Concept of Security
Video describing the Stealthphone information security system
Our solutions provide the security for:
- Information exchanged between users of mobile devices and personal computers via various communication channels;
- information stored on mobile devices, personal computers and external media (Flash, ZIV drives, etc.)
The concepts, forming the basis of the Stealthphone Tell and Stealthphone solutions, have significant differences in the underlying principles of design and operation, as well as functional capabilities. The main issue is the information security level which users will choose. The higher the security level, the higher the cost of the security means. The selection of the optimal security level is determined by the technical features of the means available to the enemy (e.g. hacker) which he uses to intercept information. It’s enough to use Stealthphone Tell secure network in many cases in order to preserve private information. Low cost of the software, simplicity and ease of use makes it possible for the users who’ve never used them before to quickly adapt to the operation of the Stealthphone Tell secure network.
Stealthphone information security system
"MTT" company offers its customers one of the two solutions to solve these problems:
- connect to the secure Stealthphone Tell network of "MTT" company
- create your own secure corporate network StealthPhone based on the solutions provided by MTT company.
General principles, increasing the credibility of both approaches:
- Application of cryptographic algorithms and key system parameters used in military and state information security systems
- The use of the "point to point" principle to encrypt information exchanged between users.
The use of the Stealthphone corporate network, compared to the general secure Stealthphone Tell network, provides new functionality and services, ensuring higher quality of the information security level. It is provided by the use of hardware encryption devices designed by "MTT", which comply with TEMPEST standards. With these devices users can themselves implement encryption and generate keys.
The solution the client selects is based on many factors, including:
- the possibility to independently generate and distribute encryption keys;
- the purpose of the information security systems, taking into account the purpose of their use - corporate or personal;
- required functions;
- the assessment of risks and threats to information security;
- centralized management of subscribers’ keys;
- subscribers’ network geography,
and some other factors.
Secure Stealthphone Tell network
The secure Stealthphone Tell network is an open network designed for the exchange of encrypted information (voice, image, text, data, etc.) between subscribers. It is based on public key distribution and doesn’t require prior key exchange between the subscribers. Its openness means that anyone can join the network. Secure Stealthphone Tell network operates within the Internet.
Connection to the Stealthphone Tell secure network
Anyone who has a smart phone and Internet access can connect to the secure Stealthphone Tell network and become its subscriber. It’s necessary to do the following:
- Download the Stealthphone Tell application on the smartphone from the website of MTT company;
- Pay the subscription fee for the selected period of operation in the secure Stealthphone Tell network;
- Activate the Stealthphone Tell application.
Users can start working after activating the Stealthphone Tell application, which takes just a few minutes.
What can the subscriber of the secure Stealthphone Tell network do?
The following services are available for the subscribers of the secure Stealthphone Tell network:
- Voice encryption within the secure Stealthphone Tell network;
- Sharing encrypted messages and files;
- Creation of chat groups with a possibility to send files.
A corporate Stealthphone Tell network subscriber
We offer the possibility for the subscribers to connect to the corporate Stealthphone Tell network. A group of subscribers (“a corporation”) forms its own subnet, and the services available for the subscribers of the secure Stealthphone Tell network are also available for them, but communication is possible only between the subscribers of the corporate subnet.
How does a secure Stealthphone Tell network operate?
Data Transfer in the secure Stealthphone Tell network is implemented via communication servers located in different countries and operating in the Internet. The subscriber must also have access to the Internet in order to use the services of the network.
Data encryption is performed according to the «end-to-end»principle, while such operations as encryption key generation and data encryption are performed by the subscribers themselves. Communication servers are used solely as transit nodes to exchange encrypted information between the network subscribers. Thus, network administrators cannot read the information passing through the server.
The secure Stealthphone Tell network differs from the similar solutions, offered by the competitors, by the use of digital certificates. They enable the implementation of an additional powerful mechanism (along with the mechanisms included in the ZRTP). This mechanism allows both subscribers to identity each other (mutual authentication). Public Key Infrastructure (PKI), with a Certification Center as its core, is implemented and deployed within the secure Stealthphone Tell network.
The advantages of the secure Stealthphone Tell network
The maximum security level of the Stealthphone Tell network was in the focus of attention during the development of that secure network. Along with the standard technologies we have introduced the technologies which greatly enhance the security of this solution:
- Simultaneous use of two independent (or orthogonal) approaches to security in open networks, namely the use of ZRTP protocol in conjunction with electronic certificates of subscribers’ keys;
- The use of the engineering and cryptographic analysis methods, which enhance the immunity of the Stealthphone Tell application to a number of harmful effects;
- A reinforced password security mechanism is the authorization mechanism for access to the functions and data in of the Stealthphone Tell application.
Stealthphone corporate network
The Stealthphone corporate network safeguards information on mobile devices and personal computers. Stealthphone corporate network allows the subscribers to share encrypted information (voice, Email, text messages, files, etc.). Key management is based on the prior exchange of secret keys between the network subscribers.
Stealthphone Corporate network – multilevel defense against criminals’ attacks
We must recognize the fact that technical means which cybercriminals have at their service, are little inferior in their effectiveness to those used today by security services. Hackers’ fabulous profits play an important role: they’ve already exceeded the profits of drug lords and reached more than $ 400,000,000. Therefore, in the face of increasing multi-faceted information security threats state and private organizations are forced to use complex and multi-layered self-security measures to prevent criminal data breaches.
A bit of history
It is common knowledge that wooden doors were of superior strength in the Middle Ages. As a rule a typical wooden entrance door was made of two layers of oak boards. Wood fibers were arranged vertically in the outer layer and horizontally in the inner layer. As a result it resembled something like simplified plywood. Iron nails joined together two board layers, and the whole construction was reinforced with iron bars. The nails stuck with their spikes outward so that they could damage the weapons of the attackers who tried to break through the door.
Such multilayer protection has been in use since ancient times: even if the enemy broke through the first line of defense, he had to break through several more, suffering heavy casualties.
Stealthphone corporate network employs the same principle. Traditionally the smartphones and computers have in-built security systems. They look convenient, but are these systems really secure? Not always. The criminals try to break through this protection. That’s why we created a unique stand-alone encryption device Stealthphone Hard that secures information in mobile devices and computers. Encryption processes run separately from data transmission. Stealthphone Hard runs its own low-language OS and meets military-grade TEMPEST standard that shields against dangerous side radiation. All this secures your data against almost every kind of cyberattacks.
The network includes a number of dedicated servers that use Internet-channels. Stealthphone network has a state of the art voice encryption feature that supports various channels:
- Voice channels of mobile systems: GSM, CDMA etc;
- Voice channel of satellite system Inmarsat etc.;
- Analog phone network (PSTN);
- IP-telephony: Skype, Viber etc.
Network is managed by the administrator who is responsible for:
- Maintaining subscribers base;
- Generating and distributing encryption keys;
- Managing networks servers.
The subscribers of Stealthphone network shouldn’t necessarily work in the same organization in order to use Stealthphone network. Stealthphone network can be used by several different subscribers who entrust the administrator with the network management.
Stealthphone network includes:
- Network management system (including secret keys management subsystem);
- Communication servers system;
- Subscriber equipment – a set of software and hardware security tools
All three components are scalable; they have different features and degree of security, that’s why Stealthphone networks can be customized according to the client’s needs.
Stealthphone corporate network can be used by a small group of individuals, as well as by state organizations and major corporations.
Managing secret keys and logical structure of network
Network administrator is responsible for managing secret keys and logical structure of network.
Network administrator creates and maintains subscriber database and creates groups (overlapping and non-overlapping) of subscribers who can exchange encrypted data with each other.
Corporate network administrator generates and distributes secret pairwise keys for all the subscribers within Stealthphone corporate network. He is also responsible for scheduled and non-scheduled change of keys. He uses software uses Stealthphone key to manage secret keys and logical structure of network.
To achieve the highest quality of generated keys, Stealthphone Key software complex can be used together with hardware key generator Stealthphone Key Hard, which supports TEMPEST standard.
Communication servers in Stealthphone corporate network
Communication servers in Stealthphone corporate network use Internet channels. These servers transmit encrypted data (voice, e-mail, short messages, files etc.). The servers do not run any encryption processes, and the network administrators do not have access to unencrypted data.
The client manages servers via server management subsystem.
MTT client can design and deploy (with the help of MTT) their own system of communication servers according to their criteria (data load, network layout, geographical location and other).
Clients can also rent MTT servers.
Subscriber equipment in Stealthphone corporate network
An individual or the company (group subscriber) with internal phone network are both considered to be Stealthphone network subscribers.
To access Stealthphone network services, the subscriber must have subscriber equipment with preloaded secret keys array required for communication with other subscribers.
An individual can use application Stealthphone Soft or hardware encryption device Stealthphone Hard as subscriber equipment. A company must use software-hardware complex Office Gate.
Stealthphone Soft is an application which is compatible with most mobile OS (Android, Windows Phone, iOS, BB). Stealthphone Soft meets all the standards of engineering cryptography. The application is easy to install and user-friendly. Stealthphone Soft allows the users to exchange encrypted data (voice, e-mail, short messages, files etc.) via communication servers of Stealthphone network. Internet connection is required to access network services.
Stealthphone Hard is a unique hardware encryption device designed to meet the highest requirements (including TEMPEST standard) for data security equipment. Hardware encryption device allows the users to encrypt data, generate and store keys. Data transmission is carried out by the mobile device or PC connected to Stealthphone Hard.
Stealthphone Hard is compatible with almost all mobile devices and computers; it is connected to them via Bluetooth or USB.
Hardware encryption device Stealthphone Hard works in several modes:
- Communication servers mode. In this mode the subscriber has access to all the features available in Stealthphone Soft (encryption of voice, e-mail, short messages and files). The encryption device is connected to the PC with preloaded application Stealthphone Sec that performs interface and communication functions, but all the encryption processes are run by Stealthphone Hard. In this mode Stealthphone Hard and Stealthphone Soft are fully compatible; Internet connection is required to exchange data.
- Voice encryption mode (via external communication channels in mobile networks, satellite communication channels, analog phone lines, IP-telephony applications). In this mode Stealthphone Hard is connected to the device (mobile phone, satphone, landline, smartphone or PC with preinstalled IP-telephony application) as a standard headset. Stealthphone Hard encrypts traffic exchanged between subscribers who both use Stealthphone Hard.
- PC data encryption mode. In this mode Stealthphone Hard is connected to the computer (Windows или Mac OS) via USB. This mode allows to encrypt logical disks or separate files and to exchange already encrypted files with the subscribers via any e-mail service (Gmail, MSN, Yahoo, …) or social networks(Facebook, Twitter, …).
OfficeGate is a crypto gateway connecting subscribers of Stealthphone corporate networks with office phone network. OfficeGate secures phone connections between subscribers of Stealthphone network and office employees. The voice traffic is encrypted during its transmission between crypto gateway OfficeGate and the subscriber (or between two OfficeGate). Voice traffic is transmitted in open form within the network. OfficeGate allows the subscribers to make out-of-network calls by connecting with OfficeGate, decrypting voice and redirecting the call via office phone network.
List of products for information security
Stealthphone information security system for corporate clients and goverment organizations
The main advantages of the information security system Stealthphone
- A hardware encryption device Stealthphone Hard designed to encrypt voice (VoIP), SMS and data in smartphones, tablets and PCs guarantees the highest security level according to TEMPEST and military grade encryption
- First ever strong encryption of voice over GSM channel (VoGSM)
- Strong voice encryption for Skype, Viber and other IP-telephony applications
- Secure calls between the corporate phone network and the Stealthphone network
- Cryptomessenger is used to exchange instant messages, all types of files and multimedia information
- E-mail client is used to exchange encrypted e-mail, all types of files and multimedia information
- Full control over encryption keys
- Key generation using the hardware random number generator Stealthphone Key Hard
- Flexibility, scalability and adaptability of the system. The possibility to develop solutions, from low-cost solutions to the solutions for big private companies and state agencies