with its own separate graphical user interface.
Zfone checks with our update server to see if a new version of the software is available for download. If an update is available, you should get it immediately.
Reporting Bugs, and Other Known "Issues"
To read about known bugs and issues in the Zfone beta software, and to report bugs, visit the Reporting Bugs page.
myself
PGP水准的VoIP加密软件Zfone
密码专家和流行的PGP(Pretty Good Privacy)电子邮件加密程序的制作者Phil Zimmermann将说明他所认为的IP语音加密的真正需求是什么。
密码专家和流行的PGP(Pretty Good Privacy)电子邮件加密程序的制作者Phil Zimmermann将说明他所认为的IP语音加密的真正需求是什么。
Zimmermann上个星期发布了一个名为“Zfone”的旨在阻止窃听的VoIP加密软件的原型产品。他正在寻求投资者以便为企业应用加快Zfone软件的开发。
Zimmermann谈论了这种新的VoIP加密软件、为什么他的电话隐私协议优于其他的协议以及为什么企业应该关注这个问题。
问:VoIP安全威胁是真实的还是夸张的?
Zimmermann:这种威胁是真实的,因为互联网充满了来自有组织的犯罪团伙的高级攻击。事实上,一个没有保护措施的Windows PC据说连接到互联网之后在12分钟之内就能够被恶意软件控制。我们的电话一个世纪以来在公共交换电话网络上一直是安全的天堂。但是,当我们离开这个天堂来到互联网的地狱的时候,所有这些都将发生变化。
问:你能解释一下你所指的威胁类型吗?
Zimmermann:现有的恶意软件能够记录网络上所有的VoIP电话,并且像一台TiVo播放机一样把这些记录下来的电话编辑成可以浏览的文件。全球各地的犯罪分子通过点击鼠标就可以窃听我们的电话。这种说法听起来也许有些夸大其词。但是,假如我向五年至七年前的互联网用户解释当前的互联网威胁环境,他也会认为当时对现在互联网安全状况的预言是夸大其词的。
问:Zfone软件是如何保证语音通信安全的?
Zimmermann: Zfone软件对端对端的电话进行加密。加密的方法是使用Diffie-Hellman密钥交换建立一个会话密钥,然后使用AES(高级加密标准)加密语音数据包。两个用户通过对比身份识别摘要就可以查检出“中间人攻击”,不必依靠公钥基础设施(PKI)。
问:Zfone软件与目前考虑的其它VoIP安全协议有什么不同?
Zimmermann:与互联网工程特别任务组正在考虑的其它协议相比,这个软件的设计更安全、更简单、更合适并且质量更好。使用Zfone软件,不需要集中管理的PKI或者可信赖的服务器,没有任何密钥可以长久地用来攻破电话通话。标准组织目前正在讨论一些其它的安全VoIP协议。
但是,这些协议都受到这些问题的影响,而Zfone软件却避开了这些问题。
问:Zfone软件的安全和应用有没有可能达到PGP的水平?
Zimmermann:我设计的这个安全软件同PGP一样好。当PGP在90年代初推出的时候,当时还有另一个电子邮件加密标准PEM(增强保密邮件)。同目前正在考虑的安全VoIP标准一样,PEM标准也受到了同样的设计理念的影响。PEM依靠集中管理的PKI。这种方法被证明是不起作用的。PGP吸取了PEM失败的教训。出于同样的原因,我希望这种事情将再次发生。
问:你以前曾说过,你认为你的语音通信保密能够任何人做得都好。为什么?
Zimmermann:就是因为上述原因。再加上,我希望我从PGP软件中赢得的信任将有助于加快这个软件的应用。
问:Zfone软件什么时候可以推出?
Zimmermann:对于真正的产品来说,那要取决于资金。对于原型产品来说,我也许能够在8月底之前在网站上公布。