Summary of the impact

GSM and 3G mobile systems do not currently support end-to-end security in the form of encryption for speech. Research at Surrey has created new speech technology which allows complete end-to-end security via the mobile speech channel. This worldwide first secure-from-eavesdropping mobile phone system is available anywhere there is mobile coverage.

A Surrey spin out, MulSys Ltd., has licensed the technology to security agencies and is now developing a mass market product.

Underpinning research

The problem addressed by Surrey researchers has been that secure mobile phones have only been available where they used the circuit switched data channel. They were thus bulky and expensive and only worked where the data channel was available, which restricted use in critical parts of the world.

The research work that led to the development of this unique technology was conducted in the Surrey I-LAB. The technological solution not only enables the encrypted speech to pass through the GSM/3G low bit rate voice coder but also allows the Voice Activity Detector (VAD) which cuts out noise, to accurately recognise speech. Thus the encrypted speech is processed in such a way that it passes through the low bit rate voice channel with excellent accuracy and is correctly interpreted by the VAD as speech. The knowledge gained from our GSM studies enabled the design of specific speech like patterns (symbols) which when concatenated could form a waveform sequence that passes through the GSM/3G voice channel with excellent accuracy. The distance (diversity) required between the selected symbols for accurate detection at the receiver end determines the throughput rate [1][2][3[4][5]. By using the voice channel, the secure communication systems has fixed and short delay, connectivity everywhere and can also transmit data with no need for additional data channel subscription. There are also no roaming problems across international borders.

No other organisation has been able to produce technology that would enable secure communication through the GSM/3G voice channel until now. Thus they have been restricted to produce secure GSM phones which use the CSD (circuit switch data) channel. However using the CSD channel raises a number of issues. A major one is delay (as data is a secondary service, networks may route the call in such a way that the delay can approach 2 seconds) rendering two way conversations impossible. Roaming (connecting in various countries) has compatibility problems and system compatibility issues (international calls can have problems when trunk networking) and thus can only work in areas where there is a GSM data service, which considerably restricts coverage. The MulSys solution developed at Surrey avoids all of these problems.

The underpinning speech coder research work was initiated in 1993 and the particular SVC research work was conducted during 2002-2006.

The main researcher was Professor Ahmet Kondoz who headed up Surrey's I-Lab research group, including; Drs. Stephane Villette, Nilantha Katugampala, Khaldoon Al-Naimi, Ian Atkinson.

References to the research

Patent: A.M.Kondoz, N. Katugampala, K.Al-Naimi, S.Villette, PCT/GB2005/001729 `Voice Data Tunnelling', November 2005, Patent ref GB 0410321.4

Details of the impact

Since the introduction of the GSM system as the global mobile communication standard; communication security has been a major topic of research by many organizations around the world. The GSM standard required that all of the mobile phone functions were to be reversed at the edge of the core network, which means that in order to have the encrypted speech coming out of the mobile phone it must be decrypted at the edge of the code network allowing eavesdropping on the conversation at the core network. Therefore although the wireless link of the GSM (and the 3G) system is fairly well protected, the end-to-end security is not satisfactory due to the problems within the core network. The only way to provide an end-to-end secure link is by enabling speech encryption before the speech signal is input to the GSM network (or in the phone). However if speech is encrypted before it enters the GSM phone, it will be treated as random noise (assuming a good encryption system) and the GSM voice activity detector will recognize it as noise and stop its transmission.

The technology developed in the I-Lab of University of Surrey converts the encrypted speech into speech like waveforms which have nothing to do with the original speech signal waveform, in such a way that it is able to pass through the end-to-end GSM network with sufficient diversity. This allows an end-to-end security which has never been possible before. This technology is the first and the only one available in the world. In order to improve the speech quality in multiple speaker and/or noisy environment a blind source separation preprocessing block has been added to the final system which not only provides security but also works robustly under varying ambient conditions.

Based on the Secure Voice Communications (SVC) technology, a University of Surrey spin-off company, MulSys Limited, has been set-up which develops the technology based on Surrey's research.

The technology is being licensed world-wide by MulSys both in software and hardware form. This is the only available technology in the world which uses the voice channel of the GSM and the 3G mobile communication systems. The impact has been created since the company demonstrated the system in the field with security agencies.

MulSys has already licensed the SVC technology to many government security agencies (confidential information available on request) receiving more than £2.5M revenues to cover more than 5000 thousand units and it is expected to reach 100k units in the next 3-5 years. The licensing deals and the income generated from these sales have allowed MulSys to grow into a multi-media communication systems company with no need for additional venture capital support.

The phones developed are specialised/customised and high cost. Due to high demand from commercial and other sectors, MulSys is now producing its own secure GSM/3G phone to market worldwide. This phone is cheaper than the customised security phones (by a factor of 4) operating over the data channel currently on the market. MulSys is expected to capture £15-20M share of the total £50-100M market value of secure GSM/3G phones.

As there was no means of communicating securely over the GSM/3G systems especially where there is no data service, the MulSys SVC technology, based on Surrey's research has offered the security organisations the opportunity to conduct their daily activities with simple and effective use of the SVC application to either lap-tops (for off-line messaging) and mobile phones instantaneous secure communication anywhere in the world where there is GSM/3G coverage.

Due its exposure in the security market MulSys has grown its signal processing coverage into various multimedia areas and has been invited into several EU FP 7 projects which are used to develop new products in the 3D content delivery area to fixed and mobile terminals. In 2013 MulSys has become a partner in the BATS project which is integrating broadband satellite and terrestrial networks and ROMEO to develop 3D content delivery. MulSys is growing and currently employs 11 people including 6 consultants. There is good transition from the University of Surrey's research group with 2 permanent employees as well as 4 Surrey researchers working as contracted consultants.

Sources to corroborate the impact

C1. Contact at MulSys (Website; www.mulsys.com) Contact details provided.

C2. Client of MulSys; representative of HMGCC. Contact details provided.

C3. http://www.computerweekly.com/news/2240057985/Surrey-secures-mobile-phone-calls

C4. http://cellular.co.za/news_2004/oct/100304-uk_team_secures_gsm_voice_calls.htm

C5. http://business.highbeam.com/4873/article-1G1-122588571/university-surrey-scientists-provide-method-securing

C6. http://www.infowars.com/print/bb/scientists_top_mobile_listening.htm