[asterisk-users] Encrypting the Conversation

Greg Broiles gbroiles at gmail.com
Mon Jul 10 18:38:23 MST 2006 

On 7/10/06, trixter aka Bret McDanel <trixter at 0xdecafbad.com> wrote:
> zphone is phil zimmermans (creator of pgp) encrypted rtp system.  Unlike
> SRTP this does not rely on the server itself to provide the encryption.
> It also lets you be reasonably assured that if the numbers displayed
> match then not only is no one listening now, but they havent since you
> paired both endpoints.

The interesting thing that Phil Z is doing different with Zfone (that
could be adopted by Asterisk and/or other VoIP participants) is that
he's creating a communication channel that's secure against
third-party eavesdropping but doesn't bother with any sort of identity
or key management.

>From the Zfone FAQ -

"The ZRTP protocol has some nice cryptographic features lacking in
many other approaches to VoIP encryption. Although it uses a public
key algorithm, it does not rely on a public key infrastructure (PKI).
In fact, it does not use persistant public keys at all. It uses
ephemeral Diffie-Hellman with hash commitment, and allows the
detection of man-in-the-middle (MiTM) attacks by displaying a short
authentication string for the users to read and compare over the
phone. It has perfect forward secrecy, meaning the keys are destroyed
at the end of the call, which precludes retroactively compromising the
call by future disclosures of key material. But even if the users are
too lazy to bother with short authentication strings, we still get
fairly decent authentication against a MiTM attack, based on a form of
key continuity. It does this by caching some key material to use in
the next call, to be mixed in with the next call's DH shared secret,
giving it key continuity properties analogous to SSH. All this is done
without reliance on a PKI, key certification, trust models,
certificate authorities, or key management complexity that bedevils
the email encryption world. It also does not rely on SIP signaling for
the key management, and in fact does not rely on any servers at all.
It performs its key agreements and key management in a purely
peer-to-peer manner over the RTP packet stream. And it supports
opportunistic encryption by auto-sensing if the other VoIP client
supports ZRTP."

.. my hunch is that a lot of people are going to be aggravated by the
peer-to-peer in-band crypto negotiation, and perhaps rightfully so.

However, I think it's a really good insight that encryption may be
very helpful even where identity is not based upon cryptographic
authentication - humans are reasonably good at authenticating each
other based upon tone of voice, social/personal context, etc., and we
are awful at managing crypto keys. Opportunistic encryption using
ephemeral Diffie-Hellman - which allows two people/machines who don't
know each other to create a secure channel between them - would let
every interaction between Asterisk (or compatible) devices have pretty
good protection against casual or indiscriminate third-party
monitoring or eavesdropping. It won't solve all problems, but that
doesn't mean it wouldn't be a good start.

Also, see <http://www.voip-info.org/wiki/view/IAX+encryption>.

-- 
Greg Broiles, JD, LLM Tax, EA
gbroiles at gmail.com (Lists only. Not for confidential communications.)
Law Office of Gregory A. Broiles
San Jose, CA

More information about the asterisk-users mailing list