This was a question I asked at the recent VON conference in San Jose, CA. Of course we talk a lot here about VoIP Security, but actually if we take a step back, is VoIP itself any longer a meaningfully separate concept? The thing is that technology moves on, and maybe some people care whether they are connected via cable or ADSL, but pretty much, the average Joe is happy that “broadband†is magic that provides fast Internet. Today there’s still talk about “WiFi†as a distinct technology, but WiMax, LTE and mobile broadband (EVDO, UMTS etc) are on the rise, and within a couple of years, we’re all likely to have forgotten which technology we’re using to connect to the Internet.
So my thesis is that IP is so very intrinsic to the nature of all telecoms today, that it’s probably not even worth using “Vo†any longer. Why should I say that? Well firstly, SS7, the mainstay of today’s international telecoms network, in many cases uses IP to carry the signalling traffic, using the protocol family known as Sigtran. In traditional telecoms, media and signalling has long been split, with SS7 connecting the calls, and a parallel network of E1/T1 links carrying the voice calls. The long established estrangement of media and signalling continues into the NGN world, with signalling now mostly meaning SIP, and the media usually RTP, but there is still a world of choice. When SS7 meets SIP we can often find ISUP (the call control protocol most widely used by telecoms incumbents) being tunnelled using protocols like SIP-I and its twin (in the iron mask) SIP-T. In the “legit†SS7 community we find that BICC (Bearer Independent Call Control) allows us to connect calls in a way familiar to all fans of ISUP, and yet the calls themselves don’t need to be 64k bearer channels any more, but can also be the IP-friendly RTP streams.
This is not a fashion, but simply an evolution. Today, when telcos federate, it is largely using traditional TDM lines, and traditional SS7 protocols. But this is changing: it’s very cheap and convenient to interconnect using Sigtran, and there is much talk about how to connect calls using “codec free†operation: that is, to pipe the audio unchanged from end to end, to optimize audio quality and bandwidth usage. The GSM Association are promoting a system called IPX, which will allow mobile carriers to interconnect using IP, such that not only signalling and media are seamlessly interconnected (via a private intranet), but also settlement data will automatically be exchanged, so that every telco knows what they owe to every other party.
If I may press my point further, in many projects the traditional TDM core is being removed in favour of a big SIP router surrounded by a ring of session border controllers (SBCs). One major factor in these projects is that the customers are still today 80/20 connected via traditional E1/T1 or SS7 networks, which means that part of the magic is a media gateway that knows how to talk both SS7 and SIP. So SIP networks have TDM customers, and your Granny may already be using IP without even knowing it.
So does VoIP exist? When IP is such a fundamental tool in what we know as “legacy” telco networks, perhaps it does not. Consequently does VoIP Security exist? Well as we’ve often discussed here at the VoIPSA blog before, when you start moving voice traffic over your IP network, then you have all the voice system vulnerabilities plus all the IP vulnerabilities that just arrived at your doorstep. Perhaps actually the truth is that nearly all voice is already VoIP, so VoIP security is not just an enterprise concern, but is actually a core issue for every telco on the planet.