VoIPowering Your Office: Encrypting VoIP Calls (Part 2)

No 'perfect' methodology for strong VoIP encryption yet exists, but there are at least a couple of pretty good options.

 By Carla Schroder
Page of   |  Back to Page 1
Print Article

In Part 1 of this opus, I (hopefully) painted a scary picture of how easy it is to eavesdrop on VoIP traffic. So what can you to protect your own VoIP traffic? Let's take a look at some of your options.

Use Skype
Skype is famous for its excellent call quality and reliability. Its call security is pretty good, and is used on all Skype services—VoIP calls, text chat, and video and file transfers. Skype uses a digital certificate authority and signed certificates, peer authentication, and strong encryption. This is rather cumbersome and a pain to administer, but it is a proven secure method of encrypting communications. Skype tries to foil brute-force password attacks by timing out after a certain number of unsuccessful login attempts. The weak points in Skype's security infrastructure are the same weak points that even the best security infrastructures have: users that choose weak passwords, and users that click the "remember my password" checkbox on their computers.

One downside—and for some folks it's a major one—to using Skype is that Skype does not interoperate with other networks, but lives inside its own closed network. If you don't mind downloading new software for every online service you want to use, and making your friends and family do the same, then it works. My official opinion is closed networks are silly.

I couldn't find more VoIP service providers that provide encryption. They're doubtless out there somewhere, eluding my elite search abilities. Meanwhile Phil Zimmerman, the brainiac behind Pretty Good Privacy (PGP) turned his talents to encrypting VoIP, and has released a universal VoIP encryption application: the Zfone, which uses a new encryption protocol, ZRTP.

ZRTP encrypts all VoIP
PGP is the most widely used e-mail encryption software. It now exists in two main forms: a commercial implementation maintained by the PGP Corp., and the free software version, GNU Privacy Guard (GPG). It relies on using signed encryption keys, which is cumbersome for voice calls because both parties need to manually exchange their public keys and configure their e-mail clients before they can exchange encrypted e-mails. There is also a fair bit of CPU overhead in encrypting the data, which isn't a big deal for e-mail but can be a problem with VoIP. So Mr. Zimmerman invented ZRTP (Z Real Time Protocol, and the Z stands for Zimmerman. Immortality in a protocol!) to handle the key creation and exchange automatically. It uses ephemeral Diffie-Hellman encryption keys that are generated anew for each call. So you don't have to hassle with passphrases, protecting private keys, or maintaining a PKI infrastructure. (I will leave learning more about Diffie-Hellman as homework for you fine readers.)

If you're experienced with using Public Key Infrastructure (PKI), you're wondering what about Man-in-the-middle (MITM) attacks? Without a properly verified public key exchange how can you tell if someone has intercepted your call and substituted their own encryption key, so they can eavesdrop on your call and you'll never know about it? ZRTP handles this most ingeniously. To authenticate the key exchange it uses a Short Authentication String (SAS), which is a cryptographic hash of the two Diffie-Hellman values, which is then given to both endpoints. This value is then displayed on both endpoints, so if the values don't match it's safe to assume a successful MITM attack. If they do match, you're ready to commence conversating.

ZRTP doesn't stop with a single SAS; it takes two more steps to ensure the cryptograpic integrity of your call. ZRTP is independent of the signaling layer because it does all its key negotiations in the media stream, so it works with all VoIP protocols and is completely independent of networks and service providers—the endpoints alone handle everything. There is one major exception: ZRTP doesn't work with IAX, which is the native Asterisk protocol. But it does work with SIP and H.323, the two most popular VoIP protocols, as well as many others. It even encrypts the tones from your telephone keypad, which is a nice touch if you use it for entering credit card numbers. Read the Zfone FAQ for more details.

Zfone is the software implementation of ZRTP, which means you can download and start testing it. It runs on Linux, Unix, Mac OS X, and Windows. It is still in beta, and eventually it will be incorporated into VoIP products instead of operating as a standalone application. Mr. Zimmerman intends to dual-license it under both the GPL and a license that will allow closed-source commercial development. You can already download a software developer's kit and start getting acquainted with making your own customizations.

An important note is that Zfone does not authenticate phone calls. Authentication is a separate problem, and an unwieldy one—how are you going to verify that the person you're talking to is really who you think they are? It's a lot bigger problem than computer servers and clients authenticating to each other.

ZRTP has been submitted to the IETF for inclusion as an official standard. The proposed draft includes a wealth of useful technical information.

So the concise story is that securely encrypted VoIP is a necessity, and it's not all the way here yet. But it's well on its way.

The Zfone project
ZRTP: Media Path Key Agreement for Secure RTP

This article was originally published on Aug 21, 2007
Get the Latest Scoop with Networking Update Newsletter