[Asterisk-Security] SRTP vs IPSEC

Bradley bradley at rucus.net
Mon Sep 5 03:27:00 CDT 2005


Enzo Michelangeli wrote:

>Jeremy Jackson jerj at coplanar.net
>Wed Aug 10 16:15:01 CDT 2005
>[...]
>  
>
>>Does RTP use separate UDP ports per media stream?  I'm inclined to think
>>it does; gnomemeeting/H323 video calls do.  If that's generally true,
>>than code like the above can trigger encryption per stream, *inside* the
>>applicantion(s).
>>
>>What might be some of the other issues?  There's a fair bit of work to
>>implement SRTP, so I'd like to be convinced it's necessary.
>>    
>>
>
>There is a well documented GPL'd implementation of SRTP available from
>http://srtp.sourceforge.net/srtp.html . Integration with Asterisk
>shouldn't be hard; as usual, the hardest issue is key management.
>Solutions based on a shared secret may work between mutually-authenticated
>nodes; in other cases, a relatively simple way out is to use SIPS (SIP
>over TLS) to pass a randomly-generated session key in cleartext, but
>protected by the TLS layer. Unfortunately, I believe that, at this stage,
>Asterisk doesn't support SIPS (and not even SIP over TCP).
>  
>

I'm a Computer Science Masters Student investigating the performance
issues of securing VoIP. As my project focuses on systems where many
clients communicate through a single gateway (Asterisk). I will be using
IAX2 security, IPSEC and SRTP to collect my data.

So to accomplish this, I need asterisk to talk SRTP. I am willing to
implement it but want to make sure it has not already been done? I also
want to find any persons that have already embarked on this
implementation? I have been looking at the MIKEY framework for
exchanging keys. I'm also currently reading
http://srtp.sourceforge.net/srtp.html which I am also finding useful and
hopeful for the implementation of SRTP into Asterisk

Comments/Ideas etc are very welcome, Thanks!

Bradley


More information about the Asterisk-Security mailing list