[Asterisk-Dev] AES voice encryption for IAX2

Steve Rodgers hwstar at rodgers.sdcoxmail.com
Thu Apr 15 21:15:19 MST 2004


I suppose one could do it that way, but that would not encrypt the entire 
contents of the header which would be more preferable. There is
quite a bit of information i.e. timing info, call numbers, signalling,
and call states which would be better off encrypted.





On Thursday 15 April 2004 18:17, James Sharp wrote:
> > I'm more interested in any information regarding the modification of the
> > IAX2 protocol to allow encryption of
> > the media packets, call numbers, and the call state info.
> >
> > Taking a look at the copy of the IAX2 protocol spec,
> > I see that it won't be trivial to modify the protocol
> > to protect the call numbers, call data and state information without
> > significant structural change to the format of the headers.
> >
> > IOTW: Time for IAX3?
> >
> > One could protect the data by defining a special code (0xFFFF) for the
> > call number field in IAX2 but this is a kludgy fix to an otherwise
> > outstanding protocol.
>
> Why not just add a subclass of AST_FRAME_VOICE_ENCRYPTED?   Or a new
> frametype of AST_FRAME_ENCRYPTED_IAX?
>
> If you get an IAX packet with AST_FRAME_ENCRYPTED_IAX, you decrypt the
> structure and convert it to AST_FRAME_IAX?  Same with voice.
>
> > One could also re-direct encrypted traffic onto a new
> > source/destination port number pair ala HTTP/HTTPS, then
> > define a new header format which exposes minumal call information.
> >
> > Finally, we could define IAXS as a new and separate protocol
> > using a new known port number pair only used when encryption is necessary
> > as encryption capable headers will make IAX less efficient.
>
> If you go with static keying on the two endpoints, then all you have to do
> is indicate that the frames are encrypted.
>
> You do get into some issues for an IAX transfer, though.  You have either
> renegotiate keys or make sure all endpoints use the same key.
> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev




More information about the asterisk-dev mailing list