digg

Facebook Connect Join Digg About

How to: Encrypt Your VoIP

voipnow.org VoIP traffic flows across the Internet in unencrypted packets, which means anyone that has access to the network between sender and recipient can intercept them. Here are 5 methodologies to secure yourself against these attacks: Zfone, Built-in Encryption, Transport Layer Security and IP Security, Secure Real-Time Transfer Protocol and VPN.

Who dugg this? Made popular Apr 25, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

24 Comments

show profanity settings
expand all
  • mthoringen, on 10/12/2007, -0/+7I understand that Skype calls are encrypted end-to-end automatically.
  • asciiforever, on 10/12/2007, -0/+6If you're asking what I think you're asking, then no, I don't think that would be possible. The main reason is that VoIP is lossy. There is no requirement that all the data input at one end actually makes it to the other side as long as *enough* data makes it so that the person at the other end can understand the conversation. With encrypted data, if you lose a piece of it, you can't decrypt it on the other end. It's like taking a page of a novel and making a random selection of the words disappear. You can probably still keep up with what's going on on that page. However, if that page suddenly became one of those letter substitution puzzles, you're screwed.

    I'm sure that's a terrible explanation, but it makes sense to me.
  • drewpost, on 10/12/2007, -0/+6Are there any methods by which to encrypt Vonage calls?
  • washcapsfan37, on 10/12/2007, -0/+4Just make sure it doesn't violate any of Verizon's patents!
  • TeatimeGrommit, on 10/12/2007, -0/+4The article mentioned that Skype encrypts calls, but that's only going to count for Skype to Skype calls. Skype can also call landlines or potentially other VOIP services. Such calls won't be encrypted because Skype's method is unfortunately proprietary and so incompatible with other carriers.
  • splendid, on 10/12/2007, -1/+4"One of the advantages of Zfone is that it works with almost all existing VoIP clients, with the exception of proprietary systems such as Skype"

    I know nothing about the inner workings of VoIP but would it not be possible to create software, at the driver level, to encrypt/decrypt audio data before it was passed to the VoIP client? That way even Skype would happily accept encrypted data without any modification to the client, or knowledge of the protocol it uses.
  • splendid, on 10/12/2007, -0/+3@asciiforever,

    yeah that makes sense, encryption basically totally falls over if you start losing chunks of data at random.
  • misxn, on 10/12/2007, -0/+3That would make it easier to spoof the origin. Not easy, but easier.
  • signal15, on 10/12/2007, -0/+2Actually, this article kind of blows. There were no specifics or digging into each method. Two of the things that were touched on were SRTP and TLS. These can be combined with each other for a secure key exchange for SRTP. The new Polycom software supports SRTP/TLS. Asterisk does not. So if you're running Asterisk and want this encryption, you can toss an OpenSER box in front of it which supports SRTP/TLS.

    My cat could have written a better article.
  • meuge, on 10/12/2007, -1/+3Everyone should be using encryption all the time. But I have trouble understanding why anyone would use encryption systems that are proprietary and closed. I can't possibly trust a closed-source encryption system.

    Therefore you should use the following applications:
    Email encryption: OpenPGP
    File encryption: TrueCrypt
    Messaging: Gaim + Gaim Encryption plugin
  • Surefoot, on 10/12/2007, -0/+2
    This is ok for PC to PC calls.

    Just understand that none of this matters for PSTN calls. Thanks to CALEA, all providers on the PSTN network in the US must provide wiretapping capability, and they do. This includes land line, cell phones, and even services like Vonage.

    Even if this were not the case, you just can't do end to end encryption from your PC to your Mom's phone unless she's got some fancy spook equipment that works with your encryption. Anyone can still go to the copper pair outside her house and listen all they want. Even if you call her with Skype, they can listen in on her PSTN side.

    If you're totally paranoid and want total encryption, do it end to end and stay off the PSTN.
  • TeatimeGrommit, on 10/12/2007, -0/+2WEP was an open standard and look at what happened to it! Openness does not equal security. That said, the programs recommended above (OpenPGP, etc.) are secure for a different reason. That is that the *math* behind them was opened up to public review *years* before the code was written. It takes a long time for the math guys to figure out if a new security protocol will really protect against hackers or not.

    Skype may be using a WEP-like method, or they may be using a more mathematically sound approach. They don't need to open source their model to prove its security, but they do need to publish the algorithm they use and the mathematical underpinnings of their approach. (Opening the algorithm also introduces the possibility of interoperability without exposing any hidden trade secrets like how Skype improves performance with their implementation)
  • Wootery, on 10/12/2007, -0/+1"I love how I am always the first to discover, support, and comment on these articles"
    Proud of getting first post?

    "but you guys always feel the need to bury my comments. Jeez..grow up."
    No. I will always bury useless waste-of-space comments like "Nice roundup - submitted in queue @ tweako.com", which is at worst spam for 'tweako.com' and at best says nothing at all.

    Whether it's the first post is unimportant to me. Your comment sucked - that is why we buried it.
  • Wootery, on 10/12/2007, -0/+1@Teatime
    "Skype may be using a WEP-like method, or they may be using a more mathematically sound approach."

    I think meuge's point in saying "I can't possibly trust a closed-source encryption system" was that because you don't know how it
    works, you don't know if it's really secure; they could just be relying on security by obscurity.
  • xandroz, on 10/11/2007, -0/+1How to encrypt with VPN:
    http://www.jaec.info/Firewall/VPN%20Firewall/firewall-vpn-introduction-1.php
  • JimXugle, on 10/12/2007, -0/+1Is it just me, or would it be an awesome project to rip out the guts of an old Rotary phone and replace them with Gumstix, WiFi, and encrypted VoIP ?
  • grumpyrain, on 10/12/2007, -0/+1I actually don't think encryption adds any more complexity in this area. GSM or newer mobile phone networks encrypt your conversation through the air.
  • SpaceMonkeyZero, on 10/12/2007, -0/+0eeenteresting:

    Check the 3rd post @
    http://www.vonage-forum.com/ftopic353.html
  • Wootery, on 10/12/2007, -1/+1"If someone wants to intercept my calls, good luck to them."

    Ah, the classic moral justification for surveillance : If you don't value your privacy, you've got nothing to fear.

    Practicality aside, there's no reason why you shouldn't encrypt everything - no risk of interception is a good one.
  • stanford93, on 10/12/2007, -0/+0drood, with cell calls, it was relatively hard to spoof the handset and steal service. With VoIP, if you authenticate in an insecure manner, it's childs play. enjoy the bill for the 10,000 international LD minutes terminating to cameroon.

    also, it's not just residential users using VoIP. granted, your conversations are incredibly boring. those of a commodities trader talking shop with his clients? much less so.
  • goosman99, on 10/12/2007, -0/+0@TeatimeGrommit

    While the Skype call wouldn't be encrypted end to end it would be interesting to know if Skype encrypts the call to the interchange point (There may be another telecom term for this) where the VOIP call changes to a PSTN call. The PSTN part would of course be unencrypted, but I would hope that Skype encrypted the IP part of it.
  • Drood, on 10/12/2007, -3/+2THE SKY IS FALLING!!!! You know what else is sent over the net unencrypted? EMAIL!!!!!!!!!!!!!!! OMFG!!!

    Good grief... Most traffic over the net is unencrypted, so what? Why is VOIP more important? I mean for crying out loud, I don't recall this over cellphones, and before the move to digital, you could tune any scanner, even ones with the cell frequencies blocked, and listen to pretty much all the cellphone calls you could wish for.

    If someone wants to intercept my calls, good luck to them. They will be incredibly bored. In my cellphone snooping days I learnt a valuable lesson. Other people are INCREDIBLY boring.
  • deanc, on 10/12/2007, -2/+1You are right, it's a crap article. However your comment about Asterisk not having encryption isn't correct.

    The big issue has always been setup....... until soon :)

    If you are an ITSP and interested in trialing a new method of encryption for asterisk calls then get in touch with me in the NY office of Mexuar.

    no personal users at the moment please, this is a service provider encryption solution that encrypts the call from pc to asterisk then back out to pc (also only client to client at the moment - not suitable for termination on other zphone clients.

    Cheers,
    Dean
  • dailypositive, on 10/12/2007, -4/+2Great Post! Thanks for providing the great How to Info!

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.