[guardian-dev] Blog post: VoIP Security Architecture
lee at guardianproject.info
Fri Nov 22 15:23:03 EST 2013
Could you describe in more detail the threat model in question?
Consider that much of the metadata required to establish a SRTP stream
is contained in the payload of the encrypted SIP packets and the RTP
stream. Also consider that the backend to support most VoIP
implementations proxies encrypted traffic and since federated calls
between domains works by default with a properly implemented SIP/RTP
proxy the full network path can be arbitrarily complex.
One detail I left out in the 500 word article is that a call's
endpoints use the SDP protocol to negotiate the media stream metadata.
This includes endpoint IP addresses, codecs, etc. This information is
encrypted within the SIP dialog.
On Fri, Nov 22, 2013 at 5:21 AM, Michael Rogers
<michael at briarproject.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 22/11/13 00:11, Lee Azzarello wrote:
>> Once the endpoints agree on a shared secret, the ZRTP session ends
>> and the SRTP session begins. When established, all audio and video
>> content going over the network is encrypted. Only the two peer
>> endpoints who established a session with ZRTP can decrypt the media
>> stream. This is the part of the conversation that cannot be
>> wiretapped nor can metadata of sessions in progress be spied on.
> Hi Lee,
> Recently 'metadata' has been used a lot to refer to information about
> who's communicating, when they're communicating, and where they are at
> the time. SIP-TLS, ZRTP and SRTP don't conceal the IP addresses of the
> endpoints, which can often be mapped to identities and/or locations,
> so perhaps someone thinking of the recent usage of 'metadata' would
> misunderstand "nor can metadata of sessions in progress be spied on"
> to mean something stronger than it does?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> -----END PGP SIGNATURE-----
More information about the Guardian-dev