Although telecom tools have long been overlooked by the cyber risk prevention strategies implemented by organisations, recent scandals related to data leaks and the war in Ukraine have led to higher awareness in recent years. In addition to focusing on securing their infrastructures, companies and public organisations are now looking to secure the sensitive data exchanged by their employees via audio, video or chat calls.
Since the creation of our company in 2010, cybersecurity issues have been a priority for us. For 13 years, we have been developing innovative software for secure communications. This security is provided at several levels.
Firstly, in an internet communication solution, client software applications (e.g. Linphone) communicate with each other through server software (e.g. Flexisip). It is important to securely authenticate these programs when they contact each other. We perform this double check and secure the connection channel using TLS.
We then guarantee that the content exchanged in this way (audio/video streams, text messages and attachments) remains confidential, thanks to our end-to-end encryption technology. Today, a great deal of attention is being paid to the hosting of Cloud solutions, such as via the SecNumClud label offered by the ANSSI. But what happens if an attacker manages to hack the server anyway? We decided to go one step further in order to protect against a possible compromise of the servers: even if the flows passing through the server are intercepted, they cannot be decrypted. For end-to-end call encryption, Linphone supports several standardised protocols such as SRTP, SRTP-DTLS (used in WebRTC) and ZRTP, while for chat, we have developed an end-to-end encryption solution derived from the Signal protocol.
We continue to commit significant R&D resources to anticipate future cyber threats to communications. For example, a few months ago, we officially launched one of the world's first open-source integrations of a communication encryption algorithm in Linphone that is robust to an attack by a quantum computer. According to the ANSSI, the quantum computer is a real threat that is likely to emerge in the coming decades. In response to this threat, NIST (the US agency that standardises encryption algorithms internationally) launched a competition in 2016 to standardise post-quantum encryption algorithms. We have integrated the winner of the "encryption key exchange" category, called CRYSTALS-Kyber, into our solution. Even though a quantum computer has not yet officially seen the light of day, it is essential to protect ourselves against this threat, as today's communications could be stored by attackers in order to be decrypted tomorrow by this type of computer.
Finally, a further source of attack can emerge in the case where the choice of whether or not to activate the security mechanisms is left to end users. This is why we are currently working on a feature that allows organisations to enable advanced security features for their service by default.
To learn more about the security mechanisms developed in conjunction with the Linphone/Flexisip solution, you can read our white paper.
If you wish to deploy a secure softphone in your organisation, or if you wish to integrate one of our software components to develop your own secure communication solution, please do not hesitate to fill out our contact form and to consult our brochure.