Secure VoIP, an Achievable Goal

An anonymous reader writes "ITO is running a comprehensive article on VoIP security issues and how one can protect against them: "VoIP creates new ways of delivering fully-featured phone services that promise big cost savings and open the way for a whole new range of multimedia communication services. After years of 'will it, won't it' speculation and unfulfilled predictions of universal adoption, Gartner is now positioning VoIP firmly on its way to the 'plateau of productivity' on its widely-respected technology hype cycle. But questions about its security and reliability persist.""

It Sure Is

[eldavojohn]

See Zfone.

Re:It Sure Is

[Ryan+Amos]

That picture scares me.

Re:It Sure Is

[MoogMan]

Zfone's MITM attack is flawed if you do not recognise the voice of the other person.

It is, however, the best set of ideas that have come up yet - with an implementation too.

Re:It Sure Is

In terms of no way to guarantee the caller id? I for one can live with that.

Would love to see this used in asterisk.

Re:It Sure Is

[Kadin2048]

Could you explain why this is so?

I've read the FAQ and I don't think this is the case. ZPhone gives you an authentication string that you read to the person on the other end of the line, and they read (theirs) to you, so you can be sure that the node that your computer is connected to is the same one that the person at the other end of the call is sitting in front of. This seems to prevent most passive MiTM attacks that would insert a server somewhere into the middle of the connection that decrypted your side of the call and then re-encrypted it and sent it along to the person you wanted to talk to.

It of course doesn't guarantee that the person on the other end of the phone is the person you want to talk to -- but that's no more or less secure than any other telephone conversation, and really not much less secure than talking in person to a stranger you're unfamilar with. The authentication is to the phone, not to the person.

I don't really see the implementation as flawed for this. It seems significantly better than Skype, and as good as anything else that civilians have access to right now.

Re:It Sure Is

Sure.

This seems to prevent most passive MiTM attacks that would insert a server somewhere into the middle of the connection that decrypted your side of the call and then re-encrypted it and sent it along to the person you wanted to talk to.

Correct.

It of course doesn't guarantee that the person on the other end of the phone is the person you want to talk to -- but that's no more or less secure than any other telephone conversation, and really not much less secure than talking in person to a stranger you're unfamilar with. The authentication is to the phone, not to the person.

This is the point I was making. You can't guarantee that the person is who you're really talking to (not just talking to someone, who is relaying the message back and forth to your endpoint). Unless you recognise the person's voice, of course.

I don't really see the implementation as flawed for this. It seems significantly better than Skype, and as good as anything else that civilians have access to right now.

I agree. And I guess, a system really can only authenticate the endpoint (not the person at that endpoint). Thanks for making me re-think :)

-moogman

Gotta lay off the porn!

[dietrollemdefender]

VoIP creates new ways of delivering fully-featured phone services that promise big cost savings

I read that as:

VoIP creates new ways of delivering filthy-featured phone services that promise big cost savings...

Oh-boy.

I'd like to be able to hear the pin drop first.

[bepolite]

I still think VOIP has a long way to achieve the same level of audio quality you get on a regular land line phone. I use VOIP at home and at work (2 different VOIP providers and 2 different ISP's) and both myself and the people I call can tell the difference. I love the features and I want them to keep coming, but I'd like to see the audio quality improve too!

Re:I'd like to be able to hear the pin drop first.

[Billosaur]

I love the features and I want them to keep coming, but I'd like to see the audio quality improve too!

I'm more interested in the security aspect. Cell phones used to be atrociously noisy but the technology rapidly evolved to where, when your call isn't being inconveniently dropped, you can hold a conversation that's pretty clear. It will take VoIP a while, but in the end the audio quality will match what the phone company offers now. I just hope the prices don't start to balloon shortly thereafter.

Re:I'd like to be able to hear the pin drop first.

That depends on which bandwidth you have.

We've got DSL6000 (6Mbit) and can make many VoiP phonecalls at the same time with a quality that is _clearly_ better than the average phone line.

Hell we even watch movies using that line. So I really don't understand your problem.

(6Mbit are cheaper than a phone (or that _dead!_ ISDN which T-Com desperately tries to sell)).

Re:I'd like to be able to hear the pin drop first.

[cybernate]

Ah, yes the quality issue. It drives me crazy that when VoIP providers (yes, as Co-Founder of BroadVoice I was one of them) try to build services the benchmark is PSTN. They use CODECs such as G.711 and G.729 that are almost as old as I am. Believe it or not, DSP power has increased in the last 20 years, Next gen CODECs such as SPEEX can deliver great quality at low bit rates and was designed for packet networks. One other big issue is that PSTN is only about 4 kHz of bandwidth, when you take the guardbands out it is more like 400 - 3600 kHz. SPEEX, AMR-WB and others support 16 or even 32 kHz of voice bandwidth. The problme is a chicken and egg issue. CPE guys don't want to support it because there is nothing to terminate to. ALl the major VoIP guys use people like Global Crossing, BroadWing, XO, for SIP origination/termination and they use SONUS or other TGs that only G.711 or a few other CODECs. The real solution is for VoIP providers to support transcoding at the edge. That way you can use next gen CODECs on the last mile and then hand of G.711 to orig/term providers.

Re:I'd like to be able to hear the pin drop first.

[cybernate]

It's not an issue of bandwidth unless you are talking peer to peer with some client that supports more advanced CODECs. If you call touches PSTN, 99% of the time you are going to use G.711. If your provider users compression your most likely using G.729 and that has a MOS of 3.8 best case.

Re:I'd like to be able to hear the pin drop first.

[DarthBart]

You have to draw a distinction between "voip" and "voip over the Internet". VOIP over the internet will almost never reach full toll quality all the time, simply due to the dynamic nature of the public internet (variable delay, packet loss, jitter, all that happy horsestuff).

I run an Asterisk-based switch for all the company PBX traffic as well as a separate one for our VSAT satellite customers. We have full control over all aspects of the network and we have our own PSTN termination circuits, so there has never been an issue with quality.

Re:I'd like to be able to hear the pin drop first.

[jo42]

Let me know when VOIP continues to work when the power goes out. Then I might consider using it.

"They can hear you now." - NSA courtesy of AT&T.

Re:I'd like to be able to hear the pin drop first.

[dugjohnson]

I have no problem with VOIP quality as long as I am talking to someone else VOIP. The problem is in the transition to POTS and that varies depending on where I call. I have one place in FL I no longer use my VOIP line because it doesn't work. But there are other places that have no problem at all. Until there is a seamless transition to the POTS system (or POTS goes away) there will be problems, but VOIP isn't totally to blame.

Re:I'd like to be able to hear the pin drop first.

[Afrosheen]

Our provider (Commpartners) gives us about 98% landline quality. The first place to start looking when quality is missing is on your own LAN, the second place is your codec choice, the third is your internet connection itself. Residential connections rarely have the upstream and reliability for really good voip.

Re:I'd like to be able to hear the pin drop first.

[mspohr]

Actually, my experience is that the audio quality of VOIP is much better than land line it seems to have a much greater frequency range (better high and low frequency reproduction). I use Skype primarily... others may not be as good.

Of course, Skype runs on the public Internet and is subject to traffic congestion, etc. so you can get delays and breakup but I have used it successfully from very distant places in Africa and Asia and it works very well.

Re:I'd like to be able to hear the pin drop first.

It worked for me last Sunday. You just need to plug into a UPS (~$35--saved in 1 month with Vonage).

Re:I'd like to be able to hear the pin drop first.

[vertinox]

Let me know when VOIP continues to work when the power goes out. Then I might consider using it.

I always thought of this as a fallacy.

Generally, in major disaster or emergency situations you loose both power and lan line since most areas put them on the same pole.

If a tree falls during a hurricane it generally takes out both lines.

Unless of course if you have the phone lines buried and the powerlines on the poles or vice versa... This of course depends on where you live and how good your power is.

While living in Atlanta, the power would go out all the time due to crappy service. In say... Philadelphia, I have never seen the power go out.

However, I've seen my Comcast connection die with all four legs in the air for hours on end with no good reason.

If you are worried about loosing the phone because of power outages... Just get a cell phone. The Central offices and cell phone towers usually have power generator backups and well if those facilities go down, your lan lines wouldn't work anyway and your just screwed no matter what service you use.

Re:I'd like to be able to hear the pin drop first.

[mlynx]

Well, there is one service that doesn't fail. That's HAM radio. Here's an article that excerpts some of the gov't reports from Katrina that illustrate how important the Amateur Radio Service was during a true disaster.

On a closer to home note, our company found out the hard way relying on cell phones doesn't work during an earthquake. All cellular channels were immediately switched to route emergency traffic (police, fire, etc.), our staff emergency personnel were completely cut off (NexTel radios and Verizon cells at the time).

It's never been easier to get a HAM radio license either. The technician license requires an easy 35 question test (no morse requirement). You can get a good 2m radio for about the same price as many of the newer cell phones.

Re:I'd like to be able to hear the pin drop first.

[vertinox]

Well, there is one service that doesn't fail. That's HAM radio. Here's an article that excerpts some of the gov't reports from Katrina [arrl.org] that illustrate how important the Amateur Radio Service was during a true disaster.

I was going to mention HAM radio and CB's :)

You are right, they are pretty much there are the only reliable form of communication when there is a major disaster (as long as you've got a sulf sufficient power supply with and UPS or a power generator).

For other times, I have found a cell phone sufficient in minor situations. (fallen trees or general outages)

Re:I'd like to be able to hear the pin drop first.

[Zondar]

Please don't forget, however... Commercial traffic is strictly prohibited on Amateur Radio. Don't get this for your business. If you want to let your wife know you're OK, or patch through a personal call, that's fine. If you're coordinating your employees to check status on something at work, it's not permitted.

Re:I'd like to be able to hear the pin drop first.

[mlynx]

That's correct. I only mentioned the problems with the company as a real world example of how communications break down in times of emergency. I don't know what the current plan is for disaster communications for the business, but it certainly doesn't involve HAM radio.

Re:I'd like to be able to hear the pin drop first.

[mlynx]

I guess since this is a thread about secure VOIP though, it should be pointed out that HAM radio is not a secure communication channel. It's definitely better than nothing when you need it, but not going to keep a private conversation private.

Re:I'd like to be able to hear the pin drop first.

[einhverfr]

There are several quality issues.

First, the PSTN uses 64kbps, even if the sampling is only over 4khz of spectrum. Thus it is misleading to look at the spectrum when in most cases this is entirely adequate and not where the problem is.

Secondly, VOIP runs over packet networks as a streaming service. Packet networks were never developed with voice traffic in mind, unlike the circuit switched PSTN. This means that network traffic or congestion has different effects in these two networks. With PSTN, you get a message saying that "All circuits are currently busy" while with VOIP, you get jitter on the line as packets get delayed by appreciable yet random fractions of a second. This second problem is not solvable without the development of a fully two-tiered internet (something I don't want to see happen).

Dont get me wrong-- my company offers VOIP solutions and we see it as an important technology. But it is not a replacement for a traditional TDM-based telephone connection.

Re:I'd like to be able to hear the pin drop first.

[Kadin2048]

Glad somebody else mentioned it also.

I'm active in a radio club that's major focus is disaster preparedness and management. We have a 2m repeater with a big diesel generator, a bunch of "go kits," coordination with local PD, FD, and Red Cross. It's interesting to think about what you'd do in a total loss-of-communication situation.

Anyone planning on using their cellphone when the lights go out may be in for a very nasty surprise: one that will come in the form of the 'fast busy' signal because the circuits are swamped, or "No Service" because the same thing that took out your power took out the local cell tower as well.

Although in the latter case (cell phone tower gets taken out) there's no more reason for the local 2m repeater to still be operating, at least you're doubling your chances. Also, a radio repeater doesn't have any backhaul to fail; I'm not sure whether cell towers can operate in a 'grid' mode and route calls from one tower to the other if their connection to the PSTN gets cut off, but I wouldn't want to bet on it.

Re:I'd like to be able to hear the pin drop first.

[h4ck7h3p14n37]

Funny, I've had the exact opposite experience. A good friend of mine is a core engineer for a company doing telephony applications and VOIP; when I call, I always have to ask if he's still on the line because it's completely silent. I've become so accustomed to hearing static in the background of my phone calls that I think I've lost the connection when speaking to him.

Genuine question for the community

What is security? No, really. There are no closed systems: access is fundamental, you could say. Thoughts?
~ kanzure

sure

"But questions about its ... reliability persist."

I'm guessing the blurb isn't refering to Gartner (as it should).

Problme with security today and SIP

[cybernate]

There is a standard on how to encrypt voip already called SRTP, the problme is there is still a lot of debate on how to deal with the key exchange. MIKEY is the latest path, but most CPE vendors see it as overkill and to complex. SNOM and a few others have went with SDP Descriptions, a lightweight method, but requires TLS for signaling. Then you have guys like Sipura/Cisco who come up with a 100% propritary way of doing things that only will work with their devices.

Secure VoIP is easy

[jonwil]

When you make a call to another VoIP user (e.g. vonage to vonage), the entire call would be encrypted end-to-end with keys known only to the clients at either end.
The vonage server in that case would only exist to do call setup, teardown and control etc.
If you are making a call to a PSTN user, its encrypted all the way from you to the PSTN connection link server again with keys known only to both ends.

I am sure there are ways to handle secure key exchange and such to make this actually work (and ways that dont require the user to know anything about how to create keys and other things)
And there are encryption algorithims good enough to use for real-time encryption of compressed voice data.

With this idea, no-one between the 2 points can listen to the phonecall. (other than what can normally be done on the PSTN side of the PSTN linkup if it is a PSTN call)

Re:Secure VoIP is easy

[TheRaven64]

I am sure there are ways to handle secure key exchange and such to make this actually work

Actually, this is a non-trivial problem. I have been looking at this problem from an IM perspective recently, and there are basically two approaches that people are using:

1. Use something like PGP. This requires keys be shared in some secure out-of-band mechanism. Ideally, when someone gave you their business card (or vCard over a secure channel), this would have their public key on it.
2. The other is to use an SSL-like approach. This works quite well with CACert; you meet someone, and they verify that you are you (checking two forms of government-issued ID. In my case, this was a passport and a birth certificate). They then issue you with an SSL certificate, signed by theirs. If you trust the CACert certificate, then you can verify any certificates signed by them easily and use these to establish a secure connection.

Neither of these is idea. PGP-like solutions just push the key exchange problem to someone else, SSL-like ones require the user to get a signed certificate (unsigned ones are subject to man-in-the-middle attacks).

I have some ideas for a good solution to this, but I currently lack the time to fully develop them.

Re:Secure VoIP is easy

[Savantissimo]

When you make a call to another VoIP user (e.g. vonage to vonage), the entire call would be encrypted end-to-end with keys known only to the clients at either end

Won't CALEA prevent VoIP providers from providing truly secure calls? Can you really trust a provider who knows the encryption keys?

no-one between the 2 points can listen to the phonecall. (other than what can normally be done on the PSTN side of the PSTN linkup

In this case the government and the phone company employees can certainly listen in.

Re:Secure VoIP is easy

[caluml]

The way I've seen is let the clients generate and send a public cert, and accept, and then get the users to ask each other what the fingerprint of the key is they are using. If it matches, good. If not, man in the middle.

Re:Secure VoIP is easy

[TheRaven64]

Yes. I've seen this too. It is insecure. Anyone who can sit between the two clients (either of their servers, for example, and anyone on the 20 or so routers that seem to be the average hop length between my client and server) can replace the public key. They can then do a man-in-the-middle attack.

Your second step adds exactly zero security. If someone is performing a man-in-the-middle attack, then they can very easily substitute the fingerprints that each user sends for the one that they will actually see. Both can perform the fingerprint test, see the correct answer, and continue happy in ignorance of the fact that they are being eavesdropped on.

Re:Secure VoIP is easy

[caluml]

No, because the local client prints on the screen the fingerprint of the public key that was sent, and unless the remote talker says that is the public key they received, they hang up, unplug their computers, and drive to the Ukraine.

Re:Secure VoIP is easy

[TheRaven64]

The local client prints the fingerprint of the public key on the screen. It sends the fingerprint to the remote client. Along the way, the attacker substitutes the transmitted fingerprint with the fingerprint of their key. The remote user is then presented with the fingerprint of the key that they have received, and the fingerprint that they have been sent by the other party. Both of these match.

The only way this could be secure is if the correct fingerprint were transmitted out-of-band. If the local user telephoned the remote user, and told them the fingerprint (and the telephone line hadn't been similarly compromised), then the remote user could tell that the fingerprint they had received and the fingerprint they had generated were different, and abort.

Re:Secure VoIP is easy

[caluml]

You don't send the finger print to the other person. You get them to speak to each other, and confirm that way. Regardez:
You connect to me, I supply my public key, you accept, create tunnel with it. (And vice versa.)
Now, your client displays the fingerprint of the public key you received from me, and my client displays the fingerprint of the public key I sent.
I ask you what the fingerprint is (via voice), and you tell me. It should match. Of course, if the MITM could synthesise your voice, and replace your spoken fingerprint with the fingerprint of the substituted one, it wouldn't work. But I think it's OK.
Repeat for the public key you sent me.

Re:Secure VoIP is easy

[TheRaven64]

Okay, I was talking about IM rather than VoIP in my original post. By using voice, you step up the CPU requirements somewhat, but not insurmountably. All voice adds is another obfuscation layer, rather than any real cryptographic strength.

Re:Secure VoIP is easy

[caluml]

Sorry, I didn't notice the IM part in your post - I've just re-read it, and yes, it does say from an IM perspective.

I agree, normally key verification has to talk place outside the main communication band normally otherwise MITM can occur.

PS. I've quoted you on my website.

Re:Secure VoIP is easy

[Sloppy]

Won't CALEA prevent VoIP providers from providing truly secure calls?

The solution to this is to eliminate the whole concept of a "VoIP provider." People merely need a phone and an ISP.

My Problem With VoIP

[IflyRC]

I checked into getting it a year or so ago and just couldn't see the rationality in it. I have a DSL line because I hated my cable company - even to the point of switching to satellite tv.

Granted, I hate the phone company too so I was going to check into a VoIP solution just so I didn't have to pay the phone company "as" much as I currently did. So, the problem is - phone companies do not offer a data only DSL package. To even get DSL you have to have full phone package.

So, my choices...go back to the cable company. Nope!
Add $24.95 a month or so to an existing phone package just so I can run VoIP on my home DSL line. Nope!
Stick with what I have - which is what I did.

Re:My Problem With VoIP

[tylernt]

Not all phone companies in all locations require phone service with DSL. I got naked DSL (no dialtone, no voice service) from Qwest in Idaho. Cheaper than cable, actually.

Re:My Problem With VoIP

[SilverJets]

I guess for you it really comes down to what the savings would be. If you make alot of long distance calls then something like Vonage may save you money in the long run, even if you are paying for basic phone service to get DSL + monthly Vonage costs. Really depends on how big your monthly phone bill is. In my case, paying for basic phone to get DSL + Vonage would still save me money (though right now I get my broadband from my cable company). My girlfriend talks to her parents 3+ hours a night, everyday and they are long distance. I was looking at phone bills upwards of $200 a month until I moved to Vonage.

Re:My Problem With VoIP

[Laura_DilDio]

Isn't it funny how you HATE your phone company, and you HATE your cable company. That attitude seems to be quite common! How did those two industries manage to piss off so many people! (Besides poor customer service, over charging, etc)?

Re:My Problem With VoIP

[einhverfr]

In my case, my phone line to the house is a digital DS-0 over ATM which is multiplexed with my i.nternet connection (1Mb/s symmetric). It uses the county fiberoptical network and allows me to have a choice of ISP's and telecom providers without sacrificing quality or reliability. Oh, an the PUD installs all the converters and battery backups so normal telephones work.

So, move to Wentachee Washington and it will get better. :-)

Impossible.

[avalys]

Secure VoIP is impossible! The person you're talking to will always be able to intercept and listen in on your conversation!

Re:Impossible.

[mwilliamson]

No, what if their blonde?

What are the current problems with VOIP security?

I know that VoiP hacks are the holy grail right now in the script kiddie circles. I'm not aware of any though. It's misleading to suggest that it's "insecure" at the moment. We can bang it up a notch though, TLS all the way through would be a nice plus.

Now the reliability aspect is something else and it does need to be addressed, when people pick up a phone they expect and sometimes depend on it working. When they dial 911, they expect help to get to the right address. The building can be on fire and so long as there is a copper pair, your analog phone might get the job done.

the only secure voice communications system

[wpegden]

given the state of things right now, it seems VoIP has a chance to become the only secure way to talk to someone over distances. If people can use an open source encryption scheme for their VoIP, the NSA will have significantly more trouble butting in on your conversations---even with the help of AT&T.

VoIP Security is more "secure" than pstn

[The_Isle_of_Mark]

At least from a lo-jack point of view. Any fool with a butt set--or single line phone for that matter-- can listen in on your conversations with a pots line. Of course any fool with a sniffer can do the same thing to your VoIP calls, but it requires a little more work than having your home/office address. Your physical address is graciously provided by the phone company in the form of a phonebook along with your POTS line anyway. Security is a myth anyway.

Re:VoIP Security is more "secure" than pstn

[dugjohnson]

It pleases me to know that the person who is listening in on my VOIP call is a more intelligent voyeur (auditeur?) than on my POTS line. They would have to be a fool to find my conversations interesting, but at least a higher grade of fool.

Hmmm

[cyp43r]

Although,admittedly, I don't know much about VOiP, surely monitoring a dedicated landline would be much easier then trying to pick out the signals in the spare network traffic. As pointed out earlier, it is nearly always encrypted...what will happen next? Products to lockdown telephones? I'd like an encrypter on my landline personally.

Re:Hmmm

[Kadin2048]

There are lots of products around which provide secure voice communications over your regular land-line; the weakness of nearly all of them are that it requires both the sender and receiver to have the same model and type of unit, and outside of the government there's not really any standard. (And unfortunately I don't think that they sell STU-IIIs, fun as that would be.) The old Mac-based PGPPhone was a software-based version of a "secure phone," if you had it and the person you were calling also had it, you could have a quite secure communication (of course it basically required a dedicated computer at each end). It was never very popular though, although cryptographically it was nicely done. I'm betting that two old Macs, two headsets and microphones, and two modems is probably the cheapest solution (aside from Skype, if you trust it) for secure voice that you can easily obtain.

I have heard that General Dynamics makes a module for some GSM cellphones called Sectera that gives them encrypted capabilities, but assumedly the recipient of the call also needs to have one, and I don't know whether they sell to the public or not (my feeling is probably not). I'm sure there are companies around that cater to corporate customers desiring secure voice communications, so the technology is undoubtedly out there, if you are willing to pay the right price.

Actually, I may have been wrong about the unavailibility of STU-IIIs; it seems you might be able to get them here, though I can't vouch for it (page looks a little old though).

well...

[ilovegeorgebush]

'tis an interesting read. IMO, we need technologies such as VoIP to help push newer technologies into the mainstream (e.g. faster connections as the norm). Security however, is always going to be a problem when those using the technologies are too ignorant to completely understand its use and flaws.

Gartner.......respected..... in which universe?

"Gartner is now positioning VoIP firmly on its way to the 'plateau of productivity' on its widely-respected technology hype cycle."

Gartner's 'hype' cycle is widely regarded as a joke in my experience. Guess what, the press and marketeers AND Gartner play up new technologies. Guess what, even after the stories stop some of them continue to make lots of money. Gartner reports are just about always *after* the event - and they don't tell you anything about which ideas will succeed and which are just VC fodder. Gartner keeps getting it wrong, even though they are so late - they miss out on the importance of softer issues and overplay potential market sizes, particularly for the benefit of important customers.

If you want to make the right plays and understand where things are headed, you are much better off having good people advising you that you can trust personally and that know the business. Gartner have earnt no credibility amongst real experts.

Better Way

[Metabolife]

A better way to secure it would be to use software like skype which allows users on the same network to talk to each other through their computers instead of through a company which asks for money. Although I don't like skype's business due to their treatment of AMD, they have the biggest name, and biggest chance to penetrate the voip market.

Re:Better Way

[Jonner]

Yeah, asking for money is a sure sign of shady business practices. And with a super-duper proprietary and closed protocol, you know it has to be secure.

Mod Parent Down - 'Mis-Informative'

So, the problem is - phone companies do not offer a data only DSL package. To even get DSL you have to have full phone package.

Dry-loop or naked DSL is available on a wide scale from many providers. Just because your telco sucks doesn't mean everyone's does.

Re:Mod Parent Down - 'Mis-Informative'

[IflyRC]

True, however as the subject of my post was titled "*MY* problem with VoIP" I think you're just restating the obvious.

Re:Mod Parent Down - 'Mis-Informative'

[vertinox]

Have you ever considered Covad or Speakeasy?

They can usually swing you a data only line even if your phone company swears up and down that you can't.

Re:Mod Parent Down - 'Mis-Informative'

[IflyRC]

Yep, tried them both. Speakeasy swore up and down things were great until they realized that I come off of a fiber optic RT that is OWNED by the phone company. Otherwise, I'm too far away from the CO to receive service without going to frac T-1.

VoIP crypto with Diffie-Hellman?

[jkeychan]

Just curious, but if we're talking about key exchanges over an insecure medium, why can't we do a Diffie-Hellman key exchange, similar to what is used for IPSec tunnel negotiation? It seems like VoIP devices could establish tunnels to remote endpoints via GRE and/or IPSec and pass their H.xxx protocol data over that tunnel. Is this not technically possible, or is it possible, just not scalable/cost effective?

Re:VoIP crypto with Diffie-Hellman?

[Waveguide04]

A number of approaches can use DH. http://www3.ietf.org/proceedings/06mar/slides/raia rea-1/raiarea-1.ppt The tunneling aspect is not so straight forward with voip since the signalling and bearer channels are not necessarily going to the same place. Another challenge with VoIP encryption is how to deal with non point-to-point streams, ie. conference calls. The device doing the audio/video bridging needs to maintain key pairs with all connected participants which in itself isnt all that bad, but from a users perspective all you know is that you have a secure session to the bridge, you do not know who else the bridge has sessions with and if it is (intentionaly or not) leaking your audio to someplace it shouldnt be.

Re:VoIP crypto with Diffie-Hellman?

[tradeoph]

Diffie-Hellman does not prevent man-in-the-middle attacks. It just makes sure that only you and the person you ran the Diffie-Hellman key exchange with know the key.

You still need some other mechanism to make sure that you are actually talking directly to the right person and not to some man in the middle.

In IPsec they use either a shared secret, a public key or a certificate to authenticate parties.

already secure?

[supernova87a]

wait, doesn't Skype for example, already encrypt all voice (and even chat)?

Re:already secure?

[DigiShaman]

Yes.

Re:already secure?

that's what they say, but since they don't tell you how, much less provide a means of peer review, it's just snake oil. i use Skype, but i don't trust the encryption; neither should you.

end user: securely call PSTN lines?

[tilminator]

When I was shopping for an end-user VOIP solution to replace telephone services a year ago (a move cause a sharp increase in phone rates), I could find

• lots of encrypted software-to-software solutions,
• a hand full of PSTN gateways (some even claiming to be secure),
• but nothing that would permit me to call PSTN / mobile lines at an acceptable price with real encryption.

In the end, I settled with SkypeOut - though nobody can check how they really encrypt and who as access to the keys.

(Requirements: works from any access point, rates around 2 cent/minute to Europe/USA, runs on OS X (ibook), real encryption computer--gateway, decent quality and reliability)

Do you know of any better solutions?

Re:end user: securely call PSTN lines?

[Kadin2048]

but nothing that would permit me to call PSTN / mobile lines at an acceptable price with real encryption.

Seems like this requirement is the real killer, since it would require the person on the receiving end to have some sort of specialized equipment on their telephone, to decrypt the call. Much like a STU-III or its commercial equivalents.

Unless you meant encryption only while the call was traveling over the packet-switched network, but really what's the point of that? If someone wants to intercept your call, they can just go to wherever the gateway is (or any place on the far side) and do it -- you're just giving yourself a false sense of security at that point, which is worse than nothing in my opinion.

future of VOIP?

[Danga]

Am I the only one that believes there is no future for VOIP how it is currently implemented? If EVERYONE were to suddenly switch over to using it would it completely clog up our internet connections? I admit I know very little about the technology, so I am just curious about it. Unless the service is provided by the companies who own the cables making up the internet then whats to stop them from filtering all VOIP traffic except their own? If it were to cause so much traffic they have to provide the bandwidth for then I think they should be able to only allow people who pay for that extra bandwidth to be allowed to use it on their lines. I don't think it uses very much bandwidth per person but if you get a whole city using VOIP I wonder what the implications would be.

I also don't see how we can ever get completely away from landline phones just for the reliability they provide. I have had my internet service interrupted WAY more often than my phone service and if I need to call 911 I really don't want to have to rely on my internet service provider. In fact I can only remember my phone service being out a maximum of maybe 5 times in my whole life (I am 25), that is not even comparable to how many times I have lost internet service. The same rational goes for businesses. Most businesses rely on phonelines to communicate with customers/coworkers/etc and major problems would occur (such as pissed off customers,lost sales,lost productivity) if there were temporary service losses, even if it is only for a few minutes.

What solutions do they have or are they working on for these issues? Once they have those fixed then I will worry about security of using it.

Re:future of VOIP?

[snoopyowns]

A VoIP call is typically only using 8 KB/s over a WAN connection (Internet). But that depends a lot on the Codec that is being used. So no it will not clog up the lines unless you start having people using a server farm with autodialers to do cold call marketing. As of right now, it would be stupid to not have a Landline for Emergency purposes. While Vonage and other VoIP providers are required to properly handle 911 calls so the 911 center knows exactly where you are calling from, as someone mentioned before, if your power is out, you are out of luck unlike with a Landline where the phone power comes in over the phone line.

Re:future of VOIP?

[gnujoshua]

When businesses switch, the rest will follow. What follows is an idea that I heard from Eben Moglen (http://emoglen.law.columbia.edu/).

It isn't feasible for my grandmother, and everyone else, to switch, but, companies can afford it and they can also afford to pay enought for new routers to be put in and new lines to be built. Once they drop their telephone lines and just have IT staff, the cost isn't much more. Especially if they used a Free Software VOIP system.

Now, once businesses do switch, start switching, then the telephone companies could be in deep trouble. They will have to raise my grandmothers phone bill. If they keep losing companies, the more they will have to raise household homes.

What this could possibly lead to is subsidization. The telephone companies would demand that the government subsidize the cost of household users, because the companies are no longer supporting us.

Well, then comes the choice: do we invest in a larger Internet infrastructure and allow it to be a publicly funded commodity and get people to use VOIP, or do we put public funds in the pockets of the phone companies?

I should disclaim what I said, and state that I may have distorted some of Eben's original statements, as I don't have a great memory :-)

Voip is HUGE and these are very minor hangups

[Tepshen]

Alot of the issues mentioned in this article are worked out for everyday use. I work for a company that bids on and installs VOIP systems for large business's and the reason its getting so big is that switching from a legacy system to a VOIP system nearly PROMISES a 20% reduction in communication costs. We put together a package for FSU that saved them about 40-50% over the system they had been using. the biggest problem the VOIP market faces these days is disbelief from controllers regarding the potential savings. they just dont think its possible.

Re:Voip is HUGE and these are very minor hangups

[DarkShadeChaos]

Funny... I support a large mortgage company who uses VoIP which would work out well except there are constant issues with voice quality, call drops, and seemingly impossible issues. And all of our equipment is Cisco (phones, routers w/ prioritization). I think my issue and probably others as well that would lead to a hestitancy to adopt is the support! What happens when all your phones go down? Unless you manage all of it yourself (and believe me - you won't in a large company), you better hope your Service contract is very nice.

Re:Voip is HUGE and these are very minor hangups

[Tepshen]

It sounds like your problem is the company you went with. Its like anything else you buy theres a good way and a bad way. If your getting locked into proprietary hardware, service contracts, and crap service the fault doesnt lie with the technology it falls on the crap company thats roped you into that bad deal. Here is some advice on how to switch to VOIP and its something my company does with all our clients: get a free assesment to evaluate the quality and service of said company, Make sure that they use OPEN SOURCE hardware this way if you dont like working with them you wont have to buy all new equipment to switch, and DO NOT sign up for multiple year contracts. once you sign them your screwed because they dont have to worry about you quiting thier service. all this BS about saving money with multi year deals is BS because VOIP doesnt work like that(meaning the cost of implementation is the same in year one as year three) if they wont let you take it monthly then its not worth your time working with them because they dont care if your satisfied. stick with those tips and that should help once your deal is up with the guys your currently with.

Re:Voip is HUGE and these are very minor hangups

[Rekolitus]

I don't know any company (not just VoIP hardware) that open sources their hardware (firmware/driver wise).

It's only necessary to get hardware which supports open standards like SIP or H.323. These are different things, but I consider open standards to be a hundred times more important.

Internet has QoS issues for telephony

voip call quality depends on realtime guarantees of the network you're running on, you use large buffers and hope the packets arrive in time.
Mobile drop packets due to interference/bad signal and drop calls for the same reason. This can be fixed by improving coverage.

The big difference is that on a mobile phone there have (and rely on) realtime network guarantees, but there aren't in the internet 'per se', therefore it's always going to be a problem, at least in theory.

Vocal quality depends on how much compression you're using, so over time that should get better.

New NSA guide for securing VOIP

[gruntled]

http://www.nsa.gov/snac/downloads_voip.cfm?MenuID= scg10.3.1

Re:New NSA guide for securing VOIP

[hclyff]

Carefully there! Every vigilant slashdotter knows that the NSA is conspiracing with Microsoft, AT&T and the aliens to wiretap your calls. They are probably using this link to keep track of everyone who has something to "hide"...

Not a single chance

[Opportunist]

As soon as it's secure against tapping, we'll be facing a law that makes it illegal to enable uninterceptable VoIP communication.

Terror or child porn, pick your reason.

Monkeywrench CALEA! Whoop!

[mwilliamson]

I wonder how the same folks that are behind CALEA are going to respond to widespread secure VoIP. Will it be clipper-chip revisited with all other crypto outlawed? Why should I care...I'm probably already marked as a "person of interest" because I have unlicenced mp3s, run mplayer on linux to watch encrypted DVDs, love bittorrent and seriously question Bush's I.Q. Maybe this explains all those extra searches at the airport... (j/k, but after this post, who knows...)

I use it with a wireless broadband.

We have gotten rid of the phone and cable company. It has saved us lots of money.

Not to mention the time of not having to deal with crappy customer service.

disbelief

[Ivan+Matveitch]

secure voip will forever be but a dream of young idealists

much like building that big shell around the sun. obviously impossible

Skype is not the answer

Every time there's a conversation about VoIP, some Skypehead butts in thinking they're onto something great. Skype is a closed system and the ultimate solution to VoIP won't be.

Skype is like buying a phone at Radio Shack that can only call other phones that came from the same store.

Oh for crying out loud.

[rantingkitten]

I am the technical director for a small voip provider, and I can't tell you how many times a day we get asked "how secure is it?"

Really, I want to answer: "Who cares? Do you ask 'how secure is it' to Bell? No, you just get a phone line from them and stop worrying about it."

In fact, any schmuck can splice wires into a physical landline. My friend and I used to do it all the time to hassle my sister, and this was when we were 10. If a couple of ten year olds can monitor phone calls by sticking wires into the box which is secured with a single screw and easy to walk right up to, then it's not very secure.

Monitoring an RTP stream on the other hand would require some administrative level access to routers on the network, or owning a switch upstream, or spoofing MAC addresses locally, or other technical jiggery. It's not easy. Most of it requires physical access to the network at some point or another, and to say that it's therefore not secure is like saying your phone isn't secure because your mother might pick up the upstairs phone while you're talking. Oh noes!

All this blather about "encryption" is just that -- blather. Until Ma Bell starts encrypting copper line calls, I really don't see what the big deal is.

Re:Oh for crying out loud.

- phone company is a single provider / voip may be routed across 1 or many untrustworthy changing routes.

- it is easier to get caught physically sticking a box on the cables running into an office building compared to mr shady tech with router access somewhere along the line.

- If anyone spots physical evidence you can bet there will will be an enquiry with the full weight of the phone company behind it. - Do you have similar resources?

- would it kill you to offer a vpn connection into ur network?

Re:Oh for crying out loud.

[swv3752]

Well, of course, but it is one area where VOIP can easily beat the Bells. Have the customer setup public private keys, which could be as simple as create the private key during install and upload the public key to VOIP main server and with enough CPU power, the encryption decryption should be seamless.

What type of security?

[mla_anderson]

It's interesting to see that most people when talking about VoIP security are looking for stream encryption. In my opinion encrypting the voice stream is nearly meaningless until the entire worldwide system is VoIP with the possibility of encrypted voice streams. If your call is connected to or through the PSTN at any point it can be listened to with ease.

The focus of security should be in the setup of a call. If it is difficult to spoof a phone device and place calls on someone else's dime the system becomes more secure than the PSTN. If you are having difficulty selling your PHB on VoIP based soley on the perceived lack of security walk him through the abysmal state of security for the PSTN.

VoIP needs work in security but the primary focus should be in call setup and management.

Gartner Hasn't Seen OpenSER

[mpapet]

As someone that has implemented an Openser server I can tell you it's easy. Very easy.

While I do not have encryption enabled, it's certainly less difficult than learning how to manipulate openser.cfg.

I guess it goes to show you that Gartner only listens to IPO-bound companies blowing smoke up their rear-ends at lunches/dinners.

Also:
For every person that thinks skype is somehow secure, no one knows because the encryption system is not availble for review.

How many times can the average american be screwed by corporations before "Trust us" fails?

Multiple stories in the last few weeks point out that some IP traffic is being passed right through the U.S. Gov's watchful eyes. Corporations gladly cooperate. Why would Skype (ebay) and the telco's defy the hand that subsidizes them?

Do the editors not even RTFA anymore!?

[Decius6i5]

This article is terrible! Its complete gobbledygook. The author has no idea what he is talking about. Consider this:

Anti-virus solutions will also be required, and these must be designed to ensure that excessive delay in telephony packets transiting the network is not introduced.

Thats Intrusion Prevention not Anti-Virus. Does he even understand what those words mean?

Phishing attacks on VoIP networks involve attackers faking the number of the phone they are using, making it look as though a legitimate organisation is making the call... However, anti-spoofing packet filters in the network will help prevent hackers or spammers hiding behind acceptable addresses.

NO! Anti-spoofing packet filters do NOT prevent caller ID spoofing in VoIP protocols. They have absolutely nothing to do with Voice over IP!

Its unethical for people who don't understand computer security to offer computer security advice. As for the Slashdot Editors, there are so many more important things they could have covered today, such as the attempt in Georgia to imprison people for performing computer forensics without a private investigator's license. (Its also unethical for people who don't understand computer security to attempt to use legislation to corner the market on it.)

Just be glad that H.235 died

[vinn01]

H.235 was a good VoIP encryption standard - good for the large service providers who wrote the standard.

VPN, SSL, and other open transportation security layers are a much better choice.

But there are a lot of folks out there who do not encrypt VoIP at all. The future will include a few scandals about personal/company/government VoIP phone calls that were monitored, recorded, and posted on the Internet.

Re:Just be glad that H.235 died

[waferhead]

Speaking as a VoIP newbie...

Commercial VoIP terminations (like the ones Vonage et al ship) run either Linux or VXWorks, or something similar, don't they?

What's the downside of simply using OpenSSH tunnelling between the terminating devices?
(assuming the compression/decompression is also done at the ends)

The key exchange is already handled, BSD licsense etc...

Yeah right. :P

[rantingkitten]

Look, this could change in the future, but as it stands now, my users are freaking morons. One of them swore up and down that her email address didn't have an @. Another couldn't find her start menu (no, it wasn't hidden or anything like that). I've got a guy who configured his extension to forward to itself and doesn't understand why it doesn't work. I've been working with another idiot that wanted me to, quote, "put the address on the internet".

Now you want them to create sets of keys and upload them somewhere. It's not going to happen. No matter how user-friendly the system is, there is no way in Hell these people are going to be capable of it. They barely even know what encryption is. The only reason they ask is so they can hear themselves talk.

I say forget it. Voip is as secure as it needs to be, which is "not very", which is as secure as phones have always been.

Government Snooping?

[h4ck7h3p14n37]

How can we secure VOIP communications when the FCC can mandate that providers allow conversations to be snooped on by law enforcement officials?

Re:Government Snooping?

[snabdangler]

http://news.com.com/FCC+approves+Net-wiretapping+t axes/2100-1028_3-6067971.html?tag=nefd.lede They just did!

Re:Government Snooping?

[Sloppy]

By not having a "provider." Go ahead and let them regulate "providers." Meanwhile, you and I will be having a conversation that is encrypted and decrypted only at the endpoints.

News Flash!

[Tempest451]

Military VOiP is already secure! That is all.

Out of band key exchange is ok

[Sloppy]

This requires keys be shared in some secure out-of-band mechanism.

One thing to keep in mind: In many cases (ok, not all cases, but many) out-of-band key exchange is actually pretty reasonable. I don't know about you, but a lot of the people that I talk to on the phone, are people I have met in real life.

And the amount of info that could be exchanged is staggering; you could exchange gigabytes of OTP instead of merely cipher keys. Your phone has a microphone, a radio receiver, and many have a CCD. There's so many ways to get environmental noise into the device, that generating OTPs would be easy. Then when you meet someone in person, just put the phones on the table and let 'em exchange this stuff through some kind of low-powered IR link. Store the OTP on a barely-futuristic lightweight hard drive.

Obligatory Ali G.

[Valdrax]

What is security? No, really. There are no closed systems: access is fundamental, you could say. Thoughts?

Security, techmology... What's it all about? Is it good or is it whack?

Congratz :)

You've also illustrated why DRM is stupid & unworkable :)

Captcha: slogan

"news" sites that use google adsense

[zIRtrON]

"News" sites that use google adsense don't hold much cred in my eyes. It leaves the academia-style philosophy of knowledge acquisition and goes to buzz word bingo style eye-ball reporting.

Could the editors use their influence in a way to make more valuable and valid stories easily accessible for the open source crowd. All the time wasted on meaningless jibberish slows us down as a whole. We're only given 24 hours in a day, and I'd like to get out and about as much as possible.