wg-voip - Re: SecurityFocus: FBI seeks Internet telephony surveillance
List archive
- From: Tsegreda Beyene <>
- To: Andrew Rutherford <>, VoIP Working Group <>
- Subject: Re: SecurityFocus: FBI seeks Internet telephony surveillance
- Date: Mon, 07 Apr 2003 20:01:22 -0500
Hi,
Just wanted to drop this and let everyone know where Cisco is wrt IPT
security
In summary, Cisco is aligned with IETF standards track SRTP (Secure RTP) as the mechanism to encrypt voice traffic- NOT using IPSEC in general. IPSEC may be used in conjunction with SRTP (e.g. all traffic from a remote VPN site uses an IPSEC tunnel, and voice traffic happens to also be encrypted using SRTP).
Here is the SRTP drafts (in the AVT working group of Transport Area).
http://www.ietf.org/internet-drafts/draft-ietf-avt-srtp-05.txt
Thanks.
Best Regards,
Tsege
At 11:31 AM 4/1/2003 +0930, Andrew Rutherford wrote:
At 8:41 PM -0500 31/3/03,
wrote:
It sounds like both FEC and encryption are far too uncommon in the voip
world.
I've seen one physical SIP phone vendor (using a modified linphone for software) work around "encryption being too expensive for my cut-down hardware" as follows:
- Send some random data in the SIP Invite.
- Construct and MD5 hash of the random data and a shared password.
- Use a compressed codec and XOR the voice payload only with the MD5 hash.
Very little computation, and with a compressed codec it's a little bit harder to figure out what the key is. Not recommended for anything serious, though.
The real problem is a lack of agreement as to exactly how VoIP should be encrypted. The obvious answer is IPsec - which works well, but doubles the bandwidth required. Lots of little voice packets which already have their size doubled or more from IP, UDP, and RTP headers then having IPsec and another IP header thrown on the front can get an 8k codec up to around 50k, depending on the number of packets per second.
There are a number of suggestions relating to encrypting only the payload, and so not increasing the size of the packet much beyond what it is now, but the combination of real-time requirements and packet loss issues don't make this as trivial as it might appear at first.
---------------------------------------------------------------wg-voip-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
---------------------------------------------------------------wg-voip--
- Re: SecurityFocus: FBI seeks Internet telephony surveillance, Andrew Rutherford, 03/31/2003
- Message not available
- Re: SecurityFocus: FBI seeks Internet telephony surveillance, Jon Zeeff, 04/01/2003
- Message not available
- Re: SecurityFocus: FBI seeks Internet telephony surveillance, Ben Teitelbaum, 04/04/2003
- Re: SecurityFocus: FBI seeks Internet telephony surveillance, Tyler Miller Johnson, 04/04/2003
- Encrypted Voice, Ben Teitelbaum, 04/07/2003
- Re: Encrypted Voice, john p. streck, 04/07/2003
- Encrypted Voice, Ben Teitelbaum, 04/07/2003
- Re: SecurityFocus: FBI seeks Internet telephony surveillance, Tyler Miller Johnson, 04/04/2003
- Re: SecurityFocus: FBI seeks Internet telephony surveillance, Ben Teitelbaum, 04/04/2003
- Re: SecurityFocus: FBI seeks Internet telephony surveillance, Tsegreda Beyene, 04/07/2003
- Message not available
Archive powered by MHonArc 2.6.16.