Practical VoIP Security
Written for the thousands of IT professionals who are now responsible for deploying and maintaining secure VoIP networks, this book covers evaluation, design, integration, and management of VoIP networking components.
TABLE OF CONTENTS Practical VoIP Security
Chapter 14: IETF Encryption Solutions for VoIP
Introduction
There are two competing breeds of VoIP signaling protocols, H.323 from the ITU and SIP from the IETF. Accordingly, there are also two groups of VoIP security protocols accompanying each of them. One for H.323 is a group of protocols named H.235.x and the other for SIP is TLS, S/MIME, and SRTP. They are not completely exclusive to each other. Some components are overlapped, such as X.509 digital certificate, TLS secured transport, and SRTP encryption. In this chapter, we will put our main focus on protocol suites for SIP from the IETF, and then a brief introduction to ITU suites (H.235 group); pointers to individual components are presented for the investigative reader.
| Note | In addition to the IETF standards discussed in this chapter, there are ITU standards for implementation of these and other encryption and authentication standards within the H.323 family of protocols. The suite of H.323-related security standards is known as the H.235 hierarchy and is discussed in more detail within Chapter 5. |
Suites from the IETF
Realizing the security issues present in VoIP, the IETF picked up three landmark security protocols in the SIP standard Transport Layer Security (TLS), Secure/Multipurpose Internet Mail Extensions (S/MIME), and Secure Real-Time Transfer Protocol (SRTP) to be used for securing SIP service. The basic approach consisted of adding a security layer below the existing VoIP protocol rather than crafting a new security protocol. The layered architecture is shown in Figure 14.1. The advantage of this approach is that existing protocol implementation can be reused...
Copyright Syngress Publishing, Inc. 2006 under license agreement with Books24x7
