PhoneX is solution for a secure mobile communication allowing secure voice calls, text messages and a file transfers among users within the PhoneX system.
Our system is designed as a closed system in the sense that only PhoneX users can talk securely to each other. The main reason is security. We set high security level and it can be guaranteed only inside our system.
The key concepts are:
Encryption is performed directly on the end devices. Server, administrators and arbitrary third parties are not able to eavesdrop on users’ communication.
Combination of asymmetric and symmetric encryption is used - asymmetric RSA cipher with key length of 2048 bits and symmetric AES cipher with key length of 256 bits.
No SIM card is required in order for the application to run. Voice calls, messages or files are transmitted over a data channel (WiFi, LTE or other data connection).
For voice calls and file transfer, the system provides perfect-forward-secrecy property. Encryption keys are unique for every call/send file and destroyed after the communication is finished. If a long term key was broken/compromised, this does not compromise the session keys and the communication therefore remains encrypted and secure.
Voice calls are done P2P every time a direct connection can be established.
Contacts are separated from the phone's contact list. The system uses nicknames instead of phone numbers. Your phone number is not linked with your PhoneX account.
Our system consists of PhoneX servers and client applications. Each user identity is stored on a particular server. There are multiple servers, each physically based in a different geographical location. The servers manage user identities and contact lists.
Users can communicate between each other, even if they both reside on a different PhoneX server. Servers themselves have minimum information about users. No logs are stored, messages are kept inside of the end devices, no private keys are known to the server.
Each user is represented in the system by unique username and password. Each user device generates its own asymmetric key-pair with the following properties:
User’s password is kept secret, only users know it. It is unknown to servers, administrators and anybody else in a plaintext form. To mitigate a brute-force attack, we use strong password derivation functions (Scrypt, PBKDF2) to derive several cryptographically independent passwords.
Private key is stored in an encrypted PKCS12 container and is protected by a strong encryption password derived from the user password.
User’s private data, (e.g., contacts, messages, call logs) are stored in an encrypted SQLCipher database, encrypted with 256 bit AES key. In case of theft or device loss, data is protected in an encrypted form. It cannot be read without a user password.
Separated from a device’s standard contact list, there is another, secure contact list inside the application which synchronizes with the help of a server - user is able to log in using other devices and have the same saved contacts. The contact list also establishes an asymmetric trust relation. In practice this means:
Functionality and security of voice calls is ensured by combination of several technologies and protocols. The key protocol used in signalling (e.g. initiating a voice call) is the SIP protocol.
ZRTP protocol is used as a key agreement protocol prior to a voice call. The multimedia session (voice call) between users is protected using symmetric AES/Twofish cipher with 256 bit key length, derived by ZRTP. SIP packets are additionally digitally signed, so that they cannot be forged by attackers. Authenticity is therefore guaranteed.
ZRTP establishes a unique encryption key for each voice call. The keys are destroyed right after the call ends. Internally, the protocol uses the Diffie-Hellman key establishment protocol. This ensures so-called perfect forward secrecy - even if long term secret was compromised (i.e., private key), the past voice call session recorded by an eavesdropper cannot be decrypted.
ZRTP is protected against man-in-the-middle attacks by SAS hash. The SAS has to be verified verbally by both sides during the first voice call when SAS verification dialog is shown. After this verification it is no more required since shared secrets from past are used to protect any further communication from attackers. An example of the SAS verification is shown below.
Text messages work similarly to PGP. End-to-end encryption is used. A server does not see the message content. Messages are encrypted using an asymmetric public key of a recipient. Hybrid encryption with AES-256-GCM is used.
Text messages are delivered by SIP protocol. It enables delivery acknowledgements and offline messages.
File transfer protocol enables secure asynchronous file transfer between PhoneX users utilizing strong end-to-end encryption. Arbitrary file types can be transferred between users (images, music, binary data). Our protocol is inspired by the OTR protocol and has perfect forward secrecy property. For each file, a new unique encryption password is derived with contribution of both parties.