secureVOIP

The two key elements of encrypting VOIP are encrypting the voice data and key exchange.

Encrypting Voice Data

Voice data can be encrypted with SRTP.

Key Exchange

ZRTP

ZRTP was designed by Phil Zimmermann specifically for VOIP. The design is quite different from other key-exchange methods, as it does not depend on a key server and can interoperate with non-encrypted VOIP clients. Broadly speaking, the key exchange involves each party reading out one word and having the other party read another. Once the key exchange is complete, the client will use SRTP to encrypt the data. This can be implemented with the Gnu ZRTP library. A large amount of information on ZRTP/SRTP can be found on the Jitsi ZRTP FAQ. The RFC for ZRTP is here and the XEP for RTP in Jingle sessions is here.

Support for Encrypted VOIP in Ubuntu

Free Software

While key exchange and encryption are ideologically quite different, they are nearly always implemented together. In an ideal world, all of the SIP clients would support ZRTP/SRTP, as it can be added into these applications on top of existing RTP support. All SIP clients are therefore listed below, with links to their current Secure VOIP status.

Application

SRTP/ZRTP in SIP?

Bug/Status

SRTP/ZRTP in XMPP?

Bug/Status

Ekiga

No

335594

N/A

Empathy

No

589778, 22952

No

Twinkle

Yes

N/A

SFLphone

Yes

N/A

Jitsi (was SIP Communicator)

Yes

Not yet in Ubuntu

Yes

Non-Free Software

  • Zfone (currently in Beta). This takes a "bump in the wire" approach and, instead of being a VOIP client itself, it will encrypt calls made on other compatible VOIP clients.

  • Skype offers proprietary encryption which--because of this--can not be called secure but may increase the security against low-skilled attackers.

Draft Feature Request

The draft text for a feature request follows: 

Hello,

Please integrate support for ZRTP/SRTP into [application] for secure VOIP calls. 

ZRTP is a simple peer-to-peer key exchange protocol (designed by Phil Zimmermann) that can be easily added into existing SIP/RTP applications. This can be implemented with the Gnu ZRTP library (http://www.gnutelephony.org/index.php/GNU_ZRTP).

There is more information (along with links to other applications that have implemented ZRTP/SRTP at https://wiki.ubuntu.com/secureVOIP.

secureVOIP (last edited 2012-01-22 06:25:37 by aaron-whitehouse)