[asterisk-users] Encrypting the Conversation

Leo Ann Boon leo at datvoiz.com
Mon Jul 10 17:12:15 MST 2006

Mike Puchol wrote:

> I would have to strongly disagree - if Asterisk was toted as a kid's 
> toy, and sold by Fisher Price, then maybe security has no importance. 
> But, if Asterisk or any other VoIP platform, for that matter, is to be 
> introduced into the enterprise, it *has* to provide security. Tapping 
> a hard phone line requires physical access to it - tapping a VoIP line 
> can be done from anywhere in the world, if the server is not secure 
> enough. Just use the Monitor() command, and setup a cron job to 
> compress to mp3 and upload to an FTP server, and you have the perfect 
> tap. It can even discriminate callers, called numbers and extensions, 
> which conventional taps cannot!

I, for one,  believe encryption should be at the end point and not at 
the switch/PBX level. We must always assume that the transit medium is 
compromised. That's why end-to-end fax and analog phone encryption 
devices exist.

My take on how to implement VoIP security:
a. Endpoints should initiate the key exchange independent of the PBX.
b. Keep the PBX out of the media path.
c. Avoid media transcoding, e.g. IP to/from TDM is a no go - because one 
end is not secured.
d. Avoid hard coded keys.

Recently, I had a discussion with some tech guys from a big name vendor. 
I was rather shocked by their concept of security:
a. Phones are fitted with keys from the factory. No one except the 
factory knows the keys.
b. Or use a centralized certificate directory accessible by the PBX.
c. IP phones can communicated with TDM endpoints (digital/analog phones 
and PSTN) with the PBX doing the encryption/decryption.
d. It's possible for a voice logger to record the calls (presumably by 
accessing the certificate directory or getting the key from the PBX).

I believe they chose this implementation primarily to interoperate with 
the TDM portions of the PBX like the voicemail, IVR and PSTN. I just 
feel that it's the wrong approach. Any compromise is a chink in the 
armor. Quoting Bruce Schneier: 'Security is a process, not a product.'

Just my $0.02


More information about the asterisk-users mailing list