Secure VoIP Discussion and Tips
From ICTD Asia Wiki
Frequently Asked Questions
Is Skype safe for activists?
VoIP is a widely used, simple and inexpensive way to communicate. But how safe is it? The most widely used platform, Skype is advertised as an encrypted end-to-end software that cannot be intercepted. It’s therefore likely that many social activists using it feel more safe while using it than when using, for example, Gchat or SMS. But Skype is owned by a commercial company, so interested software engineers cannot investigate the security of its protocol for them selves without owners' consent.
What is SIP versus VoIP?
VoIP is a general for any voice call that runs over a network. SIP, or Session Initiation Protocol, is the standard by which many VoIP systems use to establish a connection between you, the service and the people you are calling and communicating with. There any many other additional protocols and layers to the entire process, but most of of this is hidden to the user.
Is VoIP on a mobile more secure than a regular call?
Yes, it can be, if you use an app that offers encryption. Mostly it moves the risk from the mobile operator network to the VoIP service provider network, so it comes down to who you trust more. In some locations, the mobile operators will block VoIP traffic, if they can detect it.
See RedPhone and CSipSimple for Android below.
Can people see that I am using VoIP?
Generally, yes, especially with applications like Skype that have a unique protocol. In addition, for insecure VoIP applications that use standard SIP/UDP packet protocols, it is VERY easy to detect, capture or block your VoIP traffic.
If you are worried about detection, it is best to use a SIP service which offers Transport Layer Security (TLS), which is like HTTP/S but for voice. This can somewhat hide the fact that you are using VoIP on the network.
How can I make VoIP secure?
While there are good options for encrypting voice calls, it is difficult to protect your identity, or who you are communicating with.
- TLS (Transport Layer Security)/SIP-S (SIP Secure) = obscures the protocol layer, making it difficult to detect or block VoIP on the network
- SRTP (Secure Real-time Transport Protocol): encrypts your voice from you to the server, but anyone running the server can intercept (see [1])
- ZRTP (Zimmerman Real-time Transport Protocol): like "Off the Record", but for voice - it uses public key cryptography to achieve true end-to-end verifiable encryption (see [2] and [3])
The best solution would be to ZRTP with TLS, which provides verifiable, end-to-end encryption, obfuscation of the protocol itself from network sniffers, and defense against man-in-the-middle and other eavesdropping techniques.
I disagree. The best solution is just ZRTP. TLS adds more usability problems than it adds security. --Zooko Wilcox-O'Hearn
Checklist for Concerned At-Risk Users
Step 1. Understanding who might be monitoring you / spying on you
Whether or not you are safe on Skype, or any other platform delivering services over the internet, depends on who you want to be safe from. Skype's End User License Agreement does not give a garantuee for the end user that he/she has control over the data handed out to Skype to subscribe for the service. An internet service-provider can exchange collected data to anyone, when this is not strictly forbidden in an agreement.
Further, a state can have rulings, laws, by which the use of a VoIP service like Skype is forbidden for the citzens of that State. Juridically, the service-provider than has to follow orders of the State who has juridiction over the company. (Q: Are examples known of service-providers that refused to follow orders?)
Step 2. Targeted malware
Robert Guerra of Netfreedom points out at targeted malware that threatens safety. An example is described in the Skype section. A not for profit project has been started in May 2011 to develop in a secure chat / voice VoIP application in crowdsourcing.
Elham Gheytanchi wrote this article about hacker-attacks on activists in Iran.
Step 3. Skype safety may be contingent on location
Rebecca MacKinnon notes that if you're in China and use the joint-venture version of Skype distributed by the Hong Kong-based company, Tom, the chat function is definitely not secure: Report Nart Villeneuve 2008 'Breaching Trust: An analysis of surveillance and security practices on China's TOM-Skype platform'. Where else might it be the case that the version available in your region will have a different set of security issues than in a given other region?
Step 4. It’s also your behavior. Be careful who you’re chatting with.
Just because you recognize the name of someone who contacts you doesnt mean they are that person. Usernames have to be unique, but “Full names” do not. So anyone could create an account with the name of your best friend and take advantage of the trust that this affords them. As Nathan Freitas, founder of the Guardian Project, writes:
"Anyone can impersonate you, contact your friends via chat, gain their full trust, and very quickly send an infected file transfer to them or ask them any question they'd like."
This is not theoretical - it has happened countless times within Tibetan activist groups, who rely upon Skype pretty heavily (unfortunately).
Secure digital organizing is about more than the tool itself - your behavior, such as triple checking that the person you are talking to isn’t an impersonator, or using different passwords for separate platforms - is just as important.
Step 5. Chat function not as secure as OTR.
You can modify Skype chats with added security capabilities such as in-stream encryption. You can do this with Pidgin or Adium using OTR, but need an additional Skype addon.
Step 6. If you can, use an option known to be more secure.
For example:
- Whisper Systems
- ZFone
- GNU Telephony [4]
- #SIP + #ZRTP
- #Ekiga
- Red Phone for Android
- Text Secure (http://www.androidzoom.com/android_applications/text+secure)
Hands on guide on o.t.r. and pidgin Only Skype and Gizmo offer encryption for voice conversations, and then only if you are calling another VoIP user, as opposed to a mobile or landline telephone. In addition, because neither application is open-source, independent experts have been unable to test them fully and ensure that they are secure.
From another source: Flossmanuals
A few engaged Twitterers from May 2011 on are setting up a crowdsourcing project aiming to develop a secure VoIP client. If you type #secVoIP in the search field of Twitter, you will find tweets in the discussion.
VoIP Applications
Skype (Multi-platform, Proprietary & Closed)
Skype is a very well-known voice application. Skype uses encryption for the whole path of the voice communication. Although the encryption seems to be resonably good1 , Skype is not open about the technology they use for this. It's unknown if (some) governments have access to it or not. It seems to be safe for most countries and at least safer then using normal phone communication. Because of the popularity of Skype and the fact mobile phone operators are loosing call-minutes, unfortunately some operators are blocking the use of Skype. Depending on the phone you use, Skype might consume a lot of battery power. Keep this in mind when using Skype and are low on energy.
Gordon Madden reports May 2011 in his blog a vulnerability in the Mac Skype client. This means, when you run Skype on a Mac computer, your computer could be entered from a third-party without your knowledge or consent.
RedPhone (Android, Not Freely Licensed)
RedPhone is an application available only on the Android platform. It establishes a voice connection by a mediation through the RedPhone vendor's servers, so they are able to log every call you make with the RedPhone software. RedPhone is very convenient to install on Android Phones. It's available from the Android Market. After installing, it will use your normal phone contacts. It also has the ability to upgrade a phone call to an encrypted one while calling. The main advantage of RedPhone over Skype is the way how it's integrated in your normal phone behaviour and the way it sets up communication. It does not use a lot of battery power in standby. A big disadvantage is it's sound quality, which is not very good, another big disadvantages that really limits its use is that the software is only available for android.
RedPhone needs a data-connection (WiFi or 3G) to operate.
While RedPhone is not open-source, WhisperSystems makes the source code available for review and auditing.
Jitsi (aka SIPCommunicator - multi-platform, open-source, interoperable)
Secure video calls, conferencing, chat, desktop sharing, file transfer, support for your favorite OS, and IM network. All this, and more, in Jitsi - the most complete and advanced open source communicator. Really See your friends with Jitsi and its high quality SIP and XMPP video calls!
Jitsi can encrypt your calls using the innovative ZRTP. Do you see the padlock? Once you verify that the SAS (4 letter code) matches the other end, you can safely tell your secrets! After verifying the SAS, clicking on the padlock (a check mark appears) will make Jitsi remember that you verified the session, and you will not have to repeat the SAS verification every call.
CSipSimple (Android, open-source, interoperable)
This project will allow native sip for android device. It relies on the pjsip sip stack and use the pjsip-jni project. The use of this native library will ensure a better speed, call quality and less battery consumption than equivalent pure java projects. Another point is that this project will be compatible with most of SIP registrar and take advantage of the active development of the pjsip C stack.
Supports SRTP, TLS, and ZRTP.
http://code.google.com/p/csipsimple/
VoIP/SIP Servers and Services
Deploying and running your own software phone system is becoming almost as easy as running a website. Free software options with robust security capabilities are now available, and can be hosted on cloud-based service provides, or even run from a Linksys Wifi router. Using secure, free software end-to-end is the only completely trustworthy way to secure VoIP.
FreeSWITCH
FreeSWITCH is a scalable open source cross-platform telephony platform designed to route and interconnect popular communication protocols using audio, video, text or any other form of media. It was created in 2006 to fill the void left by proprietary commercial solutions. FreeSWITCH also provides a stable telephony platform on which many telephony applications can be developed using a wide range of free tools. FreeSWITCH supports many advanced SIP features such as presence/BLF/SLA as well as TCP TLS and sRTP. It also can be used as a transparent proxy with and without media in the path to act as a SBC (session border controller) and proxy T.38 and other end to end protocols. If you are not using VPN or on a local intranet with the FS server make sure to use SIP_TLS as all sip traffic and authentication is in the clear otherwise.
Notes and references
- Skype: A Practical Security Analysis
- Skype unconvered : Security Study of Skype
- Security in Skype
- Guardian Project: How to Setup a Private Mobile Phone System
External Links
VoIP / VVoIP / UC Security Blog Found on the web, not yet proved. Can a tecchie pl proof it?
