Currently, there are a number of encryption technologies being proposed for VoIP by the Internet Engineering Task Force (IETF), the body which produces the documentation and recommendations for protocol design for the Internet. As typical Internet transmission of VoIP is accomplished through SIP, there are actually three protocols involved in the VoIP traffic: SIP, Session Description Protocol (SDP) and RTP. SIP and SDP are transmitted in cleartext over port 5060 and may be encrypted using Transport Layer Security (TLS) which some handsets and IP PBXs now support.
The media, which is transported using RTP, is where the standards are not yet fully developed. The two main contenders for this are Secure RTP (SRTP) and ZRTP, both of which utilize a variant of key exchange for encrypting the media stream. SRTP entails a separate key management system while ZRTP utilizes an in-band key exchange during the call setup. In other words, ZRTP is transparent to the user! However, neither of these proposals has gained widespread use in the vendor market, meaning you won't see many handsets supporting this yet.
Dig Deeper on VoIP QoS and Performance
Related Q&A from Andrew Graydon
A law enforcement professional charged with understanding the ways that crimincals might abuse VoIP, gets expert advice from Andrew Graydon, Chair of... Continue Reading
Expert Andrew Grayson of VoIPSA explains some cost-efficient alternatives to keeping data and VoIP traffic on separate VLANs. Continue Reading
A SearchEnterpriseVoice.com member asked, "Do session border controllers (SBCs) improve security at the level of VoIP traffic?" Get the expert answer... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.