---------------





Who is listening to my calls?
Per Cederqvist, Chief Architect, Ingate Systems

IP telephony may be a great way to save money, but isn't it easier to eavesdrop on IP telephony than regular telephony? That is a question that is often raised when SIP is discussed.

The fact is that, properly used, the SIP standards suite can make it a lot harder to eavesdrop on your conversations by using SRTP to encrypt the media, making it virtually impossible to listen in on the conversation. Compare this to an old-style PSTN conversation, where it is easy to attach a wiretap to your phone line.

I worked for the Swedish phone company for a short while back in 1990, repairing phone lines. Even then, we had a device that fit easily in your hand that could pick up phone conversations when touched to one wire of a call. We used it to avoid cutting the wires while somebody was talking. We never used it to listen in on an interesting call. We were working for a state-run public service institution. We never misused the device. Not one of us.

In today’s deregulated world, where phone companies regularly outsource maintenance, it can be hard to recognize legitimate phone company workers. There is a telephony connection box a hundred meters from my office. I often see somebody there, doing something. I have never checked whether or not they are authorized to do whatever they do. Presumably they connect phone lines to new companies in the area around me -- but they could be installing wiretaps. When I was with the Swedish phone company, I only had to show an ID in two places: when installing a phone in a goldsmith’s shop, and when fixing a problem in an office of the phone company itself. Everybody else trusted me just because I was dressed as a telephony company employee.

Tapping the old-style PSTN connections requires you to be physically close to the circuit you want to tap. Tapping a VoIP call can, in theory, be done from anywhere, as long as you manage to take control of a core router. However, doing so is no easy task. And if all the security mechanisms built into SIP are employed, you would still not be able to listen in on the conversation.

SIP’s protections against eavesdropping are based on several standardized building blocks: AES (Advanced Encryption Standard) performs the encryption, and SHA-1 (Secure Hash Algorithm) makes it tamperproof.

SRTP (Secure Realtime Transport Protocol) specifies how the generic algorithms AES and SHA-1 are used to protect RTP streams. The Security Descriptions document specifies how you exchange the keys needed by SRTP. TLS (Transport Layer Security) is used to protect the key exchange.

AES, SHA-1, SRTP, sdescriptions, TLS. Can you trust something that uses so many cryptic abbreviations? The good news is that the core components are used in many cryptographic applications. That means that they are continuously scrutinized by security experts. Any flaw becomes widely known in the technical fora. For instance, it is well-known that SHA-1 isn't quite as good as previously thought, and as a consequence work is underway on providing a replacement.

SRTP and sdescriptions are built so that they are extensible. Once better replacements for AES and SHA-1 are available, they can be easily adopted with minimal effort.

The fact that SIP security is based on open standards also means that vendors are testing their implementations against one another. If a vendor doesn't get the algorithms right, you will hear noise or silence when using that product with a compliant product. This means that any problems that influence what is sent over the wire will be fixed.

The fact that all these standards are created in an open process also helps ensure that they really are secure. Time and time again we have seen cryptos created by a single company or using a closed process being broken: the DVD encryption and the WEP encryption just to mention two famous examples. Public scrutiny is needed to find all the flaws so that they can be fixed.

<-