Technical Sheet - CSD version

Detailed overview of the technologies used by PrivateWave

PrivateWave uses only standard protocols and technologies that have been reviewed and widely accepted by
the security and scientific communities (ZRTP, SRTP, ZRTP/S) to guarantee a maximum security.

Ask your security expert!

PrivateGSM CSD features

Security
100% end-to-end encrypted solution:
- ZRTP for key exchange and encryption
- ZRTP/S for CSD transport
Only use IETF standardized security
Security compliant with FIPS, NIST and NSA
Based on open source technology
Simplicity
Software only solution for smartphones
No change in the way you make secure calls:
calls to anyone from address book
by adding +801 secure prefix
No need to install ICT infrastructure
Just call the other party GSM CSD data number

Improved roaming support Circuit Switched Data Networking support

CSD networking improvements: Non-Transparent RLP (radio link protocol)
- Automatic switch roaming operator Data mode: V.32 / V.34 / V.110 (default) / V.120
- Automatic switch data mode Speed: 9600 bps
- Low bandwidth 5700 bit/s
Low level tuning of Nokia CSD stack for improved network
compatibility

Supported Technology
Operating System: Supported Networks:
- Symbian/Nokia S60 3rd (soon 5th edition) - GSM/2G CSD/HSCSD
- SAT Thuraya (custom project)
- ISDN/PSTN (custom project)

Encryption Algorithms Audio Codec

ECDH 256 bit / 384 bit (default) / 521 bit (Elliptic Curve AMR Narrowband 4.75 kbit/s
Diffie-Hellman)
AES256 (CTR) for ZRTP/S

Copyright © 2005-2010 KHAMSA Italia Spa. All rights reserved.

 Technical Sheet - CSD

Encryption protocols

We only use open, transparent and standard encryption protocol. End-to-end security between phones is provided by ZRTP, the open IETF standard voice
encryption system invented by Philip Zimmermann that requires human-based verification for the encryption of a call. Security is established between
the caller phone and the called one without any ability of any networking.

Communication protocols
Since there was encryption standard just for Packet Switched telecommunication technologies (Internet/IP, VoIP, ZRTP, SIP, RTP, SRTP), but not for securing
Circuit Switched ones (GSM CSD/HSCSD, ISDN, PSTN, SAT), we invented, in partnership with Philip Zimmermann, ZRTP/S, a way to use ZRTP over a non-IP
communication channel. ZRTP/S provides transport of ZRTP and SRTP packet along with identification and capability exchange of peers of a phone call
over a 9600bps channel without IP. The communication could be easily described as a “RS323 serial connection between two phones over the telephony
network” on top of which ZRTP/S exchanges ZRTP-encrypted voice packets.

Cryptography
Encryption algorithms
ZRTP and ZRTP/S use only the best symmetric and asymmetric encryption and hashing algorithms.

· ZRTP uses ECDH 384bit for asymmetric encryption DH key exchange in compliance with USA NSA Suite B security requirements, NIST SP800-56A
standard and ECDSA FIPS 186-3. It could be configured also to use other ZRTP/S supported encryption algorithms for compatibility with third
party software supporting ZRTP/S.

· ZRTP/S employs AES256 in counter mode (CTR) for symmetric encryption in compliance with FIPS 197 security requirements.
The ZRTP/S payload is compatible with the SRTP protocol and its standard security features.

Random number generation

The random number generation is seeded by an unpredictable physical source of entropy (voice audio sample recorded from microphone and free
running counters available on ARM processors) that complies with FIPS-186-2-CR1 security requirements. It is further processed by a Deterministic
Random Bit Generation, compliant with NIST SP800-90 security requirements.

Open source
All encryption related libraries and technologies used by PrivateGSM are provided 100% free of backdoor. The source code of the security library is
provided for free in open source and has been publicly reviewed by Philip Zimmermann and by a vast number of scientific communities. The open source
solution guarantees a politically neutral solution and provides much easier source code review activities.

Multimedia codec
In order to operate over ultra-narrowband communication channels like GSM CSD, running at 9600bps, PrivateWave employs AMR audio codec that
compresses the voice that will be enciphered and then sent across the network. The Adaptive Multi Rate codec, running at 4750bit/s, reduces the amount
of data to be sent across the network, thus reducing the impact of cell handover on CSD calls. In order to reduce further the required bandwidth and to
maximize the radio resource efficiency, we employ voice activity detection (VAD) techniques that prevent the phone from sending full data while not
speaking.

CSD additional data number

To place a PrivateGSM data call, the user has to enable CSD calls (data & fax) and he/she needs to ask his/her mobile operator which is the additional
data number assigned to his/her SIM card (the same SIM used for standard calls). This service is usually available through subscriptions, and is not
always available through prepaid cards. Note that most 3G operators do not provide it.

Automatic roaming
GSM operators have a quite heterogeneous support for GSM Circuit Switched Data calls. While travelling abroad, for instance, the roaming operator may
not support CSD calls properly. PrivateGSM, if a connection error occurs, automatically redials the call by reconnecting across all roaming available
mobile operators.

More information at: support@privatewave.com www.privatewave.com