PrivateGSM Setup

Go to in your browser. You can find the list of compatible phones and operating systems for Nokia, Blackberry, iPhone. Download the PrivateGSM program onto your device from the Private Wave company. There are two versions of the program, Professional Edition that supports ZRTP and Enterprise Edition that supports SRTP. Ostel currently supports Professional addition with ZRTP.

Now that PrivateGSM is installed, go to the applications folder and open it.

Bring up the menu and click settings.

Bring up advanced settings and click SIP settings.

Click TLS security policy and select Unsecure. [Note: this is due to our self-signed certificate, not necessarily a lack of security]

Click SIP server. Add

Click SIP server port. Add 5061.

Click Username. Add the username & server detail we sent to you in the email (ex. 1003).

Click Password. Add the password we sent to you in the email.

Check Use Proxy to be listed as true.

Click SIP proxy server. Add

Click SIP proxy port. Add 5061.

Uncheck Use obfuscation to be listed as false.

Click the Back button to go back to Main Menu.

Bring up the Menu and click Go Online.

You should see it read "Registering" for a few seconds until the it is listed in notification bar as PrivateGSM Online.

Congratulations! You've successfully signed in.

PrivateGSM Issues

Known issues making calls. The PrivateGSM client supports the Ostel service but is not yet interoperable with outside clients for the following reasons:

PrivateGSM clients have support only for AMR codec, which is the only codec that can reasonably be used on mobile network, due to bandwidth constraints." The current Ostel client has the AMR turned off by default. This can be altered by going to settings -> media -> codecs -> AMR 8 kHz then long pressing it and clicking Activate.

AMR 4.75kb/s was chosen over other codecs such as Speex due to pushing low-bitrates making the audio quality is much better.

Performing the above task creates the following problem: Each device is identified by ZRTP-ID (a auto generated identifier, generated once at install time) and also by mobile phone number (CLI). When you mark the other peer as "trusted" you are marking the couple <ZRTP-ID, CLI> (along with additional cryptographic material) as trusted in your device memory. Upon secure call, ZRTP-ID and CLI are checked for trustfulness. If only one of this two changed (e.g.: SIM exchange, uninstall/install PrivateGSM -> a new ZRTP-ID is generated) we face a situation similar to what an MiTM attacker could try. For security reason, PrivateGSM warns that this situation, could be both valid and legal or a MiTM attack. So, secure call is hanged and you are forced to re-check SAS (Short Authentication Strings) to validate the other peer trust.

ZRTP handshakes fail between clients because PrivateGSM implementation of ZRTP is not RFC-compliant. PrivateGSM ZRTP reference implementation was using a fixed size buffer for the ECDH result.

RFC mandates a variable size, but having many clients deployed we kept that uncompliancy. PrivateGSM have a bug-fix backward-compatible on the way.

PrivateGSM FAQ

PrivateGSM is an encryption software to make secure call using your own mobile phone.

PrivateGSM does not change the normal use of mobile phones: it can be activated and hided in the background, or even turned off and started when needed. You can continue to use your mobile phone for traditional phone calls without any change.

The very use of PrivateGSM "secure" calls, was designed not to change the experience of normal usage, in order to make easy to access an advanced technology through a very user -friendly interface. The quality of secure calls is equal to the normal calls one.

Behind an interface so simple to use, it hides a highly sophisticated operating technology, based on symmetric encryption AES, also used in military filed and that makes the software impenetrable.

For more info on ZRTP, here is a list of white papers and on PrivateWave's approach to security.

Also available in: PDF HTML TXT