Cryptic Voice

In Episode 30 of SecurityNow! Steve Gibson spoke about possibly writing his own VoIP encryption tool:

I’ve been considering maybe doing a little VoIP encryption tool myself, just because it would be nice to be able to have a conversation. I mean, not that I have anything to hide, but it’s just – it’s creepy thinking that you might be listened in on, and you’d like to know that that’s not happening.

This got me wondering about what kinds of encryption tools are out there for standard VoIP protocols. The two things I immediately turned up were Zfone, a tool by Phil Zimmermann (of PGP fame) for encrypting SIP conversations and RFC3711.

One issue with Zfone is that it currently only supports Mac OS X and Linux systems, but a Windows XP release is scheduled for mid-April. Phil has also published an RFC on the ZRTP SIP encryption he used for Zfone.

RFC3711
deals with securing VoIP voice traffic (RTP) though a new protocol named SRTP.

Look for more activity and controversy surrouding the encryption of VoIP traffic. I would hope to see a single standard for encrypting this traffic be hammered out and then included in hardphones as well. The lack of encryption at the hardphone is going to be a hurdle that muct be cleared before widespread adoption will take place.

Comments are closed.