In Part 1 of this opus, I (hopefully) painted a scary picture of how easy it is to eavesdrop on
VoIP traffic. So what can you to protect your own VoIP traffic? Let’s take a
look at some of your options.
Skype is famous for its excellent call quality and reliability. Its call security
is pretty good, and is used on all Skype services—VoIP calls, text chat,
and video and file transfers. Skype uses a digital certificate authority and
signed certificates, peer authentication, and strong encryption. This is rather
cumbersome and a pain to administer, but it is a proven secure method of encrypting
communications. Skype tries to foil brute-force password attacks by timing out
after a certain number of unsuccessful login attempts. The weak points in Skype’s
security infrastructure are the same weak points that even the best security
infrastructures have: users that choose weak passwords, and users that click
the “remember my password” checkbox on their computers.
One downside—and for some folks it’s a major one—to using Skype
is that Skype does not interoperate with other networks, but lives inside its
own closed network. If you don’t mind downloading new software for every online
service you want to use, and making your friends and family do the same, then
it works. My official opinion is closed networks are silly.
I couldn’t find more VoIP service providers that provide encryption. They’re doubtless out there somewhere, eluding my elite search abilities. Meanwhile Phil Zimmerman, the brainiac behind Pretty Good Privacy (PGP) turned his talents to encrypting VoIP, and has released a universal VoIP encryption application: the Zfone, which uses a new encryption protocol, ZRTP.
ZRTP encrypts all VoIP
PGP is the most widely used e-mail encryption software. It now exists in two
main forms: a commercial implementation maintained by the PGP
Corp., and the free software version, GNU
Privacy Guard (GPG). It relies on using signed encryption keys, which is
cumbersome for voice calls because both parties need to manually exchange their
public keys and configure their e-mail clients before they can exchange encrypted
e-mails. There is also a fair bit of CPU overhead in encrypting the data, which
isn’t a big deal for e-mail but can be a problem with VoIP. So Mr. Zimmerman
invented ZRTP (Z Real Time Protocol, and the Z stands for Zimmerman. Immortality
in a protocol!) to handle the key creation and exchange automatically. It uses
ephemeral Diffie-Hellman encryption keys that are generated anew for each call.
So you don’t have to hassle with passphrases, protecting private keys, or maintaining
a PKI infrastructure. (I will leave learning more about Diffie-Hellman as homework
for you fine readers.)
If you’re experienced with using Public Key Infrastructure (PKI), you’re wondering
what about Man-in-the-middle (MITM) attacks? Without a properly verified public
key exchange how can you tell if someone has intercepted your call and substituted
their own encryption key, so they can eavesdrop on your call and you’ll never
know about it? ZRTP handles this most ingeniously. To authenticate the key exchange
it uses a Short Authentication String (SAS), which is a cryptographic hash of
the two Diffie-Hellman values, which is then given to both endpoints. This value
is then displayed on both endpoints, so if the values don’t match it’s safe
to assume a successful MITM attack. If they do match, you’re ready to commence
ZRTP doesn’t stop with a single SAS; it takes two more steps to ensure the cryptograpic integrity of your call. ZRTP is independent of the signaling layer because it does all its key negotiations in the media stream, so it works with all VoIP protocols and is completely independent of networks and service providers—the endpoints alone handle everything. There is one major exception: ZRTP doesn’t work with IAX, which is the native Asterisk protocol. But it does work with SIP and H.323, the two most popular VoIP protocols, as well as many others. It even encrypts the tones from your telephone keypad, which is a nice touch if you use it for entering credit card numbers. Read the Zfone FAQ for more details.
Zfone is the software implementation of ZRTP, which means you can download and start testing it. It runs on Linux, Unix, Mac OS X, and Windows. It is still in beta, and eventually it will be incorporated into VoIP products instead of operating as a standalone application. Mr. Zimmerman intends to dual-license it under both the GPL and a license that will allow closed-source commercial development. You can already download a software developer’s kit and start getting acquainted with making your own customizations.
An important note is that Zfone does not authenticate phone calls. Authentication
is a separate problem, and an unwieldy one—how are you going to verify
that the person you’re talking to is really who you think they are? It’s a lot
bigger problem than computer servers and clients authenticating to each other.
ZRTP has been submitted to the IETF for inclusion as an official standard. The proposed draft includes a wealth of useful technical information.
So the concise story is that securely encrypted VoIP is a necessity, and it’s not all the way here yet. But it’s well on its way.