[VOIPSEC] Why a secure keyechange for media encryption?
tm021090 at fh-stpoelten.ac.at
Fri Apr 28 08:28:45 BST 2006
i'm a student and are working on my diploma thesis (VOIP security with
open standards)at the moment.
i know the question is a little bit provocative.
in my eyes there are the following vulnarabilities / problems for signaling:
- unauthorised use of account
- identity forgery
- session highjacking
- loss of anonymity
and the following vulnarabilities for the media stream:
any additions are welcome :-)
the outcome of this is that the signaling is "the bigger" problem.
in which situations it might be usefull to encrypt and authorize only
the mediastream ? i thing the goal must be a secure signaling. when i
have a secure signaling, why not exchange the key plain over the
any comments are very welcome!
More information about the Voipsec