Providing true end-to-end security in converged voice over IP infrastructures

Abstract

Voice over Internet Protocol (VoIP) is the future for voice communication and, by using a unique IP infrastructure as the common transport platform, it brings invaluable benefits such as deployment cost reduction, ease of management, ubiquitous coverage and convergence of data and voice together. On the other side, VoIP introduces new security vulnerabilities, since it comes with completely different operational and security settings than the old telephone network: the physical location of clients is not fixed and great flexibility is required to provide enhanced mobile services. Furthermore, the integration with wireless LANs, with their inherent security weaknesses, introduces the need of new security features: the payloads of voice packets should be protected during conversations and no-replay as well as user authentication must be ensured on and end-to-end basis. The above concerns are actually the major barrier that may prevent the wide deployment of VoIP technologies, and coping with them is a truly challenging task. Consequently, we developed a novel hybrid framework for enhanced end-to-end security in the new generation SIP-empowered VoIP environments, based on the introduction of proven technologies such as digital signatures and efficient streamline encryption to enforce calling party identification, privacy, no-replay and non-repudiation throughout the whole IP Telephony system. All the security mechanisms used have been carefully chosen so that no systematic method is known to break the framework in realistic times and the overall voice quality will not be affected.