4

Checking the data packets from many VoIP applications shows that SIP packets are encrypted with TLS. So the captured session shows no SIP signals at all, just simple TCP and TLS/SSL packets. But surprisingly, RTP packets are well visible, with (dynamic) payload type, SSRC and data. In many cases where RTP is encapsulated with STUN, wireshark can dissect RTP from it. Of course, encrypting signalling packets hides the attacker to see which codec, bit rate is used, but does it protect from RTP packet being decoded, if somebody captured the session ? Applications used for example: LINE and KakaoTalk.

Shasi
  • 41
  • 1
  • 1
  • 3

1 Answers1

2

You are right in the fact that securing SIP communication is not sufficient.

RTP has got SRTP as his secured counterpart, so you may use

  • SIP over TLS to secure the control channel communication,
  • SRTP to encrypt the data channel communication (SRTP will need to rely on another protocol, like ZRTP, to securely exchange the keys/ More information can be found on SRTP Wikipedia page).

Of course you need your software/devices to be compatible with these protocols. Wikipedia also maintains a comparison chart between SIP software including the support of these security protocol.

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
  • So why encrypt SIP, just for the sake of hiding the used codecs and sip username ? – Shasi May 30 '15 at 12:43
  • Because SIP is the control channel, handling all the technical dialogue. If someone listen or tamper with the SIP dialogue, then he actually gains control on the technical aspect of the communication, he could do any nasty thing one could imagine (sniff your SIP account password, impersonate you or your correspondent, alter negociated parameter for instance to remove you SRTP encryption, etc.). You don't want another person to take control of you communication, do you? So you want to secure your control channel, this is as simple as that :). – WhiteWinterWolf May 30 '15 at 16:12