[Asterisk-Dev] AES voice encryption for IAX2

Adam Hart adam at teragen.com.au
Sun Apr 18 17:02:59 MST 2004 

Derek Smithies wrote:

>HI,
> I agree.
> As explained in my previous emails, there are numerous attacks one can do 
>if the signalling information is not encrypted.
>  I have explained a denial of service attack, where a third party can 
>   disconnect an active call.
>  A third party has other DOS attacks, interjecting dtmf digits in the 
>    stream.
>  The attacks as listed below, where the bank account details are 
>   readable.
>
>Let us move this conversation to:::
>
>encrypting the entire contents of all iax2 packets.
>
>  
>
Indeed :)

>There seems to be  opposition to some sort of vpn. The preference is that 
>encryption goes in at the application layer. Although, I do remember a 
>post arguing that the IETF are moving towards encryption at the OS level.
>   (apologies  if I misquoted that)
>
>Does that mean::
>If we insist on do encryption at the application layer, and we decide
>to encrypt the entire contents of all iax packets
>    ===> we require iax3 ?
>
>
>  
>
I shutter at the thought but either way, it's a decision not to be made 
quite yet. Let's discuss other issues

AES encryption without RSA encryption: My solution for this was to use 
the MD5 sum as the key, unfortunately later I realized that brute 
forcing someone's MD5 isn't that hard. Still much harder than plain 
text. The way it would work would be the MD5 result would never be sent 
back but instead used at the key and probably the client would encrypt 
some other challenge to prove it got it right.

NEW (with username :|) ->
AUTHREQ <-  (with MD5 challenge and cipher challenge)
AUTHREP -> (cipher challenge encrypted by AES using the result of the 
MD5 sum as the key)
Asterisk checks the cipher and if correct decrypts the rest of the 
packet (as all packets now will be encrypted)

Now yea, there's some issues here: a) transmission of username, but it's 
needed b) Currently IAX2 transmits the destination number (and other 
things) in it's NEW, which here would unencrypted.

Renegotiation of private keys on transfer - Asterisk shouldn't know the 
private key in the conversation if native transferred. This is quite 
paramount and I recall John Todd requesting this in some form. Of 
course, this is impossible without some form of public key exchange (so 
not when MD5 key is used)

RSA should be preferred as using it's much stronger than my suggested 
MD5 method. I think this is more a responsibility for IAX clients to 
suggest usage of RSA (or in most cases actually allow it for a start)

I'd love Mark's input

-Adam

More information about the asterisk-dev mailing list