Encryption

occamsrazor · 04-04-2007, 09:48 PM

My setup is as follows:

Linksys SPA-3102 connecting to Voxalot, connecting to 3 different SIP providers (SipGate, Voipfone.co.uk, 3starsnet.com, used for SIP calls to european landlines, and incoming calls via my european DID numbers. I don't make SIP-SIP calls.

Can someone tell me what sort of security in terms of encryption this setup gives me, and if there are ways to improve it? I realise that it's not going to be encrypted at the PSTN-terminated end of things, but is the traffic to/from Voxalot or the SIP-providers encrypted? If it's not normally, are there ways to make it more secure?

Thanks in advance...

Ben

martin · 04-04-2007, 10:41 PM

Voice traffic is typically not encrypted.

There are a number of different ways to implement encrypted voice like SRTP and more recently Phil Zimmermann's ZRTP

These solutions require the participation of all end points (including providers)

Until one of these standards is widely adopted by the majority of providers, it does not make sense for Voxalot to support any.

Personally, I am interested to see how ZRTP pans out.

ctylor · 04-04-2007, 11:04 PM

Calls made between two Voxalot accounts where each side uses a Sipura with SRTP encryption enabled will be encrypted. I've frequently made encrypted calls that way. You have to use the wizard at the following link to set up a security certificate on each Sipura first however: Certificate Authority Service for Linksys Analog VoIP Adaptors - Voxilla

martin · 04-04-2007, 11:14 PM

Quote:

Originally Posted by ctylor

Calls made between two Voxalot accounts where each side uses a Sipura with SRTP encryption enabled will be encrypted. I've frequently made encrypted calls that way. You have to use the wizard at the following link to set up a security certificate on each Sipura first however: Certificate Authority Service for Linksys Analog VoIP Adaptors - Voxilla

Yes Chris, I forgot to mention this fact. As Voxalot <-> Voxalot does not involve any third party providers encryption is possible between each of the end points with Voxalot just facilitating the key exchanges.

occamsrazor · 04-04-2007, 11:28 PM

Thanks for the info. Seems as if there isn't much encryption opportunity in my situation, bearing in mind all my calls come from or go to the PSTN, which essentially means the VOIP part of my calls is always terminating at the SIP provider itself.
I'd hoped the SIP protocol had some sort of inbuilt encryption, so that the data traffic between me and the SIP provider could be encrypted, but seems not.
Martin - zFone & SRTP does indeed look promising, although my guess is it will face the same adoption hurdles that PGP email encryption faced - most people won't install or use it, because few people they communicate with have it installed either... a typical momentum problem.
It's a shame because one of the attractions of Skype is the inbuilt encryption. I know it's proprietary and closed-source, so no-one quite knows how good it is, but at least it's likely to stop all but pretty high-level man-in-the-middle eavesdropping.

Cheers,

Ben

martin · 04-04-2007, 11:51 PM

Quote:

Originally Posted by occamsrazor

Martin - zFone & SRTP does indeed look promising, although my guess is it will face the same adoption hurdles that PGP email encryption faced

True, although as a voice service aggregator Voxalot is well placed to fast track adoption rates amongst other voice providers.

I just sent an email to Phil Zimmermann asking if he was interested in exploring the idea of incorporating ZRTP into our service.

I'm sure he is a busy guy, but let's see.

occamsrazor · 04-05-2007, 12:05 AM

True, integrating ZRTP directly into the Voxalot service could open up interesting opportunities. But normally doesn't the voice rtp traffic go direct to the SIP provider or VOIP endpoint? To use ZRTP would require voxalot to act as a kind of secured proxy for the rtp traffic right (unless the SIP provider or other endpoint supported ZRTP also)?

It would still be good mind you.... For VOIP users in not-so-democratic countries, the main worry is eavesdropping within their country's internet infrastructure, so as long as it is encrypted within the domestic infrastructure it's relatively secure for them, even if it becomes unencrypted elsewhere.

Coincidentally I just saw this on your news pages, about Counterpath embedding ZRTP in their softphones, which is pretty good news as their X-Lite & Eyebeam software is one of the more widely used softphones. Now if Linksys will just add ZRTP to my SPA-3102..... :-)

CounterPath Teams with PGP Founder Phil Zimmermann to Increase VoIP Softphone Security with Integration of Zfone's ZRTP Protocol @ SYS-CON Media

Cheers, Ben

PS - Zimmerman is a genius, I've so much respect for the guy.

04-04-2007, 09:48 PM	#1
occamsrazor Junior Member Join Date: Mar 2007 Posts: 22 Thanks: 1 Thanked 2 Times in 2 Posts	Encryption My setup is as follows: Linksys SPA-3102 connecting to Voxalot, connecting to 3 different SIP providers (SipGate, Voipfone.co.uk, 3starsnet.com, used for SIP calls to european landlines, and incoming calls via my european DID numbers. I don't make SIP-SIP calls. Can someone tell me what sort of security in terms of encryption this setup gives me, and if there are ways to improve it? I realise that it's not going to be encrypted at the PSTN-terminated end of things, but is the traffic to/from Voxalot or the SIP-providers encrypted? If it's not normally, are there ways to make it more secure? Thanks in advance... Ben

04-04-2007, 10:41 PM	#2
martin Join Date: Feb 2006 Posts: 2,930 Thanks: 528 Thanked 646 Times in 340 Posts	Voice traffic is typically not encrypted. There are a number of different ways to implement encrypted voice like SRTP and more recently Phil Zimmermann's ZRTP These solutions require the participation of all end points (including providers) Until one of these standards is widely adopted by the majority of providers, it does not make sense for Voxalot to support any. Personally, I am interested to see how ZRTP pans out. __________________ Martin Please post support questions on the forum. Do not send PMs unless requested.

04-05-2007, 12:05 AM	#7
occamsrazor Junior Member Join Date: Mar 2007 Posts: 22 Thanks: 1 Thanked 2 Times in 2 Posts	True, integrating ZRTP directly into the Voxalot service could open up interesting opportunities. But normally doesn't the voice rtp traffic go direct to the SIP provider or VOIP endpoint? To use ZRTP would require voxalot to act as a kind of secured proxy for the rtp traffic right (unless the SIP provider or other endpoint supported ZRTP also)? It would still be good mind you.... For VOIP users in not-so-democratic countries, the main worry is eavesdropping within their country's internet infrastructure, so as long as it is encrypted within the domestic infrastructure it's relatively secure for them, even if it becomes unencrypted elsewhere. Coincidentally I just saw this on your news pages, about Counterpath embedding ZRTP in their softphones, which is pretty good news as their X-Lite & Eyebeam software is one of the more widely used softphones. Now if Linksys will just add ZRTP to my SPA-3102..... :-) CounterPath Teams with PGP Founder Phil Zimmermann to Increase VoIP Softphone Security with Integration of Zfone's ZRTP Protocol @ SYS-CON Media Cheers, Ben PS - Zimmerman is a genius, I've so much respect for the guy. Last edited by occamsrazor; 04-05-2007 at 12:08 AM.

04-04-2007, 11:04 PM	#3
ctylor Join Date: Apr 2006 Location: Vancouver, BC Posts: 296 Thanks: 94 Thanked 53 Times in 27 Posts	Calls made between two Voxalot accounts where each side uses a Sipura with SRTP encryption enabled will be encrypted. I've frequently made encrypted calls that way. You have to use the wizard at the following link to set up a security certificate on each Sipura first however: Certificate Authority Service for Linksys Analog VoIP Adaptors - Voxilla

04-04-2007, 11:28 PM	#5
occamsrazor Junior Member Join Date: Mar 2007 Posts: 22 Thanks: 1 Thanked 2 Times in 2 Posts	Thanks for the info. Seems as if there isn't much encryption opportunity in my situation, bearing in mind all my calls come from or go to the PSTN, which essentially means the VOIP part of my calls is always terminating at the SIP provider itself. I'd hoped the SIP protocol had some sort of inbuilt encryption, so that the data traffic between me and the SIP provider could be encrypted, but seems not. Martin - zFone & SRTP does indeed look promising, although my guess is it will face the same adoption hurdles that PGP email encryption faced - most people won't install or use it, because few people they communicate with have it installed either... a typical momentum problem. It's a shame because one of the attractions of Skype is the inbuilt encryption. I know it's proprietary and closed-source, so no-one quite knows how good it is, but at least it's likely to stop all but pretty high-level man-in-the-middle eavesdropping. Cheers, Ben