KoolSpan TrustCall and TrustChip

Powered by SC Magazine
 

This one is a point solution to a point problem: voice call security from mobile phones. In addition, however, it has optional modules that secure text and email. We will focus on the voice capabilities for this review. The KoolSpan system includes the TrustCall software for the mobile phone, the TrustChip, also for the phone, and the TrustRelay Server (not covered in this review).

Today, TrustCall only works with Android devices and BlackBerries. When one makes a secured call, the phone contacts the TrustCall Server. This relays the call to the TrustCall phone the user is dialing. If one attempts to call an unsecured phone using a secured connection, the attempt will timeout and an SMS message will appear on the dialed phone. No connection, however, will be made. If one wishes to dial an unsecured phone, TrustCall allows that option. Using the phone is simplicity itself once the software is installed. One can manage multiple users centrally using the TrustCenter Server web interface.

Every secured phone contains a TrustChip - a microSD card - that contains everything the phone needs to communicate with the TrustCall Server and, thus, with other trusted phones. The chip contains the TrustCall software - that users install on their phone - and other information that the phone needs, such as TrustGroups the phone belongs to, as well as a universal TrustGroup that allows peer-to-peer communication between any TrustCall-enabled phones. The system administrator can disable the universal group if desired. There are a lot of configuration options and the possibilities for managing secure voice communications are significant.

We tested the TrustCall encryption on a pair of Samsung Galaxy SII Android phones and a third Galaxy without TrustCall. The phones were delivered with the software preinstalled, but the directions in the manual are clear and easy to follow. There are two excellent guides, one for administrators and one for users.

Our first test involved attempting to call a non-TrustCall phone with one of the TrustCall Galaxies in its secure mode. The call never connected and when we checked the receiving phone we found an SMS message that looks like a log entry. It gives virtually no information useful to a potential intruder. Deciding to make a TrustCall connection likewise is simple. When one makes a call, they are presented with two large colorful buttons. If the red TrustCall button is selected the phone will connect with the relay server, authenticate, the server calls the receiving phone and authenticates it and, if all authentication succeeds, the call will complete. 

Overall, we found this to be a strong implementation of mobile phone encryption. Military-grade voice encryption has been around for a long time, but this is the best implementation of commercial-grade voice encryption we have seen to date. TrustCall is FIPS 140-2 compliant and uses AES256 encryption. There is no perceptible distortion of the audio, the signal is as clear and strong as it would be without TrustCall, and latencies are negligible once the connection is made and the call is established.

Copyright © SC Magazine, US edition


KoolSpan TrustCall and TrustChip
 
:
Overall Rating
Verdict:
If you need secure voice from your organization’s newer Androids or BlackBerries, this feature set is, hands-down, your best choice.
Product Info
Supplier:
 
 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 437

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 210

Vote