Page Index Toggle Pages: [1] 2 3 ... 10 Send TopicPrint
Very Hot Topic (More than 25 Replies) Encryption: TLS, SRTP & ZRTP (Read 130433 times)
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9234
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Encryption: TLS, SRTP & ZRTP
08. Oct 2010 at 11:19
Print Post  
PhonerLite (and partially Phoner) supports the following encryption methods:

TLS:
  • Encryption of a SIP connection
  • No end-to-end encryption is used. Using any SIP server (provider or PBX) with TLS support, that SIP server can decrypt these SIP messages - it has to do so, else it can't handle/switch that call
  • Usage of certificates

SRTP:
  • Encryption of audio data (speech)
  • Normally the key exchange is done within the SIP connection. Therefore it only makes sense to use SRTP in conjunction TLS, else the keys can be "sniffed"
  • A SIP-to-SIP connection using a SIP server doesn't guarantee an end-to-end encryption, because the server knows the keys.

ZRTP:
  • ZRTP is a protocol using the same communication path as the audio data. The key exchanges is done directly between the two endpoints.
  • An end-to-end encryption is guaranteed, but only between SIP-to-SIP connections
  • ZRTP is a special way to exchange secret keys only. After key exchange a "normal" SRTP encryption is done with that keys.
« Last Edit: 29. Dec 2010 at 07:20 by Phoner Admin »  
Back to top
WWW  
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #1 - 26. Dec 2010 at 08:08
Print Post  
This is great that zrtp is part of phonerlite !
What do you mean by "only when" sip to sip connections ? 

Also, how do you deal with the license. I tried to make calls between two phonerlites on two different machines and it didn't do zrtp. Can you include an indication when call is srtp, tls, zrtp etc ? It is very useful to have it. srtp is working but not zrtp (I selected it to be on on both sides)
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9234
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #2 - 26. Dec 2010 at 09:24
Print Post  
Quote:
What do you mean by "only when" sip to sip connections ?

If you are using a VoIP provider that routes your call to the public telephony network, there is no encryption on that public telephony line.

Quote:
Also, how do you deal with the license.

Where do you see a problem with a license?

Quote:
srtp is working but not zrtp

ZRTP is only the way the keys are exchanged. After key exchange SRTP is used with that keys. So ZRTP is only used with SRTP together.
Put your mouse cursor above the SRTP icon - a tooltip will appear. If that tooltip only tells you "SRTP", the key was exchanged within the SIP messages. If there is "ZRTP: abcde", ZRTP was used for key exchange, "abcde" will be the SAS (Short Authentication String) for that session. Both sides should see the same SAS and can control by telling that string to each other, if there real end-to-end encryption and no man-in-the-middle is "listening".
  
Back to top
WWW  
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #3 - 28. Dec 2010 at 22:28
Print Post  
i think it would be very nice to have a more explicit indication that zrtp is established with saas. 
i am trying to test this with zfone and was unable to. did you test this with zfone on other end ?
  
Back to top
 
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #4 - 28. Dec 2010 at 22:30
Print Post  
i mean explicitly show zrtp established, like some led or color. saas by moving mouse over is alright
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9234
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #5 - 29. Dec 2010 at 07:29
Print Post  
As I said before, ZRTP is only another way to exchange the keys - after that normal SRTP is used for encryption /by using that keys).
So I see no need to use an additional icon, because SRTP is done.

Of course I checked my implementation wit ZFONE - it worked very well! You checked PhonerLite with enabled ZRTP on one PC and ZFONE on another PC? What softphone did you use on that other PC?
  
Back to top
WWW  
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #6 - 29. Dec 2010 at 23:03
Print Post  
I am using xlite. 
Zrtp is another way to exchange keys with SRTP. But I think it is very important one. So an explicit indication is very important so the user knows that it is doing zrtp. Currently its so difficult and unobvious to tell. Please try to understand that if user doesn't know or can't tell whether or not these secure methods are running or not, it reduces the value of the method to some extent also. In zfone if you see, it will show so explicitly and big way. Thank you!
  
Back to top
 
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #7 - 30. Dec 2010 at 00:04
Print Post  
With Xlite, zfone software has some problem itself, I think due to some drivers. 

But I now tried phonerlite on both sides and with srtp, zrtp, savp selected. I move the mouse over to ZRTP and I only see "Media path agreement for unicast secure rtp".
So zrtp is not working. I am using the version 1.84

How to fix this ?
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9234
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #8 - 30. Dec 2010 at 08:20
Print Post  
If you have an encrypted call you should get a new icon near by the dial buttons. Only that icon shows you the tooltip if you are using SRTP with ZRTP based keys.
The only task of Zfone is to encrypt data for other softphones. So it shows that encryption status with big icons. For that application it is OK, but such big icons would not fit in PhonerLite.
  
Back to top
WWW  
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #9 - 02. Jan 2011 at 00:14
Print Post  
ZRTP is NOT WORKING with two phonerlites on either end. SRTP is working fine. This is with version 1.84
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9234
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #10 - 02. Jan 2011 at 11:08
Print Post  
You have enabled ZRTP on both PhonerLite instances? Is there any special device (IP-PBX) in the middle of both?
I have no problems with two PhonerLite in version 1.84! Only a wireshark can help to identify any problem.
Perhaps you should test with ZFone before to test your infrastructure.
  
Back to top
WWW  
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #11 - 02. Jan 2011 at 22:42
Print Post  
Yes I have enabled it. When I put the mouse over it, I dont see any SAS or anything. 
There is a SIP server of course in the path. But that server supports zrtp pass through. srtp is working as I said.

There is a free sip server for windows called freeswitch, you can download it from 
http://files.freeswitch.org/windows_installer/freeswitch-1.0.4.exe
Install it (doesn't create any registry entries) but during installation deselect the sound files. You can try with this with two phonerlites and see. It is not working.
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 9234
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #12 - 03. Jan 2011 at 10:42
Print Post  
I have no problems at all with ZRTP here in any test environment.
You should check of Zfone works properly or if any security application or firewall skips that ZRTP messages.
If you don't want to use Zfone you can use SIP Communicator too.
  
Back to top
WWW  
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #13 - 03. Jan 2011 at 21:50
Print Post  
i tried to use sip communicator. even basic sip was not working properly. did you try it yourself and see ? what was your observations with this ? did you try zrtp too ?
  
Back to top
 
IP Logged
 
botyhc
Junior Member
**
Offline


Phoner is great!

Posts: 95
Joined: 02. May 2010
Re: Encryption: TLS, SRTP & ZRTP
Reply #14 - 03. Jan 2011 at 21:53
Print Post  
what is your test environment ? what server are you using ?
  
Back to top
 
IP Logged
 
Page Index Toggle Pages: [1] 2 3 ... 10
Send TopicPrint