VoIP Encryption

Frank Ohrtman
November 17, 2005
Frank Ohrtman

VoIP Encryption

[b]Now that there’s encryption for VoIP subscriber units, many VoIP security questions are answered[/b]

Many allegations of fear, uncertainty and doubt (FUD) over VoIP security focus on VoIP streams over a public internet where any one could capture those packets, decipher them and eavesdrop on personal and business conversations unlocking personal and corporate secrets.

People used to say that about email. Then Phil Zimmerman brought Pretty Good Privacy (PGP) encryption for email to the market. His new product, Zfone, relies on encryption hash technology to provide a unique three-digit identifier that each caller will receive when initiating a VoIP call. The callers simply start their conversation by sharing these identifiers with each other, which prove there’s no man-in-the-middle attack, and the rest of the conversation is encrypted. Zfone encrypts the call end-to-end by using the Diffie-Hellman key exchange to set up a session key and then the AES (encryption used by the US government) to encrypt the voice packets. Two users can check for a man-in-the-middle attack by comparing an authentication digest without depending on a public key infrastructure (PKI), which is what Skype uses.

In short, it would take an average hacker with an average PC a few million years to crack the Zfone encryption scheme. As VoIP develops as an industry VoIP security will grow as a sub industry. Expect more Zfone-type solutions to come on the market.

Frank Ohrtman has many years experience in VoIP and wireless applications. Mr. Ohrtman learned to perform in-depth research and write succinct analyses during his years as a Navy Intelligence Officer (1981-1991) where he specialized in electronic intelligence and electronic warfare. He is a veteran of U.S. Navy actions in Lebanon (awarded Navy Expeditionary Medal), Grenada, Libya (awarded Joint Service Commendation Medal) and the Gulf War (awarded National Defense Service Medal).

His career in VoIP began with selling VoIP gateway switches for Netrix Corporation to long distance bypass carriers. He went on to promote softswitch solutions for Lucent Technologies (Qwest Account Manager) and Vsys (Western Region Sales Manager). Mr. Ohrtman is the author of Softswitch: Architecture for Voice over IP, a number one bestseller on USTA Bookstore’s bestseller list, Wi-Fi Handbook: Building 802.11b Wireless Networks, and Voice over 802.11. He holds a Master of Science degree in Telecommunications from Colorado University College of Engineering (master’s thesis: “Softswitch As Class 4 Replacement—A Disruptive Technology”), a Master of Arts degree in International Relations from Boston University and a BA, Political Science from University of Iowa. Mr. Ohrtman lives in Denver, CO where he is the president of Softswitch Consulting (http://www.softswitchconsulting.com) 720-839-4063.