Readers who have a long memory and a history of online trading may also vaguely recall that the creator of the famous PGP (Pretty Good Privacy) software, security expert Phil Zimmermann, launched a "Pgpfone" in 1996. of Internet telephony products. About three years later, broadband networks really started to grow. This is the early stage of the network telephony development cycle. Pgpfone a little too far ahead, not to arouse people's attention. But the world must be careful! Security expert Phil is now back with Zfone. Zfone is a new VoIP telephony security software. This software is still a beta version and can be run on Windows XP, Mac OS X, and various Linux operating system platforms. For those who like to study the internal structure of security software, the source code of the software will also be provided to interested people for peer assessment to maintain the best tradition in the field of security. In the area of security, algorithms and implementations often deliberately expose exposure to help identify (and fix) potential vulnerabilities, omissions, and vulnerabilities.
The Zfone software is based on a new protocol developed by Zimmermann called "ZRTP". Although the initials are not expanded in Zimmermann files or Web pages, it is possible to guess that the acronym means "Zfone Real time Protocol" (Zfone Real-time Protocol), or "Zfone Time Protoco "(Zfone Security Real-time Protocol) because the ZRTP protocol is used to negotiate cryptographic keys for VoIP calls. The ZRTP then turns to secure implementation of real-time protocols, the secure Real-time Protocol (SRTP), to handle low-level packet encryption of data flows between telephones.
The Zfone software can be used with any standard SIP (Session Initiation Protocol) protocol phone. SIP protocol is a standard application protocol based on TCP protocol, which is widely used in VoIP telephony setup, management and demolition. Of course, the Zfone software provides cryptographic services only for those who have the software installed on both sides of the phone and the telephone.
What's so special about Zfone software? This software basically does not require public key infrastructure (PKI) support to provide public key encryption. Those who are already familiar with the PGP protocol will master these nuances. This basic mechanism allows for the continuous use of certain key information, storing some key data for the next use, and providing the phone with an SSH (security shell) encryption. This is intertwined with the shared secret of the new phone's "Diffie-hellman" Public key algorithm. Zimmermann's implementation does not require any SIP protocol to handle key management. As a result, VoIP servers do not need to be involved in managing phone security. In this way, it eliminates the burden of establishing and maintaining a PKI to provide secure VoIP phone calls.
Who can benefit from the Zfone software? The Zfone software is actually a plug-in in the TCP/IP protocol stack that is directly integrated into a client computer, so the Zfone software can be well integrated with the existing VoIP client architecture. While large businesses and large organizations are often reluctant to adopt a client-based solution like this, Zimmermann has a long and tempting track record of security, even if those users are willing to test zfone software. Because other VoIP security implementations are rare and often difficult to implement and implement, they can benefit from individual users, small business users and large business users and institutions.
Check the software on the home page of the Zfone software. The authors found that there is no need to add additional hassle to the installation and use of the software, which can be immediately and easily used with VoIP implementations such as Skype, speakfreely and Altigen. Although there is not enough public experience to ensure that the software can be used with all VoIP software, the above situation is a good indicator that the software is worth a try.