[VOIPSEC] Why a secure keyechange for media encryption?

Michael Prochaska tm021090 at fh-stpoelten.ac.at
Fri Apr 28 00:28:45 PDT 2006

i'm a student and are working on my diploma thesis (VOIP security with 
open standards)at the moment.

i know the question is a little bit provocative.

in my eyes there are the following vulnarabilities / problems for signaling:

- unauthorised use of account
- identity forgery
- session highjacking
- loss of anonymity
- replay

and the following vulnarabilities for the media stream:

- replay
- eavesdropping

any additions are welcome :-)

the outcome of this is that the signaling is "the bigger" problem.

in which situations it might be usefull to encrypt and authorize only 
the mediastream ? i thing the goal must be a secure signaling. when i 
have a secure signaling, why not exchange the key plain over the 
signaling channel?

any comments are very welcome!

best regards,

More information about the Voipsec mailing list