The Absolute in secure mobile communications

This page will give you the essential points highlighting why the Tripleton Enigma is one of the most secure mobile phones on the market. We truly believe it is "the absolute solution for secure GSM communications." We will demonstrate how safe & secure the Tripleton Enigma is by illustrating the possible ways an interceptor / attacker could try to eavesdrop on a secure call between two Tripleton Enigma devices.

The Technology in a Nutshell

The Tripleton Enigma uses the method of Public Key Infrastructure (PKI) to securely transfer voice data across the GSM network. It incorporates cutting edge deployment of digital certificates, authentication, CA trust centres and Smart Cards to establish secure calls between Tripleton Enigma users. The Tripleton Enigma uses a Hybrid Cryptosystem using two proven strong cryptographic algorithms, the asymmetric RSA 1024 bits and the symmetric AES 256 bit algorithm.

If an attacker/interceptor tries to eavesdrop on a Tripleton device engaged in a secure crypto-call, there are several logical steps he or she would need take to order to comprehensively listen in on the call. The first is to gain access to the GSM air interface.

This is by no means a trivial task but there are known inherent weaknesses within GSM networks which allow interceptors/attackers, with right equipment and expertise to gain access to the GSM air interface. Once an attacker has gained access to this interface they would be able to eavesdrop and record call data for targeted conversations. So how can the Tripleton Enigma device help and why is it so ultra secure?

After gaining access to the GSM air interface, the interceptor/attacker would need to accomplish a series a tasks in order to have comprehensive access to an encrypted call between two Tripleton devices. These tasks are...

Record the encrypted data stream from the GSM air interface. From the recorded data stream, extract the V110 data frames and reveal the AES-256bit encrypted speech. Decrypt the AES-256bit encrypted speech to reveal speech data which is in an encoded and compressed* Tripleton Enigma format. Decode and playback this encoded compressed speech to listen to the conversation.

*Within the Tripleton Enigma a CODEC chip samples the users voice on the microphone and generates a continuous stream of digitised speech data. This speech data is forwarded to another process for further encoding, compression and broken up into speech blocks in preparation for rate transfer over the V110 GSM data channel. Finally and most importantly these speech blocks are encrypted using AES 256 bit encryption and sent over the air interface via the V110 GSM data channel.

Points (A), (B) and (D) are all possible with the right equipment, technical knowledge and access. HOWEVER to achieve point (C) the attacker MUST decrypt the AES-256bit encrypted speech. For this to be accomplished the attacker/interceptor needs to be successful with ANY of the listed attacks below.

A 256 bit key length represents approx 10⁷⁷ possible key combinations and so it would take in all practical terms for eternity to deduce the right key. To give some practical idea of the type of effort needed to deduce the AES session key let's examine the kind of computing effort required to deduce an AES 128bit session key. Let’s first consider how big a number 128 bits really is. This represents 2 to the 128th power, or 3.4 x 10 to the 38th power (i.e., 38zeros): 3,400,000,000,000,000,000,000,000,000,000,000,000,000.

• Let's assume that every person on the planet owns 10 computers.
• And let's assume there are 7 billion people on the planet.
• And each of these computers can test 1 billion key combinations per second.
• Let's also assume that on average, you can crack the key after testing 50 percent of the possibilities.

Then it would take the earth’s population 77,000,000,000,000,000,000,000,000 years to be able to crack one encryption key. The Tripleton Enigma uses a key size of 256 bit which exponentially much larger than the key size in the above, simplified example. The Tripleton Enigma creates a new AES 256 session key for each call.

Conclusion: The Tripleton Enigma is resistant to attack by method (1) so next attack level could be by method (2) below.

AES algorithm is a public algorithm that has been formally tested and certified by all major governments. It has been found to be cryptographically secure. No weakness exists.

Conclusion: The Tripleton Enigma is resistant to attack by method (2) so next attack level could be by method (3)

Before a crypto call is established and before encrypted speech data is exchanged between Tripleton devices, the AES session key is generated and transmitted from calling side to called side during the "key exchange" phase. The Session key is transmitted in encrypted format using the cryptographic algorithm RSA with a key length 1024 bit. So to extract the session key the attacker would need to break RSA-1024 bit encryption. RSA algorithm is a public algorithm that has been formally tested and certified by all major governments to be cryptographically secure. No weakness currently exists for key length 1024 bits.

Conclusion: The Tripleton Enigma is resistant to attack by method (3) so next attack level could be by method (4)

During the "key exchange" phase the Session Key is generated inside the Crypto Card and then encrypted with the RSA secret key stored inside the crypto card. This secret or private key never leaves the secure environment of the crypto card. The crypto card is a purpose built Smart Card which has a multitude of hardware and software security mechanisms to prevent unauthorised access to data secured in it. The crypto card has been formally tested, certified and approved to be secure to E4+ mechanical strength (high) by ITSEC. So it is not possible for the secret key to be read from the card.

Conclusion: The Tripleton Enigma is resistant to attack by method (4) so next attack level could be by method (5)

The Telesec Trust Centre operates under strict German ( and EU ) signature law which dictates that the Trust Centre programming environment must...

• Generate a unique RSA key pair for each Crypto Card
• Destroy all records of RSA keys after programming.

Some customers/organisations have a very specific requirement to generate their own RSA keys. They require complete control over of their owns keys to effectively become their own key management Trust Centre. For special cases like this we have an additional product called "The Customer CA System" which permits customers to receive "Blank Crypto Cards" and gain complete control over the GENERATION, LOADING, MANAGEMENT, & DISTRIBUTION their own RSA private/public key pairs.

Conclusion: The Tripleton Enigma is resistant to attack by method (5) so next attack level could be by method (6)

During every secure call the identify and authenticity of each Tripleton device is mutually checked. This is possible by digitally signing all RSA keys by a trusted third party. This ensures that secure calls can only take place between two Enigma units which contain crypto cards issued by either the Telesec Trust Centre or by Customer's own Trust Centre. With the additional feature CUG ("Closed User Groups") this restriction is reduced further ensuring that secure calls can only take place between designated Tripleton devices within a closed user group. Additionally lost Enigma units can be eliminated from a closed user group very easily and quickly. Thus Tripleton Enigma eliminates the threat of a middle man attack.

Conclusion: Tripleton Enigma is resistant to Attack by method (6) so next attack level could be by method (7)

The GSM and Security module operating system has restricted functionality and security functions to prevent unauthorised download of third party applications.

Attack by point g) is not feasible.