Security

Security mechanisms are built into the Marshals’ SIP stacks. All security measures taken by the Marshals, to ensure secure communication between all external SIP entities and VOCAL, are the result of using the appropriate SIP stack security mechanisms. Here is a look at some possible security mechanisms.

Pretty Good Privacy

Pretty Good Privacy (PGP, http://www.pgp.com) is an end-to-end mechanism that seemed like a good idea at the time the architects were writing some of the early drafts of the SIP standard, but it was not popular with VoIP developers and has since been deprecated. Part of the reason for the demise of PGP was its requirement that full public key encryption be used for every transaction. This is problematic from the server side because, while processing hundreds of calls per second, it’s difficult to encrypt and decrypt messages fast enough to avoid a traffic bottleneck. If PGP allowed for a session key that was valid for the entire call, this problem might have been avoidable.

IPsec

In terms of encryption for this type of system, Internet Protocol security (IPsec, http://www.ietf.org/html.charters/ipsec-charter.html) is a hop-by-hop mechanism that offers a better solution than PGP. IPsec operates under the SIP layer and permits data transportation over TCP or UDP by setting up a security association between two SIP devices. Once this security association and a set of keys have been set up, IPsec encrypts all traffic associated with the same call to match ...

Get Practical VoIP Using VOCAL now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.