Translator Disclaimer
25 July 2001 Scalable architecture for VoIP privacy
Author Affiliations +
Proceedings Volume 4522, Voice Over IP (VoIP) Technology; (2001)
Event: ITCom 2001: International Symposium on the Convergence of IT and Communications, 2001, Denver, CO, United States
An access network for Voice over IP (VoIP) clients (e.g. DOCSIS-based HFC network) often provides a privacy service. However, such a privacy service is limited only to that access network. When VoIP packets are carried over an open IP network or over a network with some connections to the Internet, it is desirable to provide an end-to-end privacy service where each VoIP packet is encrypted at the source and decrypted at the terminating endpoint. Clearly, public key encryption cannot be applied to each voice packet; the performance would be unacceptable regardless of the choice of a public key algorithm. The only alternative is for the two VoIP endpoints to negotiate a shared symmetric key. Since VoIP connections are established only for duration of a phone call, the end-to-end key negotiation needs to occur during each call setup. And it should not noticeably delay the call setup phase. In order to provide end-to-end privacy, it is not sufficient to encrypt all messages between the two endpoints. It is important that the two endpoints authenticate each other - validate each other's identity. Without authentication an adversary might trick two VoIP clients to negotiate keys with her and then sit in the middle of their conversation and record each VoIP packet, before forwarding it to the intended destination. However, direct authentication of the two VoIP endpoints is not always possible in telephony networks - in particular when caller ID blocking services are enabled. To support such anonymity services, it may be sufficient to authenticate not the identity of the caller but the fact that it is a valid subscriber and that all subsequent signaling and voice traffic will be coming from the same source. The PacketCable specifications provide an example of a VoIP architecture with end-to-end privacy that meets the above stated criteria. This paper describes the PacketCable end-to-end privacy approach and suggests additional mechanisms that may be used to further strengthen VoIP privacy under the PacketCable architecture.
© (2001) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Alexander Medvinsky "Scalable architecture for VoIP privacy", Proc. SPIE 4522, Voice Over IP (VoIP) Technology, (25 July 2001);


The study of wlan security and its solution
Proceedings of SPIE (February 20 2006)
Onboard connectivity network for command-and-control aircraft
Proceedings of SPIE (February 09 1993)
Research of UMTS core network firewall base on IXP1200
Proceedings of SPIE (February 20 2006)
Internet-based secure virtual networks
Proceedings of SPIE (September 16 1998)
Making MANET secured against malicious attack
Proceedings of SPIE (January 12 2012)
Key distribution for a MLS network architecture
Proceedings of SPIE (November 17 2000)

Back to Top