Click Here To Visit SIP Broker  

Go Back   Voxalot / SIP Broker Support Forums > Voxalot Forums > Voxalot Support

Voxalot Support Support for the Voxalot service.

 
 
Reply
Thread Tools Display Modes
Unread 04-04-2007, 09:48 PM   #1
occamsrazor
Junior Member
 
Join Date: Mar 2007
Posts: 22
Thanks: 1
Thanked 2 Times in 2 Posts
occamsrazor is on a distinguished road
Default Encryption

My setup is as follows:

Linksys SPA-3102 connecting to Voxalot, connecting to 3 different SIP providers (SipGate, Voipfone.co.uk, 3starsnet.com, used for SIP calls to european landlines, and incoming calls via my european DID numbers. I don't make SIP-SIP calls.

Can someone tell me what sort of security in terms of encryption this setup gives me, and if there are ways to improve it? I realise that it's not going to be encrypted at the PSTN-terminated end of things, but is the traffic to/from Voxalot or the SIP-providers encrypted? If it's not normally, are there ways to make it more secure?

Thanks in advance...

Ben
occamsrazor is offline   Reply With Quote
Unread 04-04-2007, 10:41 PM   #2
martin
 
Join Date: Feb 2006
Posts: 2,930
Thanks: 528
Thanked 646 Times in 340 Posts
martin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the rough
Default

Voice traffic is typically not encrypted.

There are a number of different ways to implement encrypted voice like SRTP and more recently Phil Zimmermann's ZRTP

These solutions require the participation of all end points (including providers)

Until one of these standards is widely adopted by the majority of providers, it does not make sense for Voxalot to support any.

Personally, I am interested to see how ZRTP pans out.
__________________
Martin

Please post support questions on the forum. Do not send PMs unless requested.
martin is offline   Reply With Quote
Unread 04-04-2007, 11:04 PM   #3
ctylor
 
ctylor's Avatar
 
Join Date: Apr 2006
Location: Vancouver, BC
Posts: 296
Thanks: 94
Thanked 53 Times in 27 Posts
ctylor will become famous soon enough
Default

Calls made between two Voxalot accounts where each side uses a Sipura with SRTP encryption enabled will be encrypted. I've frequently made encrypted calls that way. You have to use the wizard at the following link to set up a security certificate on each Sipura first however: Certificate Authority Service for Linksys Analog VoIP Adaptors - Voxilla
ctylor is offline   Reply With Quote
Unread 04-04-2007, 11:14 PM   #4
martin
 
Join Date: Feb 2006
Posts: 2,930
Thanks: 528
Thanked 646 Times in 340 Posts
martin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the rough
Default

Quote:
Originally Posted by ctylor View Post
Calls made between two Voxalot accounts where each side uses a Sipura with SRTP encryption enabled will be encrypted. I've frequently made encrypted calls that way. You have to use the wizard at the following link to set up a security certificate on each Sipura first however: Certificate Authority Service for Linksys Analog VoIP Adaptors - Voxilla
Yes Chris, I forgot to mention this fact. As Voxalot <-> Voxalot does not involve any third party providers encryption is possible between each of the end points with Voxalot just facilitating the key exchanges.
__________________
Martin

Please post support questions on the forum. Do not send PMs unless requested.
martin is offline   Reply With Quote
Unread 04-04-2007, 11:28 PM   #5
occamsrazor
Junior Member
 
Join Date: Mar 2007
Posts: 22
Thanks: 1
Thanked 2 Times in 2 Posts
occamsrazor is on a distinguished road
Default

Thanks for the info. Seems as if there isn't much encryption opportunity in my situation, bearing in mind all my calls come from or go to the PSTN, which essentially means the VOIP part of my calls is always terminating at the SIP provider itself.
I'd hoped the SIP protocol had some sort of inbuilt encryption, so that the data traffic between me and the SIP provider could be encrypted, but seems not.
Martin - zFone & SRTP does indeed look promising, although my guess is it will face the same adoption hurdles that PGP email encryption faced - most people won't install or use it, because few people they communicate with have it installed either... a typical momentum problem.
It's a shame because one of the attractions of Skype is the inbuilt encryption. I know it's proprietary and closed-source, so no-one quite knows how good it is, but at least it's likely to stop all but pretty high-level man-in-the-middle eavesdropping.

Cheers,

Ben
occamsrazor is offline   Reply With Quote
Unread 04-04-2007, 11:51 PM   #6
martin
 
Join Date: Feb 2006
Posts: 2,930
Thanks: 528
Thanked 646 Times in 340 Posts
martin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the roughmartin is a jewel in the rough
Default

Quote:
Originally Posted by occamsrazor View Post
Martin - zFone & SRTP does indeed look promising, although my guess is it will face the same adoption hurdles that PGP email encryption faced
True, although as a voice service aggregator Voxalot is well placed to fast track adoption rates amongst other voice providers.

I just sent an email to Phil Zimmermann asking if he was interested in exploring the idea of incorporating ZRTP into our service.

I'm sure he is a busy guy, but let's see.
__________________
Martin

Please post support questions on the forum. Do not send PMs unless requested.
martin is offline   Reply With Quote
Unread 04-05-2007, 12:05 AM   #7
occamsrazor
Junior Member
 
Join Date: Mar 2007
Posts: 22
Thanks: 1
Thanked 2 Times in 2 Posts
occamsrazor is on a distinguished road
Default

True, integrating ZRTP directly into the Voxalot service could open up interesting opportunities. But normally doesn't the voice rtp traffic go direct to the SIP provider or VOIP endpoint? To use ZRTP would require voxalot to act as a kind of secured proxy for the rtp traffic right (unless the SIP provider or other endpoint supported ZRTP also)?

It would still be good mind you.... For VOIP users in not-so-democratic countries, the main worry is eavesdropping within their country's internet infrastructure, so as long as it is encrypted within the domestic infrastructure it's relatively secure for them, even if it becomes unencrypted elsewhere.

Coincidentally I just saw this on your news pages, about Counterpath embedding ZRTP in their softphones, which is pretty good news as their X-Lite & Eyebeam software is one of the more widely used softphones. Now if Linksys will just add ZRTP to my SPA-3102..... :-)

CounterPath Teams with PGP Founder Phil Zimmermann to Increase VoIP Softphone Security with Integration of Zfone's ZRTP Protocol @ SYS-CON Media

Cheers, Ben

PS - Zimmerman is a genius, I've so much respect for the guy.

Last edited by occamsrazor; 04-05-2007 at 12:08 AM.
occamsrazor is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 07:23 AM.


Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.