O'Reilly logo

Practical VoIP Using VOCAL by Luan Dang, Cullen Jennings, David Kelly

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Security

Security mechanisms are built into the Marshals’ SIP stacks. All security measures taken by the Marshals, to ensure secure communication between all external SIP entities and VOCAL, are the result of using the appropriate SIP stack security mechanisms. Here is a look at some possible security mechanisms.

Pretty Good Privacy

Pretty Good Privacy (PGP, http://www.pgp.com) is an end-to-end mechanism that seemed like a good idea at the time the architects were writing some of the early drafts of the SIP standard, but it was not popular with VoIP developers and has since been deprecated. Part of the reason for the demise of PGP was its requirement that full public key encryption be used for every transaction. This is problematic from the server side because, while processing hundreds of calls per second, it’s difficult to encrypt and decrypt messages fast enough to avoid a traffic bottleneck. If PGP allowed for a session key that was valid for the entire call, this problem might have been avoidable.

IPsec

In terms of encryption for this type of system, Internet Protocol security (IPsec, http://www.ietf.org/html.charters/ipsec-charter.html) is a hop-by-hop mechanism that offers a better solution than PGP. IPsec operates under the SIP layer and permits data transportation over TCP or UDP by setting up a security association between two SIP devices. Once this security association and a set of keys have been set up, IPsec encrypts all traffic associated with the same call to match ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required