Scalable architecture for VoIP privacy

Alexander Medvinsky

doi:10.1117/12.434286

25 July 2001 Scalable architecture for VoIP privacy

Alexander Medvinsky

Proceedings Volume 4522, Voice Over IP (VoIP) Technology; (2001) https://doi.org/10.1117/12.434286
Event: ITCom 2001: International Symposium on the Convergence of IT and Communications, 2001, Denver, CO, United States

Abstract

An access network for Voice over IP (VoIP) clients (e.g. DOCSIS-based HFC network) often provides a privacy service. However, such a privacy service is limited only to that access network. When VoIP packets are carried over an open IP network or over a network with some connections to the Internet, it is desirable to provide an end-to-end privacy service where each VoIP packet is encrypted at the source and decrypted at the terminating endpoint. Clearly, public key encryption cannot be applied to each voice packet; the performance would be unacceptable regardless of the choice of a public key algorithm. The only alternative is for the two VoIP endpoints to negotiate a shared symmetric key. Since VoIP connections are established only for duration of a phone call, the end-to-end key negotiation needs to occur during each call setup. And it should not noticeably delay the call setup phase. In order to provide end-to-end privacy, it is not sufficient to encrypt all messages between the two endpoints. It is important that the two endpoints authenticate each other - validate each other's identity. Without authentication an adversary might trick two VoIP clients to negotiate keys with her and then sit in the middle of their conversation and record each VoIP packet, before forwarding it to the intended destination. However, direct authentication of the two VoIP endpoints is not always possible in telephony networks - in particular when caller ID blocking services are enabled. To support such anonymity services, it may be sufficient to authenticate not the identity of the caller but the fact that it is a valid subscriber and that all subsequent signaling and voice traffic will be coming from the same source. The PacketCable specifications provide an example of a VoIP architecture with end-to-end privacy that meets the above stated criteria. This paper describes the PacketCable end-to-end privacy approach and suggests additional mechanisms that may be used to further strengthen VoIP privacy under the PacketCable architecture.

Citation Download Citation

Alexander Medvinsky "Scalable architecture for VoIP privacy", Proc. SPIE 4522, Voice Over IP (VoIP) Technology, (25 July 2001); https://doi.org/10.1117/12.434286

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
12 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Curium

Computer security

Chemical elements

Network architectures

Symmetric-key encryption

Information operations

Interfaces

Show All Keywords

Keywords/Phrases

Search In:

Publication Years