[Asterisk-Dev] AES voice encryption for IAX2
James Golovich
james at wwnet.net
Thu Apr 15 21:41:29 MST 2004
On Thu, 15 Apr 2004, Steve Rodgers wrote:
>
> I suppose one could do it that way, but that would not encrypt the entire
> contents of the header which would be more preferable. There is
> quite a bit of information i.e. timing info, call numbers, signalling,
> and call states which would be better off encrypted.
>
That is absolutely true. The signalling information is quite often more
valuable than the actual payload. Called and calling numbers, Credit card
numbers, voicemail passwords, etc.
Given the scenario that only the voice payload is encrypted and an
attacker has access to the network stream. If someone was interested in
getting your banking info and they knew the tollfree number of your bank
(and that you called in to check your balance) they could sift through the
packets looking for calls to that number and easily see the dtmf dialed to
enter the account information.
James
More information about the asterisk-dev
mailing list