Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure VoIP, an Achievable Goal

Posted by ryuzaki0 on from the see-also-zfone dept.

An anonymous reader writes "ITO is running a comprehensive article on VoIP security issues and how one can protect against them: "VoIP creates new ways of delivering fully-featured phone services that promise big cost savings and open the way for a whole new range of multimedia communication services. After years of 'will it, won't it' speculation and unfulfilled predictions of universal adoption, Gartner is now positioning VoIP firmly on its way to the 'plateau of productivity' on its widely-respected technology hype cycle. But questions about its security and reliability persist.""

7 of 103 comments (clear)

  1. It Sure Is by eldavojohn · · Score: 4, Informative

    See Zfone.

    --
    My work here is dung.
    1. Re:It Sure Is by Kadin2048 · · Score: 2, Informative

      Could you explain why this is so?

      I've read the FAQ and I don't think this is the case. ZPhone gives you an authentication string that you read to the person on the other end of the line, and they read (theirs) to you, so you can be sure that the node that your computer is connected to is the same one that the person at the other end of the call is sitting in front of. This seems to prevent most passive MiTM attacks that would insert a server somewhere into the middle of the connection that decrypted your side of the call and then re-encrypted it and sent it along to the person you wanted to talk to.

      It of course doesn't guarantee that the person on the other end of the phone is the person you want to talk to -- but that's no more or less secure than any other telephone conversation, and really not much less secure than talking in person to a stranger you're unfamilar with. The authentication is to the phone, not to the person.

      I don't really see the implementation as flawed for this. It seems significantly better than Skype, and as good as anything else that civilians have access to right now.

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  2. I'd like to be able to hear the pin drop first. by bepolite · · Score: 4, Informative

    I still think VOIP has a long way to achieve the same level of audio quality you get on a regular land line phone. I use VOIP at home and at work (2 different VOIP providers and 2 different ISP's) and both myself and the people I call can tell the difference. I love the features and I want them to keep coming, but I'd like to see the audio quality improve too!

    --
    Always be polite.
    1. Re:I'd like to be able to hear the pin drop first. by cybernate · · Score: 5, Informative

      Ah, yes the quality issue. It drives me crazy that when VoIP providers (yes, as Co-Founder of BroadVoice I was one of them) try to build services the benchmark is PSTN. They use CODECs such as G.711 and G.729 that are almost as old as I am. Believe it or not, DSP power has increased in the last 20 years, Next gen CODECs such as SPEEX can deliver great quality at low bit rates and was designed for packet networks. One other big issue is that PSTN is only about 4 kHz of bandwidth, when you take the guardbands out it is more like 400 - 3600 kHz. SPEEX, AMR-WB and others support 16 or even 32 kHz of voice bandwidth. The problme is a chicken and egg issue. CPE guys don't want to support it because there is nothing to terminate to. ALl the major VoIP guys use people like Global Crossing, BroadWing, XO, for SIP origination/termination and they use SONUS or other TGs that only G.711 or a few other CODECs. The real solution is for VoIP providers to support transcoding at the edge. That way you can use next gen CODECs on the last mile and then hand of G.711 to orig/term providers.

      --
      > Nathan Stratton nathan at robotics.net http://www.robotics.net
  3. Problme with security today and SIP by cybernate · · Score: 5, Informative

    There is a standard on how to encrypt voip already called SRTP, the problme is there is still a lot of debate on how to deal with the key exchange. MIKEY is the latest path, but most CPE vendors see it as overkill and to complex. SNOM and a few others have went with SDP Descriptions, a lightweight method, but requires TLS for signaling. Then you have guys like Sipura/Cisco who come up with a 100% propritary way of doing things that only will work with their devices.

    --
    > Nathan Stratton nathan at robotics.net http://www.robotics.net
  4. New NSA guide for securing VOIP by gruntled · · Score: 4, Informative

    http://www.nsa.gov/snac/downloads_voip.cfm?MenuID= scg10.3.1

  5. Re:VoIP crypto with Diffie-Hellman? by tradeoph · · Score: 2, Informative

    Diffie-Hellman does not prevent man-in-the-middle attacks. It just makes sure that only you and the person you ran the Diffie-Hellman key exchange with know the key.

    You still need some other mechanism to make sure that you are actually talking directly to the right person and not to some man in the middle.

    In IPsec they use either a shared secret, a public key or a certificate to authenticate parties.