GSMK CryptoPhone 500 Manuel utilisateur
GSMK CryptoPhone 500
Quick Start Guide
© 2013 GSMK mbH
Berlin, Germany
http://www.cryptophone.com/
IP
0 Introduction
The CryptoPhone 500 is a state
of the art encrypted telephone
that provides you with secure
calls over IP (via GSM/EDGE, 3G
or WLAN), secure SMS, and se-
cure storage for your contacts,
notes and secure SMS messages.
To protect the integrity and
security of the phone and your
data, the CryptoPhone 500 is
built on a hardened Android-
based operating system and
includes additional 360° security
systems, among them a Base-
band Firewall, a Permission
Enforcement Module for appli-
cations and an IP Firewall.
Security Advice: You should
always keep your CryptoPhone
with you to prevent manipula-
tion by attackers gaining physi-
cal access to the device.
Installing any potentially mali-
cious third-party apps on your
CryptoPhone 500 may, despite
of the built-in security mea-
sures, under some circumstances
compromise the security of your
data or your secure commu-
nications and is therefore not
recommended.
1 Select Security Level
The operating system of
your CryptoPhone has been
hardened against a num-
ber of known attacks.
To make use of this protec-
tion mechanism, the rst
step to congure your
CryptoPhone before you
take it in use, is to select
the operating sys-
tem’s security level
in the Security
Prole Manager
tool (this does
not inuence the
security of en-
crypted telephony
or SMS).
To reduce the
likelihood of new
and unknown attacks impacting
the security of your phone, the
higher security levels disable
more applications and services
than the lower security levels.
Setting the system’s security
level thus enables you to choose
the right balance between con-
venience and security by remov-
ing more potentially vulnerable
components and capabilities in
the higher security levels. Please
read the description of each se-
curity level carefully and choose
the level most appropriate for
you.
The default security level is
High. While you can always
switch to a different security
level later by cold booting the
phone (see section 13), doing so
will erase all data stored on the
phone.
2 Set Passphrase for
Secure Storage
The secure storage subsystem
contains your encrypted SMS
messages, your secure contacts,
and your secure notes.
After booting up, the phone
will ask you to set the pass-
phrase for the secure storage
container.
The strength of protection of
the secure storage container
depends entirely on how diffi-
cult it is to guess your pass-
phrase.
A passphrase consisting of at
least 16 characters, consisting
of a mix of letters, numbers and
punctuation characters, is rec-
ommended. For instance, you
could use the initial letters from
the words of a poem
or song text which you
remember well and
replace some of the let-
ters with numbers.
Avoid words that can be
found in a dictionary.
You can later change
the passphrase and
congure the automatic
timeout for locking the
secure storage con-
tainer in the settings.
Note: If you forget
your passphrase,
there is no way to
retrieve your data.
The encryption system
contains no backdoor
or master key. So
make sure not to for-
get the passphrase.
3 Check your CryptoPhone
Number
Your personal CryptoPhone
number can be found in the
“phone number” section of the
CryptoPhone settings menu.
You need to be logged into
the secure storage container to
access the settings menu. Your
passphrase will be required if
you are not logged in at the
moment. Write down your
CryptoPhone number so that
you can give it to your contacts.
Your CryptoPhone telephone
number does not change, no
matter what SIM card you put
into the phone or whether you
roaming (see section 4), even if
you use Wireless LAN or a satel-
lite terminal.
4 Data Connection
required
Please note that the Crypto-
Phone 500 will establish a data
connection to stay online (so
that you can be reached) and
transmits more data when you
make or receive a call.
Normal data usage ranges from
2 to 5 Megabytes per 24 hours
in standby mode to keep the
CryptoPhone connected.
Using the CP500 over a mobile
phone network (3G/UMTS,
EDGE, or GSM GPRS) without
an affordable data plan can
result in high charges. When
you are roaming on a foreign
network, your mobile network
operator will typically bill you
for additional roaming charges.
To avoid such costs it is strongly
recommended to use tariff
plans with data at rates.
Tip: When traveling abroad,
obtain a pre-paid SIM card from
a local network of the country
you are going to that offers a
reasonable data plan (remem-
ber that your CryptoPhone
number does not change when
you change the SIM card).
Troubleshooting: If you experi-
ence difculties in getting your
data connection to work, set
the phone to “Basic Security” or
“Medium Security” (see sections 1
and 13).
Then work with your network
operator to set the correct APN
address and user conguration
until you can use the phone’s
web browser to access the Inter-
net. Alternatively, use Wireless
LAN / WiFi to connect to the
Internet.
When you can access the In-
ternet from your web browser,
your CryptoPhone should also
be able to establish secure con-
nections.
CryptoPhone IP calls require a
working Internet connection.
5 Connect to Secure
Network
To connect your
CryptoPhone to the
secure network, press
the offline status icon on the
CryptoPhone main screen.
It will show an ani-
mation while it tries
to connect.
6 Store your Contacts
Each contact stored in the
secure storage area consists of
one CryptoPhone number and
up to two GSM numbers. The
rst entry is the CryptoPhone
number, which usually starts
with +807.
This number can be used to
initiate secure voice calls. Like
your own
CryptoPhone
number, it
always stays
the same, even
if your partner
switches to a
different mo-
bile network
operator or is
online via Wire-
less LAN.
CryptoPhone numbers (+807)
cannot be used to send secure
SMS messages.
The GSM numbers are used for
sending secure SMS messages.
They are the normal mobile
phone numbers of your contact.
Use the optional secondary
GSM number to keep track of
your contact’s local pre-paid
If your CryptoPhone
is connected to the
secure network,
the icon will show a
checkmark.
If you want to dis-
connect from the
secure network,
press the status icon
again. This disables
the secure network connection.
number that your communica-
tion partner might use while
traveling abroad.
To add a new contact, press
the CryptoPhone
“Contacts” button
in the main menu,
then press the “Add
Contact” icon in the
lower left corner of
the screen.
Enter the name and corre-
sponding CryptoPhone number
for the contact you want to call
securely.
You will recognize a valid
CryptoPhone number by a spe-
cial prex, usually +807. Please
note that those CryptoPhone
numbers cannot be reached
from the normal telephone
network.
Optionally, enter one or two
GSM phone numbers of your
contact, if you also plan to ex-
change secure SMS messages.
Press “Save” to store the con-
tact. You can edit a contact
entry later on by selecting that
contact and pressing the “Edit”
icon in the lower right corner of
the screen.
7 Make A Secure Call
Press the “Contacts” button,
select the contact you want to
call and press the “Dial” button
in the lower left corner of the
screen.
The secure call screen opens
and, if your partner is available,
you will hear a ring tone. When
your partner picks up, the text
“Key Exchange” is shown on
the display and you will hear
a special tone sequence indi-
cating that the cryptographic
key exchange is in progress.
After the key exchange is
completed, six letters are
shown. These six letters are
a cryptographic ngerprint
of the unique session key
used during your secure call.
Once the call
has been es-
tablished, read
out the three
letters that are
shown under
the label “You
say” and verify
that the letters
your partner
reads out to you
are the same
as shown under the label that
reads “Partner says”.
If they do not match, you
should not consider the line
secure.
The quality indicator icon
changes color depending on the
delay and overall quality of the
connection. If it stays orange or
red, try to change to a location
with better network coverage.
If it stays red and your call has
glitches or bad audio, change to
a location with better network
coverage, try disconnecting
and reconnecting to the secure
network (see section 5), then call
again.
Please note that call quality can
be sub-optimal in fast-moving
vehicles.
8 Send a Secure Text
Message
Before you can exchange
secure SMS messages with
a contact, you need to
complete a key exchange
for text messaging.
To initiate the key ex-
change, go to the Crypto-
Phone “Contacts” menu,
highlight the name
of your contact and
keep it pressed,
then select “Show/
Edit Details” from
the pop-up menu.
You can now ini-
tiate the key ex-
change by pressing
the “key exchange”
button.
For each key exchange,
ve SMS messages will
be sent and received,
containing the public key
material.
After a key exchange is
completed, you will be
asked to verify the new
SMS key, either with a
secure phone call or by
other means.
Like in a secure
phone call, the six
letters of the cryp-
tographic nger-
print of your key
are shown on the
display.
Read out the three
letters that are
shown under “You
say” and verify that
Table des matières
Autres manuels GSMK Téléphone portable
