Page Index Toggle Pages: 1 ... 4 5 [6] 7 8 ... 10 Send TopicPrint
Very Hot Topic (More than 25 Replies) Encryption: TLS, SRTP & ZRTP (Read 260139 times)
Dukeswharf
YaBB Newbies
*
Offline


Phoner is great!

Posts: 8
Joined: 09. Mar 2011
Re: Encryption: TLS, SRTP & ZRTP
Reply #75 - 13. Mar 2011 at 15:36
Print Post  
Phoner Admin wrote on 13. Mar 2011 at 15:27:
I mean with "application directory" the directory where PhonerLite is installed to - where "PhonerLite.exe" is located.


I have looked in the PhonerLite directory and have not seen any certificate(s)!

Are the certificates only generated when a call is made or is created when PhonerLite is initially installed?
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 11388
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #76 - 13. Mar 2011 at 17:39
Print Post  
PhonerLite uses built-in certificates. But if you want to use your own certificates you can load them with PhonerLite. The above mentioned certificates are from "certificate authorities". You need such certificates to validate other certificates.
You don't need to configure any certificate to use PhonerLite. Only if you want to ensure that special certificates are valid you can configure such stuff.
  
Back to top
WWW  
IP Logged
 
Flashhh
YaBB Newbies
*
Offline


Phoner is great!

Posts: 10
Joined: 26. Aug 2011
Re: Encryption: TLS, SRTP & ZRTP
Reply #77 - 26. Aug 2011 at 04:41
Print Post  
First, let me say something: THANKS!!. PhonerLite is the only soft that I tested that really works using TLS, SRTP & ZRTP. I test a lot of softphones without good results, thanks I found Phonerlite, good work!!. Using Phonerlite I feel secure when I use voip.

My question is about encryption, sorry if they are noob questions but I still cant understand some points:
1) If I use the option of SRTP and ZRTP, "without" TLS... is my comunication encrypted? Could be decrypted in the middle?
2) If I only use ZRTP otion (Without using TLS nor SRTP), my comunication (Voice) is encrypted? Could be decrypted in the middle?
3) When ZRTP is using whe can see the same "ZRTP:xxxx " with the mouse in the icon in both sides, What happen when the xxxx change during comunication? Could change during comunication in one side only?
Thanks in advanced,
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 11388
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #78 - 26. Aug 2011 at 08:22
Print Post  
Quote:
1) If I use the option of SRTP and ZRTP, "without" TLS... is my comunication encrypted? Could be decrypted in the middle?

If you don't use TLS, and someone is wiretap you, he/she can see who you are calling. The options "SRTP" and "ZRTP" only refer to the audio data - that will be encrypted. If only SRTP is used, the key for encryption is exchanged unencrypted, so the wiretapper can decode the encrypted data with that. Only if both parties use ZRTP, that key is exchanged in a secure way.
Let's assume, you are using a VoIP provider - that is your man in the middle. If you are using TLS and SRTP, that provider has all knowledge to decode the audio data too. You have to trust that provider Smiley
Same scenario with that provider and both SIP endpoints support ZRTP. If a ZRTP based key exchanged succeeds, the audio data is encrypted end-to-end - that means your provider has no way to decode the encrypted voice (audio) data.
In theory your provider could support ZRTP too and handles that ZRTP key exchange as man in the middle. You would detect this if you compare that id ("ZRTP:xxxxx - xxxxx is that id). Both parties should tell that id each other. If the id is the same, there is no man-in-the-middle decoding possible.

Quote:
2) If I only use ZRTP otion (Without using TLS nor SRTP), my comunication (Voice) is encrypted? Could be decrypted in the middle?

See above at 1).
ZRTP works independently from TLS. If both parties has that "ZRTP:xxxxx" tooltip for that encryption icon, and that id is the same - there is no way to decode the voice in the middle.

Quote:
3) When ZRTP is using whe can see the same "ZRTP:xxxx " with the mouse in the icon in both sides, What happen when the xxxx change during comunication? Could change during comunication in one side only?

As long as you don't hold the connection or do any other transfer functionality it shouldn't happen. If only at one side the ZRTP-id changes, both parties wouldn't hear each other any more.

Maybe a special sound would be fine if ZRTP is established or destroyed. Any suggestions to that are welcome.
  
Back to top
WWW  
IP Logged
 
Flashhh
YaBB Newbies
*
Offline


Phoner is great!

Posts: 10
Joined: 26. Aug 2011
Re: Encryption: TLS, SRTP & ZRTP
Reply #79 - 28. Aug 2011 at 03:47
Print Post  
Phoner Admin wrote on 26. Aug 2011 at 08:22:
Quote:
3) When ZRTP is using whe can see the same "ZRTP:xxxx " with the mouse in the icon in both sides, What happen when the xxxx change during comunication? Could change during comunication in one side only?

As long as you don't hold the connection or do any other transfer functionality it shouldn't happen. If only at one side the ZRTP-id changes, both parties wouldn't hear each other any more.

Maybe a special sound would be fine if ZRTP is established or destroyed. Any suggestions to that are welcome.


Thanks!, and Thanks again for your answers. You dont know how much I was looking for a voip soft like PhonerLite.
Well, I was making some calls using ZRTP, TLS and SRTP. I saw that after 5 minutes or more the ZRTP code change and my comunication end. 1) Is that normal or the comunication end because bad connection?. 
2) When the ZRTP code change during conversation could indicated that is a man in a middle? or if the code change the comunication end automatically?
3) When ZRTP key exchange occurs where are the keys?? I mean are random keys generated in both sides or take the keys from same place (Phonerlite soft or what)?

Finally a suggestion: When ZRTP occurs, could the xxxx code appear behind the "ZRTP padlock" all the conversation time?, so is more easy and confortable to inform to the other side which is the code and also being checking during conversation if it change.
Also a special and short sound if ZRTP is established or destroyed would be great.

Thanks again in advanced and really great work! Smiley
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 11388
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #80 - 29. Aug 2011 at 10:36
Print Post  
Can you send me the content of the debug window after such call when ZRTP code changes? Please send them per email. Thanks.
If you have suitable sound files for such encryption status changes?
  
Back to top
WWW  
IP Logged
 
Flashhh
YaBB Newbies
*
Offline


Phoner is great!

Posts: 10
Joined: 26. Aug 2011
Re: Encryption: TLS, SRTP & ZRTP
Reply #81 - 01. Sep 2011 at 03:32
Print Post  
Phoner Admin wrote on 29. Aug 2011 at 10:36:
Can you send me the content of the debug window after such call when ZRTP code changes? Please send them per email. Thanks.
If you have suitable sound files for such encryption status changes?

Ok I will send you by PM. I will appreciate if you could answer the question number 3) of my last post?
Thanks in advanced.
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 11388
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #82 - 01. Sep 2011 at 11:18
Print Post  
ZRTP uses Diffie-Hellman key exchange. They keys are generated randomly for each session - no key will be saved.
  
Back to top
WWW  
IP Logged
 
Flashhh
YaBB Newbies
*
Offline


Phoner is great!

Posts: 10
Joined: 26. Aug 2011
Re: Encryption: TLS, SRTP & ZRTP
Reply #83 - 02. Sep 2011 at 15:19
Print Post  
Phoner Admin wrote on 01. Sep 2011 at 11:18:
ZRTP uses Diffie-Hellman key exchange. They keys are generated randomly for each session - no key will be saved.

Thanks for your answer!.
I have been testing security (using TLS, SRTP and ZRTP) between Phonerlite and CSipSimple on Android. I find this:

1) If you use on both voip soft TLS, SRTP and ZRTP, "CAN NOT" establish the comunication (even trying the option SAVP on or off).
2) If you use on both voip soft only TLS and SRTP, "CAN" establish the comunication.
3) If you use on both voip soft only TLS and ZRTP, "CAN NOT" establish the comunication.
4) If you use on both voip soft only ZRTP (under UDP) , "CAN" establish the comunication.
5) If you use only SRTP and ZRTP on both soft ,"CAN NOT" establish the comunication.

So, with this issues, if you want to use Phonerlite in one side and CSipSimple in the other, which comunication you think is more secure?:

1) ZRTP on both under UDP (Without using TLS and SRTP).
2) TLS and SRTP on both (without using ZRTP).

May be number 1) ? Huh

Thanks again in advanced.

PD: I tested using antisip.com.
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 11388
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #84 - 02. Sep 2011 at 18:45
Print Post  
OK, I installed CSipSimple on my Android phone. I can initiate calls to PhonerLite and I can be called by PhonerLite. But I can't find any settings for Security (TLS, SRTP, ZRTP) in CSipSimple...
  
Back to top
WWW  
IP Logged
 
Flashhh
YaBB Newbies
*
Offline


Phoner is great!

Posts: 10
Joined: 26. Aug 2011
Re: Encryption: TLS, SRTP & ZRTP
Reply #85 - 02. Sep 2011 at 20:53
Print Post  
Phoner Admin wrote on 02. Sep 2011 at 18:45:
OK, I installed CSipSimple on my Android phone. I can initiate calls to PhonerLite and I can be called by PhonerLite. But I can't find any settings for Security (TLS, SRTP, ZRTP) in CSipSimple...


You should download the last CSipSimple with security options version (CsipSimple have 2 versions: the "lite version" without security options and the "full" with security options). You probably download the "lite".
This are the official link of the full version with security options:

http://nightlies.csipsimple.com/tls/

And yes, Phonerlite and CSipSimple without any security options enable works like a charm, the problem start when using security. I will be waiting your comments after your tests  Smiley
« Last Edit: 03. Sep 2011 at 08:43 by Flashhh »  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 11388
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #86 - 03. Sep 2011 at 17:08
Print Post  
OK, I installed that version and now I could test with encryption.
As soon as I enable SRTP in CSipSimple that app doesn't answer any ZRTP requests. All ZRTP requests send by CSipSimple use incorrect checksums. I can verify this with Wireshark.
When SRTP is disabled in CSipSimple the checksums are correct. So I assume an error in CSipSimple.
  
Back to top
WWW  
IP Logged
 
Flashhh
YaBB Newbies
*
Offline


Phoner is great!

Posts: 10
Joined: 26. Aug 2011
Re: Encryption: TLS, SRTP & ZRTP
Reply #87 - 03. Sep 2011 at 19:18
Print Post  
Phoner Admin wrote on 03. Sep 2011 at 17:08:
OK, I installed that version and now I could test with encryption.
As soon as I enable SRTP in CSipSimple that app doesn't answer any ZRTP requests. All ZRTP requests send by CSipSimple use incorrect checksums. I can verify this with Wireshark.
When SRTP is disabled in CSipSimple the checksums are correct. So I assume an error in CSipSimple.


So, now you are seeing what I said in other post about voip under Android, there are not good voip soft under android. Also CSipSimple is the best that you can find and is the only that have security options BUT doesnt work well. The only way that work with Phonerlite is, like I said:
- If you use on both voip soft only TLS and SRTP, "CAN" establish the comunication.
- If you use on both voip soft only ZRTP (under UDP) , "CAN" establish the comunication.

So, becasue I need to use VOIP soft under my phone Android, and I dont have another option that use CSipSimple with Phonerlite in the other side, which option is more secure:

1) ZRTP on both under UDP (Without using TLS and SRTP).
2) TLS and SRTP on both (without using ZRTP).

Thanks in advanced and I really think that Phoner and Phonerlite are the best voip software.
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 11388
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Encryption: TLS, SRTP & ZRTP
Reply #88 - 05. Sep 2011 at 11:12
Print Post  
If you fully trust your VoIP provider, TLS+SRTP is secure. But that server in the middle (VoIP provider) has to decrypt TLS to be able to route the call. So that server has access to the SRTP keys and therefore that server is able to decode the voice data (SRTP) too.
If you need end-to-end encryption of the voice data, you have to use ZRTP.
  
Back to top
WWW  
IP Logged
 
Flashhh
YaBB Newbies
*
Offline


Phoner is great!

Posts: 10
Joined: 26. Aug 2011
Re: Encryption: TLS, SRTP & ZRTP
Reply #89 - 05. Sep 2011 at 14:13
Print Post  
Phoner Admin wrote on 05. Sep 2011 at 11:12:
...If you need end-to-end encryption of the voice data, you have to use ZRTP.


Thanks again for your response, I have been reading about ZRTP and SRTP and I have some questions using Phonerite. 
My last questions:
1) What happen in Phonerlite if I use the option ZRTP without the SRTP option enable; When this happen, the conversation is encrypted during all the time or only the key exchange is encrypted and not the conversation?. 
2) If ZRTP always negotiates the keys of SRTP, why in Phonerlite have separately options (SRTP and ZRTP)?, I mean, if ZRTP always use SRTP why are separately options in Phonerlite? Is possible a comunication using ZRTP without SRTP?, is still full voice data encrypted?
3) If ZRTP allways need SRTP, why in Phonerlite if you mark ZRTP option the SRTP option is not mark automatically?
Thanks in advance,
  
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1 ... 4 5 [6] 7 8 ... 10
Send TopicPrint