Providing true end-to-end security in converged voice over IP infrastructures

Voice over Internet Protocol (VoIP) is the future for voice communication and, by using a unique IP infrastructure as the common transport platform, it brings invaluable benefits such as deployment cost reduction, ease of management, ubiquitous coverage and convergence of data and voice together. On the other side, VoIP introduces new security vulnerabilities, since it comes with completely different operational and security settings than the old telephone network: the physical location of clients is not fixed and great flexibility is required to provide enhanced mobile services. Furthermore, the integration with wireless LANs, with their inherent security weaknesses, introduces the need of new security features: the payloads of voice packets should be protected during conversations and no-replay as well as user authentication must be ensured on and end-to-end basis. The above concerns are actually the major barrier that may prevent the wide deployment of VoIP technologies, and coping with them is a truly challenging task. Consequently, we developed a novel hybrid framework for enhanced end-to-end security in the new generation SIP-empowered VoIP environments, based on the introduction of proven technologies such as digital signatures and efficient streamline encryption to enforce calling party identification, privacy, no-replay and non-repudiation throughout the whole IP Telephony system. All the security mechanisms used have been carefully chosen so that no systematic method is known to break the framework in realistic times and the overall voice quality will not be affected.

[1]  Eric Rescorla,et al.  Datagram Transport Layer Security , 2006, RFC.

[2]  Jiun-In Guo,et al.  New voice over Internet protocol technique with hierarchical data security protection , 2002 .

[3]  Min Wang,et al.  How Well Are High-End DSPs Suited for the AES Algorithms? AES Algorithms on the TMS320C6x DSP , 2000, AES Candidate Conference.

[4]  Eric Rescorla,et al.  Framework for Establishing an SRTP Security Context using DTLS , 2010 .

[5]  Mats Näslund,et al.  The Secure Real-time Transport Protocol (SRTP) , 2004, RFC.

[6]  W. Bastiaan Kleijn,et al.  Internet Low Bit Rate Codec (iLBC) , 2004, RFC.

[7]  J. Linn Trust Models and Management in Public-Key Infrastructures , 2000 .

[8]  Geoffrey Keating Performance Analysis of AES candidates on the 6805 CPU core , 1999 .

[9]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[10]  Sandy Murphy,et al.  Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted , 1995, RFC.

[11]  Blake Ramsdell,et al.  S/MIME Version 3 Message Specification , 1999, RFC.

[12]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[13]  Kai Fischer End-to-End Security for DTLS-SRTP , 2008 .

[14]  Charles V. Wright,et al.  Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? , 2007, USENIX Security Symposium.

[15]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[16]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[17]  Bruce Schneier,et al.  A Performance Comparison of the Five AES Finalists , 2000, AES Candidate Conference.

[18]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[19]  R. Perlman,et al.  An overview of PKI trust models , 1999, IEEE Netw..

[20]  Søren Vang Andersen,et al.  Real-time Transport Protocol (RTP) Payload Format for internet Low Bit Rate Codec (iLBC) Speech , 2004, RFC.

[21]  Mark Handley,et al.  SDP: Session Description Protocol , 1998, RFC.

[22]  Jim Mullin,et al.  New techniques for assessing audio and video quality in real-time interactive communications , 2002 .

[23]  Richard Weiss,et al.  A Comparison of AES Candidates on the Alpha 21264 , 2000, AES Candidate Conference.

[24]  Jon Peterson,et al.  Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP) , 2006, RFC.