A new a novel method for enhancing the protection of crypto phones from attacks, eavesdropping and other forms of man in the middle attacks has been developed by researchers at the University of Alabama at Birmingham. Crypto phones consists of mobile devices, web-based voice over internet protocol applications, smartphone apps, personal computer that make use of end-to-end encryption in order to make sure that only the person they are communicating with, can read what is sent by a user.
For securing the communication, crypto phones need users to perform authentication tasks. These tasks are prone to human errors however. The full research has shown that these authentication performed by users are making these VoIP applications and devices vulnerable to eavesdropping attacks as well as man-in-the-middle attacks, said Nitesh Saxena who is a PhD associate professor in the University of Alabama College of Arts and Science, Department of Computer Science.
To ensure the man in the middle attacker cannot interfere with the transmission of a message, traditional crypto phones have been relying on users to verbally communicate and match a key called checksum which is displayed under device of each user who are participants of the communication. The users then have to verify that the voice announcing the checksum is the voice of the person with whom they wish to communicate.
With closed captioning, cryptophone scan, a fully automated checksum comparison is possible and it removes the human element by utilizing speech transcription. When a user announces checksum, the other person closed captioning crypto phone can automatically transcribe the spoken code and performance comparison for the user. By automating the checksum comparison verification, longer checksums can be used, furthering the security and helping bring awareness to users with regards to detecting malicious voice imitation attempts by hackers.