Secure VoIP Discussion and Tips
Frequently Asked Questions
Is Skype safe for activists?
VoIP is a widely used, simple and inexpensive way to communicate. But how safe is it? The most widely used platform, Skype is advertised as an encrypted end-to-end software that cannot be intercepted. It’s therefore likely that many social activists using it feel more safe while using it than when using, for example, Gchat or SMS. But Skype is owned by a commercial company, so interested software engineers cannot investigate the security of its protocol for them selves without owners' consent. That said, there is no evidence Skype has been cracked, so it's definitely safer than unencrypted Gtalk or SMS.
What is SIP versus VoIP?
VoIP is a general for any voice call that runs over a network. SIP, or Session Initiation Protocol, is the standard by which many VoIP systems use to establish a connection between you, the service and the people you are calling and communicating with. There any many other additional protocols and layers to the entire process, but most of of this is hidden to the user.
Is VoIP on a mobile more secure than a regular call?
Yes, it can be, if you use an app that offers encryption. Mostly it moves the risk from the mobile operator network to the VoIP service provider network, so it comes down to who you trust more. In some locations, the mobile operators will block VoIP traffic, if they can detect it. (Skype is encrypted.)
See RedPhone and CSipSimple for Android below.
Can people see that I am using VoIP?
Generally, yes, especially with applications like Skype that have a unique protocol. In addition, for insecure VoIP applications that use standard SIP/UDP packet protocols, it is VERY easy to detect, capture or block your VoIP traffic.
If you are worried about detection, it is best to use a SIP service which offers Transport Layer Security (TLS), which is like HTTP/S but for voice. This can somewhat obscure the fact that you are using VoIP on the network. (Anyone doing traffic analysis on the network is anyway going to be able to see you're doing something and conclude, based on the volume of the traffic, that voice is being used.)
How can I make VoIP secure?
While there are good options for encrypting voice calls, it is difficult (when using any peer-to-peer product--i.e. just about all VoIP products) to protect your identity, or who you are communicating with.
- TLS (Transport Layer Security)/SIP-S (SIP Secure) = obscures the protocol layer, making it difficult to detect or block VoIP on the network
- SRTP (Secure Real-time Transport Protocol): encrypts your voice from you to the server, but anyone running the server can intercept (see )
- ZRTP (Zimmerman Real-time Transport Protocol): like "Off the Record", but for voice - it uses public key cryptography to achieve true end-to-end verifiable encryption (see  and )
The best solution would be to ZRTP with TLS, which provides verifiable, end-to-end encryption, obfuscation of the protocol itself from network sniffers, and defense against man-in-the-middle and other eavesdropping techniques.
I disagree. The best solution is just ZRTP. TLS adds more usability problems than it adds security. --Zooko Wilcox-O'Hearn
Checklist for Concerned At-Risk Users
Step 1. Understanding who might be monitoring you / spying on you
Whether or not you are safe on Skype, or any other platform delivering services over the internet, depends on who you want to be safe from. Skype's End User License Agreement does not give a garantuee for the end user that he/she has control over the data handed out to Skype to subscribe for the service. An internet service-provider can exchange collected data to anyone, when this is not strictly forbidden in an agreement.
Further, a state can have rulings, laws, by which the use of a VoIP service like Skype is forbidden for the citzens of that State. Juridically, the service-provider than has to follow orders of the State who has juridiction over the company. (Q: Are examples known of service-providers that refused to follow orders?)
Step 2. Targeted malware
Robert Guerra of Netfreedom points out at targeted malware that threatens safety. An example is described in the Skype section. A not for profit project has been started in May 2011 to develop in a secure chat / voice VoIP application in crowdsourcing.
Note that malware resident on an endpoint (i.e. your computer) renders unsafe all data on that endpoint, i.e. the insecurity is not specific to one program (Skype, ZRTP, etc.). Most activists' main cybersecurity weakness is their endpoint: HDD encryption, patch management, antivirus.
Elham Gheytanchi wrote this article about hacker-attacks on activists in Iran.
Step 3. Skype safety may be contingent on location
If you use the joint-venture version of Skype distributed by the Hong Kong-based company, Tom, the chat function has cybersurveillance and cyberinsecurity built in: Report Nart Villeneuve 2008 'Breaching Trust: An analysis of surveillance and security practices on China's TOM-Skype platform'. If you use Skype, be sure you don't use TOM-Skype.
Step 4. It’s also your behavior. Be careful who you’re chatting with.
Just because you recognize the name of someone who contacts you doesnt mean they are that person. Usernames have to be unique, but “Full names” do not. So anyone could create an account with the name of your best friend and take advantage of the trust that this affords them. As Nathan Freitas, founder of the Guardian Project, writes:
"Anyone can impersonate you, contact your friends via chat, gain their full trust, and very quickly send an infected file transfer to them or ask them any question they'd like."
This is not theoretical - it has happened countless times within Tibetan activist groups, who rely upon IM and VoIP pretty heavily. (Again, note that this weakness is not specific to any particular program.)
Secure digital organizing is about more than the tool itself - your behavior, such as triple checking that the person you are talking to isn’t an impersonator, or using different passwords for separate platforms - is just as important.
Step 5. Chat function not as secure as OTR.
You can add an additional layer of security on top of any IM network (ICQ, AIM, Y!, MS M, Skype, Gtalk) with OTR on top of a universal IM client such as Pidgin or Adium.
Step 6. If you want to, use an open-source option which (unlike Skype) can be security-audited.
- Whisper Systems
- GNU Telephony 
- #SIP + #ZRTP
- Red Phone for Android
- Text Secure (http://www.androidzoom.com/android_applications/text+secure)
Hands on guide on o.t.r. and pidgin Only Skype and Gizmo offer encryption for voice conversations, and then only if you are calling another VoIP user, as opposed to a mobile or landline telephone. In addition, because neither application is open-source, independent experts have been unable to test them fully and ensure that they are secure.
From another source: Flossmanuals
A few engaged Twitterers from May 2011 on are setting up a crowdsourcing project aiming to develop a secure VoIP client. If you type #secVoIP in the search field of Twitter, you will find tweets in the discussion.
Skype (Multi-platform, Proprietary & Closed)
Skype is a very well-known voice application. Skype uses encryption for the whole path of the voice communication. Although the encryption seems to be resonably good1 , Skype is not open about the technology they use for this. It seems to be safe for most countries and is in any case safer then using normal phone communication. Because of the popularity of Skype and the fact mobile phone operators are loosing call-minutes, unfortunately some operators try to block the use of Skype. Depending on the phone you use, Skype might consume a lot of battery power. Keep this in mind when using Skype and are low on energy.
Gordon Madden reports May 2011 in his blog a vulnerability in the Mac Skype client. This means, when you run Skype on a Mac computer, your computer could be entered from a third-party without your knowledge or consent. This vulnerability has been fixed; keep your software up-to-date with the latest versions and patches.
RedPhone (Android, Not Freely Licensed)
RedPhone is an application available only on the Android platform. It establishes a voice connection by a mediation through the RedPhone vendor's servers, so they are able to log every call you make with the RedPhone software. RedPhone is very convenient to install on Android Phones. It's available from the Android Market. After installing, it will use your normal phone contacts. It also has the ability to upgrade a phone call to an encrypted one while calling. The main advantage of RedPhone over Skype is the way how it's integrated in your normal phone behaviour and the way it sets up communication. It does not use a lot of battery power in standby. A big disadvantage is it's sound quality, which is not very good, another big disadvantages that really limits its use is that the software is only available for android.
RedPhone needs a data-connection (WiFi or 3G) to operate.
While RedPhone is not open-source, WhisperSystems makes the source code available for review and auditing.
Jitsi (aka SIPCommunicator - multi-platform, open-source, interoperable)
Secure video calls, conferencing, chat, desktop sharing, file transfer, support for your favorite OS, and IM network. All this, and more, in Jitsi - the most complete and advanced open source communicator. Really See your friends with Jitsi and its high quality SIP and XMPP video calls!
Jitsi can encrypt your calls using the innovative ZRTP. Do you see the padlock? Once you verify that the SAS (4 letter code) matches the other end, you can safely tell your secrets! After verifying the SAS, clicking on the padlock (a check mark appears) will make Jitsi remember that you verified the session, and you will not have to repeat the SAS verification every call.
CSipSimple (Android, open-source, interoperable)
This project will allow native sip for android device. It relies on the pjsip sip stack and use the pjsip-jni project. The use of this native library will ensure a better speed, call quality and less battery consumption than equivalent pure java projects. Another point is that this project will be compatible with most of SIP registrar and take advantage of the active development of the pjsip C stack.
Supports SRTP, TLS, and ZRTP.
VoIP/SIP Servers and Services
Deploying and running your own software phone system is becoming almost as easy as running a website. Free software options with robust security capabilities are now available, and can be hosted on cloud-based service provides, or even run from a Linksys Wifi router. Using secure, free software end-to-end is the only completely trustworthy way to secure VoIP.
FreeSWITCH is a scalable open source cross-platform telephony platform designed to route and interconnect popular communication protocols using audio, video, text or any other form of media. It was created in 2006 to fill the void left by proprietary commercial solutions. FreeSWITCH also provides a stable telephony platform on which many telephony applications can be developed using a wide range of free tools. FreeSWITCH supports many advanced SIP features such as presence/BLF/SLA as well as TCP TLS and sRTP. It also can be used as a transparent proxy with and without media in the path to act as a SBC (session border controller) and proxy T.38 and other end to end protocols. If you are not using VPN or on a local intranet with the FS server make sure to use SIP_TLS as all sip traffic and authentication is in the clear otherwise.
Notes and references
- Skype: A Practical Security Analysis
- Skype unconvered : Security Study of Skype
- Security in Skype
- Guardian Project: How to Setup a Private Mobile Phone System
VoIP / VVoIP / UC Security Blog Found on the web, not yet proved. Can a tecchie pl proof it?