Blog

This is the Blog of the technical experts at GEN and its companies

Voice Encryption

Voice Encryption

Intercepting voice traffic is relatively simple and in most cases involved a simple wire tap at the telephone exchange, to counter such wire taps, advanced voice encryption technology was required which converted your voice into a series of tones that was then transmitted over the telephone network and decoded at the far end, a method which for many years worked flawlessly but for one issue; both parties had to exchange a key before the conversation took place and how did they do that? Well they had to meet up or send it by post or courier. Regardless, analogue voice encryption is still commonplace in the right sort of organisations and works very effectively. 

Then came GSM (or Mobile phones) which initially used packet switching which was digital and existing analogue voice encryption failed to work because of the voice compression employed by the mobile networks. This was swiftly solved by re-working the encryption algorithm to use a smaller subset of tones, which in turn greatly reduced the voice quality over the circuit, which wasn't the best to start with. A few years later with 3G and faster data rates there began to appear voice to data applications which provided a clean method of encryption without needing to interfere with the voice channel. There are several versions of this original protocol mostly based around RSA and could only be used on fairly powerful smartphones due to the encryption overhead, something the Russians avoided with a clever take on the you speak, i speak system whereby a sentence was spoken, recorded, encrypted and then sent to the receiver which decrypted it and played it, the receiver then spoke a reply which was recorded, encrypted and passed back to the caller to be decrypted and played. Whilst taking some time to get used to, this didn't require powerful smartphones and was even harder to crack due to each message having its own key variant. 

Anyway, getting onto the today and a general prevalence of VoIP as a standard used by many businesses across the world. VoIP and more specifically SIP and RTP have now established themselves as a functional standard allowing the multitude of different IP Telephony systems to talk to each other with fairly few issues. The only problem we have is that VoIP is insanely easy to intercept. 

 

The reason for this is that the voice part is sent in the clear, that is, just as compressed voice. Using a commonly available tool at any point on the network path, the voice data can be collected and converted back into speech. Additionally, the signalling protocol SIP, which is responsible for setting up and terminating the calls is also sent in the clear and easily intercepted to keep a log of who calls who, when and for how long. 

Now, if your only calling across the LAN, then its no real risk, and if your calling office to office over a VPN (IPSEC to L2TP) then its also no problem as the traffic will be encrypted whilst travelling between offices, But, if your making VoIP calls to people outside your own network such as customers, suppliers or mobiles, then your calls are wide open. 

I'm pretty such most businesses won't care, as the risk is low and who would want to intercept their phone calls anyway? Well, its never that simple, especially in a digital age where even our own Government wants to start keeping histories of our internet use.

What's the value of a third party knowing who your calling and when? Or, of that same third party being able to listen in to your conversations with suppliers, customers, sales reps, etc? The value is, as always what someone else will pay for it. 

So, can it be secured? Sure it can, but doing so isn't a DIY job and requires some work to implement. Its done in several stages as below...

1. Secure your IP Telephony Solution so it supports end to end encryption of both SIP (Signalling) and RTP (Voice), which is SIPS and SRTP respectively.  

2. Secure your mobile devices with a client that supports encryption. 

3. Secure your SIP Trunk provider (the provider of the phone lines - although they are called trunks nowadays). 

4. Secure your critical customers and suppliers, which may take some persuasion but you will know those who can't or won't and take appropriate measures when speaking to them.

 

I have personally seen a customer of ours install secure IP Phones in key suppliers to ensure the privacy of their conversations, which might seem extreme, but its a cheap and simple option to ensure security is maintained. 

Above is the Counterpath Bria Client which is available on most platforms and fully supports encrypted voice as shown. Internally we use Bria on ALL our mobiles and all are encrypted. Our internal IP phones all clearly show if the conversation is secure or not and our staff are trained to understand the risks when not but when we're the supplier we would be expected to have the systems we're promoting to others :)

 

So, if your interested in securing your VoIP calls then give us a call today or contact us via the web. 

 

 

 

 

 

 

Continue reading
  3482 Hits
  2 Comments
Tags:
Recent Comments
Guest — Brett
Had absolutely no idea it was so easy to intercept voip! Just assumed it was more secure.
Saturday, 28 November 2015 12:29
Guest — Jade Sanderson
Everyone is pushing SIP now like its the new in thing, do you think this is state sponsored so they can more easily monitor phone ... Read More
Tuesday, 04 June 2019 17:08
3482 Hits
2 Comments