GCHQ, the UK's spy agency, designed a security protocol for voice-calling called MIKEY-SAKKE and announced that they'll only certify VoIP systems as secure if they use MIKEY-SAKKE, and it's being marketed as "government-grade security."
But a close examination of MIKEY-SAKKE reveals some serious deficiencies. The system is designed from the ground up to support "key escrow" -- that is, the ability of third parties to listen in on conversations without the callers knowing about it.
Although the words are never used in the specification, MIKEYSAKKE
supports key escrow. That is, if the network provider is
served with a warrant or is hacked into it is possible to recover
responder private keys and so decrypt past calls without the legitimate
communication partners being able to detect this happening.
Secure Chorus facilitates undetectable mass surveillance, in a way
that EDH based key encryption schemes would not. This is presented
as a feature rather than bug, with the motivating case in the
GCHQ documentation being to allow companies to listen to their
employees calls when investigating misconduct20, such as in the
The aim of GCHQ’s development of MIKEY-SAKKE – to weaken
security of in order to facilitate surveillance – is made clear through
their activity on the 3GPP standardisation committee responsible
for “Lawful Interception (LI)”: ensuring that law enforcement and
intelligence agencies are able to eavesdrop on 4G cellphone calls.
The National Technical Assistance Centre (NTAC), the part of
GCHQ responsible for assisting law enforcement and intelligence
agencies with decryption and data analysis, sits on this committee
(known as the “3GPP SA3 LI”) and their representative served as
Insecure by Design: Protocols for Encrypted Phone Calls
[Steven J. Murdoch/UCL]