Signalisation Stream Encryption SIPS Best Practices VoIP-SIP Security

The encryption of signalisation messages will guaranty the confidentiality and integrity of the transmitted data. Attacks that monitor or tamper with these messages are therefore prevented. With SIP, signalisation encryption is accomplished with SIPS (SIP over TLS).
It is however important to note that encrypting the messages will add an overhead that can become quite large if the number of simultaneous calls is important enough.
It is therefore important to test the capacity of a VoIP network to support encryption in order to know it’s limits and to know whether changes must be made to the VoIP infrastructure to be able to support the encryption (typically, servers must be added in order to balance the load).
Signalisation stream encryption should not be used in parallel with S.14 IPSEC (redundant).
About SIPS:
SIPS is based on TLS. The integrity of the data is guarantied through the MACs
(Message Authentication Code), which is based on a MD5 hash (16 bytes) or a SHA-1
hash (20 bytes). The authentication can be configured for:

      -Simple authentication (server authenticates itself to the IP phones)
   
     -  Mutual authentication
   
The authentication procedure is based on the X.509 protocol, and is done in the handshake phase of TLS. It’s also during this phase that the used algorithms (cipher and MAC) are negotiated and that the symmetric key for the data encryption is generated.

Read More:   http://www.vadese.org/files/upload/Best_practices_VoIP_en_v20.pdf

Related post



Newer Post Older Post

0 comments:

Post a Comment

 

Wiki Voip And Fax Tutorials Copyright © 2010 Labloub