[VOIPSEC] What methods of encrypting SIP signaling are out there *other than* TLS encryption?

Gaurav Kheterpal gkheterpal at ismartpanache.com
Fri Aug 17 01:51:55 CDT 2007 

Dan,

You can take a look at minisip (www.minisip.org). It is one of the most
advanced open source UAC in terms of security aspects (including encryption,
authentication etc) for signaling as well as media. 

I believe SIPS over TLS is the de-facto standard for signaling encryption in
SIP world. Then there's DTLS (RFC 4347) which is available as part of
OpenSSL library. There was a proposal to use DTLS ( Secure SIP UDP over
DTLS) in Minisip but I'm not sure whether it ever got implemented.

You might also want to take a look at interesting thesis -
http://www.minisip.org/publications/ErikEliasson_LicentiateThesis.pdf

which suggests an approach to combine S/MIME, SDES & MIKEY to encrypt
signaling, session description & payload.

Regards,
Gaurav


> -----Original Message-----
> From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On
> Behalf Of dan_york at Mitel.com
> Sent: Friday, August 17, 2007 6:38 AM
> To: voipsec at voipsa.org
> Subject: [VOIPSEC] What methods of encrypting SIP signaling are out there
> *other than* TLS encryption?
> 
> VOIPSEC readers,
> 
> Question for the list... someone recently asked me if there were methods
> of encrypting SIP *other than* TLS-encryption (SIPS) in common usage?
> 
> I pondered that for a bit but I couldn't honestly think of any other
> implementations that I have heard about recently (in the open standard
> world - there are of course always proprietary encryption schemes).  I
> recall some people doing some work with S/MIME-encrypted SIP, but I don't
> remember that going anywhere (am I wrong?).  All the vendors, SBCs,
> firewalls, etc. that I could think of use TLS-encrypted SIP as the method
> of securing SIP signaling.  (Well, okay, I do remember hearing of someone
> nailing up an IPSec VPN between the set and the IP-PBX and routing all SIP
> and voice over the IPSec VPN, but for me IPSec seems a wee bit too
> heavyweight.)
> 
> Are there other SIP encryption mechanisms out there that I'm forgetting?
> 
> Note that I am talking about *SIP* signaling encryption and NOT about SRTP
> encryption.  I'm well aware of all of the various SRTP encryption
> mechanisms.
> 
> Thanks,
> Dan
> 
> --
> Dan York, CISSP
> Dir of IP Technology, Office of the CTO
> Mitel       http://www.mitel.com
> dan_york at mitel.com +1-613-592-2122
> PGP key (F7E3C3B4) available for
> secure communication
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list