[VOIPSEC] Seven Myths about Voice over IP
Ronaldo Vasconcellos
ronaldo at cais.rnp.br
Tue Dec 20 07:28:13 CST 2005
Just for record... don´t know why it came to my attention 9 months late
:-)
Regards,
--
Ronaldo C Vasconcellos
CAIS/RNP
Security Incidents Response Center
Brazilian Research and Academic Network
http://www.rnp.br/en/cais
---
Seven Myths about Voice over IP
http://spectrum.ieee.org/print/2538
By Steven Cherry, IEEE Spectrum Mar 2005 Issue
[...]
VOIP Isn't Secure.
To the extent that VoIP is just another data application, it has no
inherent protection against eavesdropping, but in practice VoIP is even
more secure than old-style telephony. That wasn't always the case. "Going
over an IP network, you could potentially intercept packets," says Su. "It
was always possible to tap a phone call, but you had to tap into a
physical line."
VoIP, on the other hand, is in cyberspace, in principle accessible from
anywhere. But while that was true at one time, Su says, nowadays all IP
telephony equipment, from the cheapest to the most expensive, uses
encryption schemes that make it probabilistically impossible to listen in
on an Internet phone call.
The typical encryption system uses public-key cryptography. Skype, for
example, uses a method called the Advanced Encryption Standard, with
encryption keys that are 256 bits long. Users log into the Skype
application on their personal computer and are then recognized by a Skype
server across the network. The server gives each party in a phone call a
key to decrypt the packets sent by the other. The exchange of data between
the end users and the Skype server is itself encrypted.
More information about the Voipsec
mailing list