VoIP encryption

VoIP encryption

There are a lot of ways to attack voice systems. These range from old-school "phreaking" (Search for the 1980s era back-issues of the hacker magazine 2600 for some very interesting reading), to denial of service, to your run-of-the-mill eavesdropping. What's challenging about protecting these systems is that the nature of "convergence" means that there are many more "attack vectors". For instance, you can attack an IP telephony system by phone, or from the network/TCP/IP side, or by applications like integrated e-mail/voicemail, or the HTTP, LDAP and XML interfaces many IP phones support.

But in this tip, we'll start by covering the default security issue: encryption. The first thought most network administrators have is that encryption would be impractical for VoIP because of the CPU-intensive overhead that comes from all that crazy math. The fear is that delay and jitter the encryption process might add would make the conversation quality intolerable. This is certainly a factor to be considered, but most networks today (especially domestic ones) are finding that they have plenty of room in their delay budgets to afford encryption.

If confidential voice is a requirement in your organization (it probably isn't, as nearly all legacy phone systems lacked any encryption capabilities), then you also need to decide what device will do the encryption. It may be the case that you only need to encrypt a VoIP trunk that passes through a provider's network, in

    Requires Free Membership to View

    Login

    SearchUnifiedCommunications.com members gain immediate and unlimited access breaking industry news, expert advice on UC, technical guides, and more -- all at no cost. Join me on SearchUnifiedCommunications.com today!

    Kate Gerwig, Editorial Director

    By submitting your registration information to SearchUnifiedCommunications.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchUnifiedCommunications.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

which case you can use regular IPSec tunnels with "VPN accelerators" or other hardware-based encryption devices. These devices usually add fewer than 10 ms of delay, which is usually easy to accommodate.

If you need to encrypt all voice conversations from end-point to end-point, then you're probably looking at vendor-specific implementations. While some IP phones and gateways on the market support encryption, such as that provided by IPsec, many don't.

Fortunately, there is a draft IETF standard in the works for Secure Real-Time Protocol. Once this becomes widely implemented, encryption will be as simple to use as SSL in a browser. You may find a few phones that support this today, and if you're interested in application development as well, you can download the open-source libsrtp implementation from Sourceforge.

Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.


This was first published in September 2003

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top