9.12. Countering interception of telephony links
Modems calls over telephones can be intercepted. This can be
an issue if you do not trust a telecommunications carrier in your
call's path, or if you do not trust the law enforcement agencies
that may request interception facilities from that carrier.
International calls are particularly exposed. Calls which
are routed across satellite or wireless links can be intercepted by
readily-available radio receivers. Calls routed across undersea
links are much more expensive to intercept, so this is probably
limited to national governments, such as those using the Echelon
system.
If you do not pass sensitive data over the link, then the
major exposure is typing in your user name and password. Look into
S/KEY
or look into OPIE
and its related An
OPIE for
PAM.
These one-time password systems have flaws, a good summary of
these is Vulnerabilities in the
S/KEY one time
password system by Peiter ‘mudge’
Zatko.
| Cryptographic key material |
---|
| Possessing cryptographic key material, such as a one-time
password generator or list of one-time passwords, is a serious
criminal offense in some countries. You must acquiant yourself with the laws in your
jurisdiction and the laws of jurisdictions you may travel
through. |
| Defeating telecommunications interception |
---|
| Taking steps to defeat or avoid legislatively-approved
telecommunications interception is a serious criminal offense in
some countries. You must acquiant yourself with the laws in your
jurisdiction and the laws of jurisdictions you may travel
through. |