Asterisk encryption

Business SIP Providers
Provider Plan Details Monthly Rate *
Vonage Business SIP Trunking
  • One provider & nationwide coverage
  • Easily integrated into your existing infrastructure
  • More uptime, flexibility and disaster recovery options
$25.00
Details
Business PBX Solutions
Provider Solution Details
Bicom VoIP Become an ITSP Now!
  • Become a serious competitor in VoIP Immediately
  • FULL Consultancy, Installation, Training & Support
  • Sell Hosted IP PBXs, Biz Lines, Call Centre
  • Turnkey Provisioning at your data center
Details
3CX Software PBX for Windows
  • Windows Software Solution
  • Easy to Install and Manage
  • Auto Configures Phones & Trunks
  • Android, iOS, Windows & Mac clients
Details

Asterisk encryption

As of now (Jul 2008) Asterisk does not come with released support for voice encryption. Encryption of SIP signalling is supported as of 1.6 and there is be basic encryption support for IAX, but this is hardly documented and has not been put under scrutiny by security experts. (Regrettably, a message that raised some issues about the security of the session key derivation method has not yet received any reply). Therefore the typical method for media path encryption is to use a VPN. Note that SSH tunneling is not a viable method for VoIP media path encryption.

The BSI (German national office for IT security) clearly recommends to a) separate voice and data IP networks and b) has a preference for TLS and SRTP over IPsec or use of end-to-end encryption protocol like ZRTP. Covert use of built-in microphones of hard- or softphones presents one of the many dangers.

Question: With the missing TLS support in Asterisk could we work around by using OpenSER with TLS in front of Asterisk, and then let Asterisk handle SRTP? Will that influence SIP clients behind NAT that need either the SER NAT helper or nat=yes in Asterisk?

Notice: Please note that SRTP, even when deployed with SIP/TLS support, does not provide end-to-end encryption. The PBX is a trusted third party and can act as man-in-the-middle to intercept traffic. Currently only ZRTP-enabled technology provide end-to-end encryption.

Asterisk channel configuration




VoIP hard- and software with encryption features

Phones


Software

  • PJSIP: Cross-platform GPL VoIP stack with ZRTP being integrated by PrivateWave with ZORG zrtp.org opensource ZRTP implementation.
  • PrivateGSM: Mobile VoIP client for Blackberry, iPhone and Nokia S60 with end-to-end voice encryption with ZRTP protocol supporting 3G/WiFi (IP) and ZRTP/S on 2G/GSM with AMR 4.75 audio codec
  • minisip: With SRTP and MIKEY (but no sdescriptions); developed at KTH university, Stockholm; Linux only
  • Twinkle: With ZRTP and SRTP support (Twinkle is a SIP client for Linux only)
  • WengoPhone 2.1: Comes with SRTP support (AES128 encryption algorithm)
  • PhonerLite softphone: SRTP and TLS, Windows only
  • Snom softphone: Was once freely available for download, good for testing, simulates the SNOM 360; requires Win 2k/XP
  • Zultys softphone (Linux): Does the LIPZ4 support voice encryption? Not on the free version. Zultys will soon offer a paid license for enabling encryption that uses Secure RTP and AES encryption to transport voice traffic in a secure manner. You will be able to engage this function before or during a call by pressing the Encrypt button on the phone.
  • Counterpath's EyeBeam has SRTP and TLS support
  • Microsoft LCS Office Communicator: SRTP and TLS
  • KPhone: SRTP only
  • TelTel for Windows: SRTP and TLS
  • Zoiper Biz edition comes with SRTP and TLS (but not the free edition); mayb (?) also IAX encryption is supported
  • SIP Communicator (Java, OpenSource): Comes with ZRTP encryption
  • sipp performance tester
  • Taki SIP softphone. Supports TLS, SRTP and ZRTP.

Hardware

  • VoIPtel PRO has a combined SIP and IAX phone that supports L2TP (incl. a L2TP client) and OpenVPN
  • Grandstream phones: SRTP and TLS (not on all products/firmware releases); key exchange method is sdescription (RFC4568) at least for GXP-2000 (no TLS support in this ones' firmware as of 2007-05-09); for the BT-200 Grandstream now lists ZRTP as a future feature (but don't hold your breath, it might still takes months or years).
  • Snom phones and Asterisk phone snom: SRTP, TLS (SIPS), AES - see posting in TLS phone configuration (in German). snom190 and snom3XX use different incompatible encryption methods. snom190: RFC3261, k header; snom360: RFC3711 SRTP ecncryption algorithm AES. AES is implemeted via sDescriptions as described in this document and RFC4568. The SNOM Wiki also has a few SIP traces. The SNOM 370 has a special firmware version available with OpenVPN support, released in July 2008 after more than 1 year of beta status.
  • Zultys phones: SRTP, AES, VPN client
  • LevelOne: VOI-7010 with VPN PTPN client
  • Linksys and former Sipura phones: See also this posting: "If you have access to their support web site, there were some documents that explain how to generate a certificate. However, once the certificate is generated (which I did on a FC3 stock box), one needed to send the certificate to Sipura for signing. When I asked where to send it, I was told to contact sales. I have not done that yet, but apparently there must be a charge to have that done since the support folks were referring me to sales." ... "Sipura uses a public key method. To enable a secure call, both devices need to be configured with a certificate signed by the same 'miniCA', and the key negotiation is sent in proprietary SIP INFO messages." ... "The mini certificate contains a 512-bit RSA modulus (n) as the Public Key, and a 1024-bit RSA modulus (n) is appended as the Public Key of the signing "CA". Both have a public exponent (e) of 0x10001 (65537). The Signature is a SHA1 message digest of the User Name, User ID, Expiration Date and Public Key padded with PKCS1 padding and encrypted with the private key of the "CA"."
  • Innovaphone: H.323/ISDN phone IP202 with integrated VPN client (IP400 also with SIP, but VPN?)a, phone IP110 (former Swissvoice ip10) with PPTP (point to point tunnelling protocol) and MPPE (Microsoft point to point encryption)
  • Azatel: details not specified
  • AVM Fritz!Box WLAN 7170 now has an experimental firmware with SRTP and TLS support (March 2007)
  • CrypTone: IPSec 3DES encryption (VPN), SIP
  • Some Netgear ATAs also support SRTP & TLS
  • Siemens Gigaset DE380 IP R (a wired telephone): SRTP & TLS
  • Polycom SoundPoint & VVX SIP telephones (UC 4.x firmware) support TLS & SRTP


Cards


PBX with voice encryption

  • VoIPtel SEq firmware for IP01, IP02, IP04, IP08 and IP BRI PBX support OpenVPN for secure conversation. Has been tested successfully with SNOM 370 and Atcom Technology's AT-530P+ IP phones.
  • UM-LABS has support for end-to-end encryption with ZRTP
  • FreeSwitch has support for SRTP and TLS (using SDES)
  • pbxnsip: The PBX supports security by using sips/tls and srtp (via SDES). Was part of SNOM until 2005.
  • Mitel
  • Cisco
  • Avaya
  • YATE, open source and free, appears to have SRTP support as well
  • Sirrix PBX (still available?)
  • All Zultys voice systems (still available?)

Firewalls & Gateways

  • The OpenSER SIP proxy comes with TLS support
  • AudioCodes gateways (or just ATA?)
  • Ingate firewalls
  • IAX_OpenVPN IAX2 over OpenVPN
  • Intertex is just about to release a new product revision with SRTP support (March 2007)
  • BorderWare Gateways

Ingate

Ingate Systems have recently implemented support in their SIP-aware firewalls for transcoding SIP calls between SRTP (negotiated via sdescriptions) and plain RTP, and they would like to do some interop testing:
"We have now concluded successful interop testing between a Snom 360 phone and an Ingate Firewall 1400. We ran SRTP over the internet. The Ingate Firewall transcoded it to unencrypted RTP and sent it to a Cisco 7960 phone (that, to my knowledge, don't support SRTP)."
The 1400 comes standard with a SIP proxy and a SIP registrar, support for NAT and PAT and TLS support for encrypted SIP signalling; for 10 - 1000 SIP users.

SIP providers & carriers

  • dus.net offers SRTP since Feb. 2007 (Germany, Duesseldorf)

Admin & attacker tools


Background

As of today (April 2007) almost everything is there and standardized for secure SIP calls, except for a - widely adopted - key exchange mechanism. MiKey is quite secure (end-to-end capable) but complicated due to the need for certificates, whereas sDescriptions (plain text key exchange via SIP Session Description) is probably the most wide-spread implementation, yet it is less insecure and requires TLS for enhanced security.

ZRTP has the potential to address all this and solve the situation, however hardware vendors would need to purchase ZRTP licenses and might be afraid of the relatively high burdens on their not-so-strong CPUs. ZRTP makes use of the Diffie-Hellmann mechanism that allows for a secure key exchange over insecure channels. At the IETF meeting in March 2007 ZRTP was intensively discussed, see also RTPSEC mailing list, with the result being that DTLS (TLS over UDP) was slightly favoured over ZRTP, whereas MIKEYv2 received very little support. As of now only Zfone and Twinkle implement ZRTP: Twinkle is a SIP client for Linux, whereas the open sourced Zfone (available for Windows, Linux, Mac) can add ZRTP encryption in front of any existing SIP softphone. Note that Counterpath, the makers of eyebeam and x-lite, have agreed to include ZRTP in their products.

One needs to clearly distinguish between endpoint-to-endpoint encryption and server-to-server encryption (aka hop-by-hop encryption). The ''sDescriptions", method, even if coupled with TLS, allows any SIP server that is in the signalling path to see the master key in plain text (but not the session key). However, using that master key to deduct the session key is not a simple undertaking, which means that SRTP does come with a lot of added value even if not coupled with TLS (which in turn requires SIP-over-TCP support, yet very few SIP clients have that).

In addtion to the media stream (RTP, voice) also the signalling itself (SIP) can/should be encrypted because it carries valuable information like "who talked to whom, and for how long". TLS and SIPS are the established means for signalling encryption.

SRTP without TLS/SIPS:
Taken from the SNOM FAQ: "Technically speaking SRTP doesn't make sense without having a TLS based signalling connection. However, the media is still secure even if SRTP is used without TLS. The master key sent in the INVITE is not used as such but is instead used to generate the actual SRTP encryption keys via AES. These keys are then used to encrypt the RTP. For a completely secure call, SRTP can be used in conjunction with a TLS signalling connection."

Question: So does SRTP without TLS or SIPS prevent the successfull use of e.g. 'vomit'?

Tentative answer: it depends on how smart the eavesdropping application is. If the master key is successfully eavesdropped, obtaining session keys is trivial; but if only the SRTP flow is sniffed, then the communication is secure.
Secure key management methods that don't use TLS do exist, but they may not be supported by the SIP standard. Unfortunately, being SIP the extensible monster it has become, it's hard to track just what is supported... The section 23 of RFC3261 suggests the use of S/MIME (eek!), and RFC3830 a method called MIKEY based on one of the three classic techniques: preshared secret, public-key encryption or Diffie-Hellman.
The adoption of such methods is not widespread, but Minisip contains a GPL'd MIKEY library.


Articles


See also



Go back to Asterisk

Asterisk encryption

As of now (Jul 2008) Asterisk does not come with released support for voice encryption. Encryption of SIP signalling is supported as of 1.6 and there is be basic encryption support for IAX, but this is hardly documented and has not been put under scrutiny by security experts. (Regrettably, a message that raised some issues about the security of the session key derivation method has not yet received any reply). Therefore the typical method for media path encryption is to use a VPN. Note that SSH tunneling is not a viable method for VoIP media path encryption.

The BSI (German national office for IT security) clearly recommends to a) separate voice and data IP networks and b) has a preference for TLS and SRTP over IPsec or use of end-to-end encryption protocol like ZRTP. Covert use of built-in microphones of hard- or softphones presents one of the many dangers.

Question: With the missing TLS support in Asterisk could we work around by using OpenSER with TLS in front of Asterisk, and then let Asterisk handle SRTP? Will that influence SIP clients behind NAT that need either the SER NAT helper or nat=yes in Asterisk?

Notice: Please note that SRTP, even when deployed with SIP/TLS support, does not provide end-to-end encryption. The PBX is a trusted third party and can act as man-in-the-middle to intercept traffic. Currently only ZRTP-enabled technology provide end-to-end encryption.

Asterisk channel configuration




VoIP hard- and software with encryption features

Phones


Software

  • PJSIP: Cross-platform GPL VoIP stack with ZRTP being integrated by PrivateWave with ZORG zrtp.org opensource ZRTP implementation.
  • PrivateGSM: Mobile VoIP client for Blackberry, iPhone and Nokia S60 with end-to-end voice encryption with ZRTP protocol supporting 3G/WiFi (IP) and ZRTP/S on 2G/GSM with AMR 4.75 audio codec
  • minisip: With SRTP and MIKEY (but no sdescriptions); developed at KTH university, Stockholm; Linux only
  • Twinkle: With ZRTP and SRTP support (Twinkle is a SIP client for Linux only)
  • WengoPhone 2.1: Comes with SRTP support (AES128 encryption algorithm)
  • PhonerLite softphone: SRTP and TLS, Windows only
  • Snom softphone: Was once freely available for download, good for testing, simulates the SNOM 360; requires Win 2k/XP
  • Zultys softphone (Linux): Does the LIPZ4 support voice encryption? Not on the free version. Zultys will soon offer a paid license for enabling encryption that uses Secure RTP and AES encryption to transport voice traffic in a secure manner. You will be able to engage this function before or during a call by pressing the Encrypt button on the phone.
  • Counterpath's EyeBeam has SRTP and TLS support
  • Microsoft LCS Office Communicator: SRTP and TLS
  • KPhone: SRTP only
  • TelTel for Windows: SRTP and TLS
  • Zoiper Biz edition comes with SRTP and TLS (but not the free edition); mayb (?) also IAX encryption is supported
  • SIP Communicator (Java, OpenSource): Comes with ZRTP encryption
  • sipp performance tester
  • Taki SIP softphone. Supports TLS, SRTP and ZRTP.

Hardware

  • VoIPtel PRO has a combined SIP and IAX phone that supports L2TP (incl. a L2TP client) and OpenVPN
  • Grandstream phones: SRTP and TLS (not on all products/firmware releases); key exchange method is sdescription (RFC4568) at least for GXP-2000 (no TLS support in this ones' firmware as of 2007-05-09); for the BT-200 Grandstream now lists ZRTP as a future feature (but don't hold your breath, it might still takes months or years).
  • Snom phones and Asterisk phone snom: SRTP, TLS (SIPS), AES - see posting in TLS phone configuration (in German). snom190 and snom3XX use different incompatible encryption methods. snom190: RFC3261, k header; snom360: RFC3711 SRTP ecncryption algorithm AES. AES is implemeted via sDescriptions as described in this document and RFC4568. The SNOM Wiki also has a few SIP traces. The SNOM 370 has a special firmware version available with OpenVPN support, released in July 2008 after more than 1 year of beta status.
  • Zultys phones: SRTP, AES, VPN client
  • LevelOne: VOI-7010 with VPN PTPN client
  • Linksys and former Sipura phones: See also this posting: "If you have access to their support web site, there were some documents that explain how to generate a certificate. However, once the certificate is generated (which I did on a FC3 stock box), one needed to send the certificate to Sipura for signing. When I asked where to send it, I was told to contact sales. I have not done that yet, but apparently there must be a charge to have that done since the support folks were referring me to sales." ... "Sipura uses a public key method. To enable a secure call, both devices need to be configured with a certificate signed by the same 'miniCA', and the key negotiation is sent in proprietary SIP INFO messages." ... "The mini certificate contains a 512-bit RSA modulus (n) as the Public Key, and a 1024-bit RSA modulus (n) is appended as the Public Key of the signing "CA". Both have a public exponent (e) of 0x10001 (65537). The Signature is a SHA1 message digest of the User Name, User ID, Expiration Date and Public Key padded with PKCS1 padding and encrypted with the private key of the "CA"."
  • Innovaphone: H.323/ISDN phone IP202 with integrated VPN client (IP400 also with SIP, but VPN?)a, phone IP110 (former Swissvoice ip10) with PPTP (point to point tunnelling protocol) and MPPE (Microsoft point to point encryption)
  • Azatel: details not specified
  • AVM Fritz!Box WLAN 7170 now has an experimental firmware with SRTP and TLS support (March 2007)
  • CrypTone: IPSec 3DES encryption (VPN), SIP
  • Some Netgear ATAs also support SRTP & TLS
  • Siemens Gigaset DE380 IP R (a wired telephone): SRTP & TLS
  • Polycom SoundPoint & VVX SIP telephones (UC 4.x firmware) support TLS & SRTP


Cards


PBX with voice encryption

  • VoIPtel SEq firmware for IP01, IP02, IP04, IP08 and IP BRI PBX support OpenVPN for secure conversation. Has been tested successfully with SNOM 370 and Atcom Technology's AT-530P+ IP phones.
  • UM-LABS has support for end-to-end encryption with ZRTP
  • FreeSwitch has support for SRTP and TLS (using SDES)
  • pbxnsip: The PBX supports security by using sips/tls and srtp (via SDES). Was part of SNOM until 2005.
  • Mitel
  • Cisco
  • Avaya
  • YATE, open source and free, appears to have SRTP support as well
  • Sirrix PBX (still available?)
  • All Zultys voice systems (still available?)

Firewalls & Gateways

  • The OpenSER SIP proxy comes with TLS support
  • AudioCodes gateways (or just ATA?)
  • Ingate firewalls
  • IAX_OpenVPN IAX2 over OpenVPN
  • Intertex is just about to release a new product revision with SRTP support (March 2007)
  • BorderWare Gateways

Ingate

Ingate Systems have recently implemented support in their SIP-aware firewalls for transcoding SIP calls between SRTP (negotiated via sdescriptions) and plain RTP, and they would like to do some interop testing:
"We have now concluded successful interop testing between a Snom 360 phone and an Ingate Firewall 1400. We ran SRTP over the internet. The Ingate Firewall transcoded it to unencrypted RTP and sent it to a Cisco 7960 phone (that, to my knowledge, don't support SRTP)."
The 1400 comes standard with a SIP proxy and a SIP registrar, support for NAT and PAT and TLS support for encrypted SIP signalling; for 10 - 1000 SIP users.

SIP providers & carriers

  • dus.net offers SRTP since Feb. 2007 (Germany, Duesseldorf)

Admin & attacker tools


Background

As of today (April 2007) almost everything is there and standardized for secure SIP calls, except for a - widely adopted - key exchange mechanism. MiKey is quite secure (end-to-end capable) but complicated due to the need for certificates, whereas sDescriptions (plain text key exchange via SIP Session Description) is probably the most wide-spread implementation, yet it is less insecure and requires TLS for enhanced security.

ZRTP has the potential to address all this and solve the situation, however hardware vendors would need to purchase ZRTP licenses and might be afraid of the relatively high burdens on their not-so-strong CPUs. ZRTP makes use of the Diffie-Hellmann mechanism that allows for a secure key exchange over insecure channels. At the IETF meeting in March 2007 ZRTP was intensively discussed, see also RTPSEC mailing list, with the result being that DTLS (TLS over UDP) was slightly favoured over ZRTP, whereas MIKEYv2 received very little support. As of now only Zfone and Twinkle implement ZRTP: Twinkle is a SIP client for Linux, whereas the open sourced Zfone (available for Windows, Linux, Mac) can add ZRTP encryption in front of any existing SIP softphone. Note that Counterpath, the makers of eyebeam and x-lite, have agreed to include ZRTP in their products.

One needs to clearly distinguish between endpoint-to-endpoint encryption and server-to-server encryption (aka hop-by-hop encryption). The ''sDescriptions", method, even if coupled with TLS, allows any SIP server that is in the signalling path to see the master key in plain text (but not the session key). However, using that master key to deduct the session key is not a simple undertaking, which means that SRTP does come with a lot of added value even if not coupled with TLS (which in turn requires SIP-over-TCP support, yet very few SIP clients have that).

In addtion to the media stream (RTP, voice) also the signalling itself (SIP) can/should be encrypted because it carries valuable information like "who talked to whom, and for how long". TLS and SIPS are the established means for signalling encryption.

SRTP without TLS/SIPS:
Taken from the SNOM FAQ: "Technically speaking SRTP doesn't make sense without having a TLS based signalling connection. However, the media is still secure even if SRTP is used without TLS. The master key sent in the INVITE is not used as such but is instead used to generate the actual SRTP encryption keys via AES. These keys are then used to encrypt the RTP. For a completely secure call, SRTP can be used in conjunction with a TLS signalling connection."

Question: So does SRTP without TLS or SIPS prevent the successfull use of e.g. 'vomit'?

Tentative answer: it depends on how smart the eavesdropping application is. If the master key is successfully eavesdropped, obtaining session keys is trivial; but if only the SRTP flow is sniffed, then the communication is secure.
Secure key management methods that don't use TLS do exist, but they may not be supported by the SIP standard. Unfortunately, being SIP the extensible monster it has become, it's hard to track just what is supported... The section 23 of RFC3261 suggests the use of S/MIME (eek!), and RFC3830 a method called MIKEY based on one of the three classic techniques: preshared secret, public-key encryption or Diffie-Hellman.
The adoption of such methods is not widespread, but Minisip contains a GPL'd MIKEY library.


Articles


See also



Go back to Asterisk

Created by: JustRumours, Last modification: Thu 16 of Jul, 2015 (03:41 UTC) by svoip
Please update this page with new information, just login and click on the "Edit" or "Discussion" tab. Get a free login here: Register Thanks! - Find us on Google+