Is there a standard for encryption of traffic between IP phones?
Is there a standard for encryption of traffic between IP phones? If no, then what options do enterprises have currently to protect the voice traffic passing via a public domain like the Internet?
Yes, there are standards for encrypting the payload for voice traffic that will traverse the public Internet. As you may know, VoIP calls consist of a signaling stream, such as SIP, and a voice packet transport connection, such as Real-time Transport Protocol (RTP). For SIP, you can use several encryption schemes such as HTTP Digest authentication, TLS, S/MIME or IPSec. For RTP you can use Secure RTP (SRTP).
Given these standards, you can achieve end-to-end security or secure just the part of the call that will traverse public networks. You can also transport VoIP traffic over a VPN to achieve security.
The products you use for your IP PBX or VoIP gateway must support these protocols for you to be able to make your calls secure. In addition, your network security elements (firewalls, NATs, proxies, etc.) must also be VoIP-aware. You must also realize that encrypting voice traffic has a big performance overhead on the equipment at the endpoints and thus may be able to carry less traffic.
This was first published in June 2006