Share Email Print
cover

Proceedings Paper

Scalable architecture for VoIP privacy
Author(s): Alexander Medvinsky
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

An access network for Voice over IP (VoIP) clients (e.g. DOCSIS-based HFC network) often provides a privacy service. However, such a privacy service is limited only to that access network. When VoIP packets are carried over an open IP network or over a network with some connections to the Internet, it is desirable to provide an end-to-end privacy service where each VoIP packet is encrypted at the source and decrypted at the terminating endpoint. Clearly, public key encryption cannot be applied to each voice packet; the performance would be unacceptable regardless of the choice of a public key algorithm. The only alternative is for the two VoIP endpoints to negotiate a shared symmetric key. Since VoIP connections are established only for duration of a phone call, the end-to-end key negotiation needs to occur during each call setup. And it should not noticeably delay the call setup phase. In order to provide end-to-end privacy, it is not sufficient to encrypt all messages between the two endpoints. It is important that the two endpoints authenticate each other - validate each other's identity. Without authentication an adversary might trick two VoIP clients to negotiate keys with her and then sit in the middle of their conversation and record each VoIP packet, before forwarding it to the intended destination. However, direct authentication of the two VoIP endpoints is not always possible in telephony networks - in particular when caller ID blocking services are enabled. To support such anonymity services, it may be sufficient to authenticate not the identity of the caller but the fact that it is a valid subscriber and that all subsequent signaling and voice traffic will be coming from the same source. The PacketCable specifications provide an example of a VoIP architecture with end-to-end privacy that meets the above stated criteria. This paper describes the PacketCable end-to-end privacy approach and suggests additional mechanisms that may be used to further strengthen VoIP privacy under the PacketCable architecture.

Paper Details

Date Published: 25 July 2001
PDF: 12 pages
Proc. SPIE 4522, Voice Over IP (VoIP) Technology, (25 July 2001); doi: 10.1117/12.434286
Show Author Affiliations
Alexander Medvinsky, Motorola (United States)


Published in SPIE Proceedings Vol. 4522:
Voice Over IP (VoIP) Technology
Petros Mouchtaris, Editor(s)

© SPIE. Terms of Use
Back to Top