login | register
Wed 20 of Aug, 2008 [13:42 UTC]

voip-info.org

History

Asterisk encryption

Created by: JustRumours,Last modification on Sun 10 of Aug, 2008 [16:01 UTC]

Asterisk encryption

Page Contents


As of now (Jul 2008) Asterisk does not come with released support for voice encryption. There is be basic encryption support for IAX, but this is hardly documented and has not been put under scrutiny by security experts. (Regrettably, a message that raised some issues about the security of the session key derivation method has not yet received any reply). Therefore the typical method for media path encryption is to use a VPN. Note that SSH tunneling is not a viable method for VoIP media path encryption.

The BSI (German national office for IT security) clearly recommends to a) separate voice and data IP networks and b) has a preference for TLS and SRTP over IPsec. Covert use of built-in microphones of hard- or softphones presents one of the many dangers.

Question: With the missing TLS support in Asterisk could we work around by using OpenSER with TLS in front of Asterisk, and then let Asterisk handle SRTP? Will that influence SIP clients behind NAT that need either the SER NAT helper or nat=yes in Asterisk?

Asterisk channel configuration





VoIP hard- and software with encryption features

Phones

Hardware

  • Grandstream phones: SRTP and TLS (not on all products/firmware releases); key exchange method is sdescription at least for GXP-2000 (no TLS support in this ones' firmware as of 2007-05-09); for the BT-200 Grandstream now lists ZRTP as a future feature (but don't hold your breath, it might still takes months or years).
  • Snom phones and Asterisk phone snom: SRTP, TLS (SIPS), AES - see posting in TLS phone configuration (in German). snom190 and snom3XX use different incompatible encryption methods. snom190: RFC3261, k header; snom360: RFC3711 SRTP ecncryption algorithm AES. AES is implemeted via sDescriptions as described in this document. The SNOM Wiki also has a few SIP traces. The SNOM 370 has a special firmware version available with OpenVPN support, released in July 2008 after more than 1 year of beta status.
  • Zultys phones: SRTP, AES, VPN client
  • LevelOne: VOI-7010 with VPN PTPN client
  • Linksys and former Sipura phones: See also this posting: "If you have access to their support web site, there were some documents that explain how to generate a certificate. However, once the certificate is generated (which I did on a FC3 stock box), one needed to send the certificate to Sipura for signing. When I asked where to send it, I was told to contact sales. I have not done that yet, but apparently there must be a charge to have that done since the support folks were referring me to sales." ... "Sipura uses a public key method. To enable a secure call, both devices need to be configured with a certificate signed by the same 'miniCA', and the key negotiation is sent in proprietary SIP INFO messages." ... "The mini certificate contains a 512-bit RSA modulus (n) as the Public Key, and a 1024-bit RSA modulus (n) is appended as the Public Key of the signing "CA". Both have a public exponent (e) of 0x10001 (65537). The Signature is a SHA1 message digest of the User Name, User ID, Expiration Date and Public Key padded with PKCS1 padding and encrypted with the private key of the "CA"."
  • Innovaphone: H.323/ISDN phone IP202 with integrated VPN client (IP400 also with SIP, but VPN?)a, phone IP110 (former Swissvoice ip10) with PPTP (point to point tunnelling protocol) and MPPE (Microsoft point to point encryption)
  • Azatel: details not specified
  • AVM Fritz!Box WLAN 7170 now has an experimental firmware with SRTP and TLS support (March 2007)
  • CrypTone: IPSec 3DES encryption (VPN), SIP
  • Some Netgear ATAs also support SRTP & TLS

Software

  • minisip: With SRTP and MIKEY (but no sdescriptions); developed at KTH university, Stockholm; Linux only
  • Twinkle: With ZRTP and SRTP support (Twinkle is a SIP client for Linux only)
  • WengoPhone 2.1: Comes with SRTP support (AES128 encryption algorithm)
  • Phoner lite softphone (using libSRTP and osip, but so far no TLS for securing the key exchange)
  • Snom softphone: Freely available for download, good for testing, simulates the SNOM 360; requires Win 2k/XP
  • Zultys softphone (Linux): Does the LIPZ4 support voice encryption? Not on the free version. Zultys will soon offer a paid license for enabling encryption that uses Secure RTP and AES encryption to transport voice traffic in a secure manner. You will be able to engage this function before or during a call by pressing the Encrypt button on the phone.
  • Counterpath's EyeBeam has SRTP and TLS support
  • Microsoft LCS Office Communicator: SRTP and TLS
  • KPhone: SRTP only
  • TelTel for Windows: SRTP and TLS
  • Zoiper Biz edition comes with SRTP and TLS (but not the free edition); mayb (?) also IAX encryption is supported

Cards


PBX with voice encryption

  • FreeSwitch has support for SRTP and TLS (using SDES)
  • Sirrix PBX
  • pbxnsip: The PBX supports security by using sips/tls and srtp (via SDES). Was part of SNOM until 2005.
  • All Zultys voice systems
  • Mitel
  • Cisco
  • Avaya

Firewalls & Gateways

  • The OpenSER SIP proxy comes with TLS support
  • AudioCodes gateways (or just ATA?)
  • Ingate firewalls
  • IAX_OpenVPN IAX2 over OpenVPN
  • Intertex is just about to release a new product revision with SRTP support (March 2007)

Ingate

Ingate Systems have recently implemented support in their SIP-aware firewalls for transcoding SIP calls between SRTP (negotiated via sdescriptions) and plain RTP, and they would like to do some interop testing:
"We have now concluded successful interop testing between a Snom 360 phone and an Ingate Firewall 1400. We ran SRTP over the internet. The Ingate Firewall transcoded it to unencrypted RTP and sent it to a Cisco 7960 phone (that, to my knowledge, don't support SRTP)."
The 1400 comes standard with a SIP proxy and a SIP registrar, support for NAT and PAT and TLS support for encrypted SIP signalling; for 10 - 1000 SIP users.





SIP providers & carriers

  • dus.net offers SRTP since Feb. 2007 (Germany, Duesseldorf)

Admin & attacker tools


Background

As of today (April 2007) almost everything is there and standardized for secure SIP calls, except for a - widely adopted - key exchange mechanism. MiKey is quite secure (end-to-end capable) but complicated due to the need for certificates, whereas sDescriptions (plain text key exchange via SIP Session Description) is probably the most wide-spread implementation, yet it is less insecure and requires TLS for enhanced security.

ZRTP has the potential to address all this and solve the situation, however hardware vendors would need to purchase ZRTP licenses and might be afraid of the relatively high burdens on their not-so-strong CPUs. ZRTP makes use of the Diffie-Hellmann mechanism that allows for a secure key exchange over insecure channels. At the IETF meeting in March 2007 ZRTP was intensively discussed, see also RTPSEC mailing list, with the result being that DTLS (TLS over UDP) was slightly favoured over ZRTP, whereas MIKEYv2 received very little support. As of now only Zfone and Twinkle implement ZRTP: Twinkle is a SIP client for Linux, whereas the open sourced Zfone (available for Windows, Linux, Mac) can add ZRTP encryption in front of any existing SIP softphone. Note that Counterpath, the makers of eyebeam and x-lite, have agreed to include ZRTP in their products.

One needs to clearly distinguish between endpoint-to-endpoint encryption and server-to-server encryption (aka hop-by-hop encryption). The ''sDescriptions", method, even if coupled with TLS, allows any SIP server that is in the signalling path to see the master key in plain text (but not the session key). However, using that master key to deduct the session key is not a simple undertaking, which means that SRTP does come with a lot of added value even if not coupled with TLS (which in turn requires SIP-over-TCP support, yet very few SIP clients have that).

In addtion to the media stream (RTP, voice) also the signalling itself (SIP) can/should be encrypted because it carries valuable information like "who talked to whom, and for how long". TLS and SIPS are the established means for signalling encryption.

SRTP without TLS/SIPS:
Taken from the SNOM FAQ: "Technically speaking SRTP doesn't make sense without having a TLS based signalling connection. However, the media is still secure even if SRTP is used without TLS. The master key sent in the INVITE is not used as such but is instead used to generate the actual SRTP encryption keys via AES. These keys are then used to encrypt the RTP. For a completely secure call, SRTP can be used in conjunction with a TLS signalling connection."

Question: So does SRTP without TLS or SIPS prevent the successfull use of e.g. 'vomit'?

Tentative answer: it depends on how smart the eavesdropping application is. If the master key is successfully eavesdropped, obtaining session keys is trivial; but if only the SRTP flow is sniffed, then the communication is secure.
Secure key management methods that don't use TLS do exist, but they may not be supported by the SIP standard. Unfortunately, being SIP the extensible monster it has become, it's hard to track just what is supported... The section 23 of RFC3261 suggests the use of S/MIME (eek!), and RFC3830 a method called MIKEY based on one of the three classic techniques: preshared secret, public-key encryption or Diffie-Hellman.
The adoption of such methods is not widespread, but Minisip contains a GPL'd MIKEY library.


Articles


See also


Go back to Asterisk


Comments

Comments Filter
222

333VPN and VGCP -- for VoIP Blocking Issue

by jenniferhan, Wednesday 17 of October, 2007 [02:53:56 UTC]
As VoIP business users in Dubai are being blocked. Many users are turning to VPN solutions to allow the ability to use VoIP and get around the current blocking issue. This however is an expensive and unnecessary solution with SpeedVoIP Technology. To resolve this situation, SpeedVoIP has released it's new solution for Voip Blocking called VGCP (VoiceGuard Control Protocol).

In today’s market, VoIP for business has become more and more popular and necessary than ever before.

Dubai has become a big market, many big companies need to open branch offices in the UAE allowing more profit and larger market access. Technology Issues become apparent during this process that can cripple communications for that company. The primary communications issues are with VOIP blocking policies implemented in Dubai.

Now, here is the good news, A Canada based company SpeedVoIP with their integral R&D team have work out a new way to solve this VoIP blocking issue. This new system VGCP (VoiceGuard@ Control Protocol) has now laid the path to streamline low cost telephony solutions removing country limitations.

VGCP is a proprietary layer 2 link protocol working at between IP stack and NIC driver for VoIP anti-blocking. The core patent-pending VGCP is industry's most state-of-art voice service provider class security protocol whose scalability and flexibility results in not to compromise voice quality and overhead. VGCP controls and monitors full voice signalling and media flow intelligently, meanwhile disguises sip and RTP packets into normal allowed data packets such as DNS and TFTP, and makes two-way encryption and decryption driven by user-customized policy. VGCP is fully transparent to upper SIP proxy or UA which means VoiceGuard@ can work with any 3rd party soft phone/ATA/Gateway/IP Phone/IADs and SIP Proxy or Server not like some competitors which take effect on their own device and soft switch.

Korea Telecom has implemented this solution successfully for more than one year. And it has been operational within a group of Dubai companies. The trials and implementations proves that, The VGCP solution is the best solution to solve the VoIP Blocking issue and provides stable communications platforms providing an indispensable part of the business network.

Andy Wong ~ ~
MSN: andywong-01@hotmail.com
Email: xd.wong@speed-voip.com
www.speed-voip.com