[Asterisk-Dev] AES voice encryption for IAX2

Derek Smithies derek at indranet.co.nz
Sat Apr 17 19:26:43 MST 2004 

Hi,
One would encrypt voice packets so that others cannot "listen in"
to your conversations. Fair enough. In the iax2 protocol, one could
do that by 
*putting an IE element in the initial packet to specify encryption. 
*a new full frame type which specifies encrypted voice.

Now, this is a fair goal, and will secure the conversation. However, the
security is only partial. The facts that 
 a)the conversation took place, 
 b)who the conversation is between, 
 c)the duration of the conversation, 
are still available.

And, the conversation is still subject to denial of service attacks. 
An outsider can still interject with end of call packets.
An outsider can still interject with other full frame packets (dtmf, new 
   audio codec full frame packets, and various reporting packets to slow
   things down)

So, we decide to secure the conversation fully to prevent snooping and the 
denial of service attacks. At which point, we have (effectively) the 
conversation carried as though it is on a vpn. So why not just use a 
standard vpn based on something like CIPE?

Derek.
=======================================
 On Fri, 16 Apr 2004, Olle E. Johansson wrote:

> hwstar at rodgers.sdcoxmail.com wrote:
> > One could also re-direct encrypted traffic onto a new
> > source/destination port number pair ala HTTP/HTTPS, then
> > define a new header format which exposes minumal call information. 
> No, that's something the IETF is trying to not do with future protocols.
> The recommended method now is to use the same port, but negotiate whether
> or not to use TLS. Like "starttls" in SMTP.
> 
> SIPS uses the same port as SIP.
> 
> /O
> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev
> 
> 
> 

-- 
Derek Smithies Ph.D.                           This PC runs pine on linux for email
IndraNet Technologies Ltd.                     If you find a virus apparently from me, it has
Email: derek at indranet.co.nz                    forged  the e-mail headers on someone else's machine
ph +64 3 365 6485                              Please do not notify me when (apparently) receiving a
Web: http://www.indranet-technologies.com/     windows virus from me......

More information about the asterisk-dev mailing list