The Research On Technology Of Secure Communication Between Confidential Terminals For 3G/4G Mobile Networks

With the exposure of code-named "Prism" project which was revealed by Snowden and led by by the US National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), the wave of the development of the confidential terminal has been set off. The end to end encryption on voice data is one of the solutions. However, there is a limitation that the encryption softeware or hardware needs to be installed in pairs with the solution. In order to solve the limitation problem, we do the further research on the technology which can adapt to a particular mobile terminal and to ensure the secure communications with any other terminals. With our proposed technology, the particular confidential terminal can communicate encryptly on its own side no matter wheather the other side is installed the encryption softeware/hardware or not. Hence, our proposed technology can prevent the malicious eavesdropping.In this thesis, we do the research on the technology of confidential terminal system, which orients to Android operating system, to solve the secure voice communications. Hence, we propose the confidential terminal system on the basis of VOIP architecture. The confidential terminal system can support two modes of operation. The first mode, which is named as end-to-end encryption mode, can realize the mutual encrypted communication between two confidential terminals with Android operating system every time for a different session key. The second mode, which is named as semi-end encryption mode, can realize the mutual encrypted communication between the confidential terminal with Android operating system and the server every time for a different session key.The main contributions of this thesis are as follows:First, in this thesis, we study the HTTPS protocol, SIP protocol, RTP protocol, SDES protocol and speech codec schemes, and design a key agreement scheme which is named as HTTPS-CRTP. The HTTPS-CRTP scheme can realize secure key agreement for voice data encryption based on original SIP protocol and RTP protocol.Then, based on the research of the server and voice gateway, we propose a scheme that the confidential terminal can communicate encryptly on its own side in the semi-end encrypted communication mode. In our scheme, the client system is realized on the basis of the PJSIP with Android operation system, and the server system is realized on the basis of Asterisk.Finally, we make the performance test on client and server system. To the confidential terminal system, we test the success ratio of login and registration, and show that registration and login success rate reach at 99%. In the three different scenarioes of the communication, which are the scenario that two confidential terminals communiacate with each other, the scenario that the confidential terminal communicates with the commom VOIP terminal, and the scenario that the confidential terminal communicates with the mobile phone, we test the decryption accuracy and the connection rate respectively, and show that the decryption accuracy and the connection rate both reach at 99% in the three different scenarioes. At last, we make the performance test on the server and show the server can support 80-way calls in the meantime. Through all the tests above, we can show all aspects of the confidential terminal system performance well.