Wise business strategies are those which establish strong information protection processes. This is crucial, not only for customers who experience business online interaction, but also for partners and even remote workers. This is because assurance of safety and confidentiality is a very natural need. In turn, investment in information protection is capable of realizing real competitive advantages and more opportunities for revenue.

Information processing in any modern organization mainly consists of two processes:

• Internally data generation, processing, storage, maintenance, etc.
• Interaction with the organization’s external environment: phone, VoIP, chat, email, Web browsing, data transfer, etc.

Both of these processes have to be secured in order to protect information. The first one may use techniques like high memory and processing capacity, disk mirroring, server load balancing, server clustering, database replication, power supply redundancy, etc. In the second process, public networks come into play, mainly fixed and mobile telephony networks, cable networks, and the Internet. The latter is portrayed as being the source of major security threats. The other networks are relatively highly secured.

VoIP opens the organization’s managed IP network to the public Internet. The end result is that VoIP suffers most of the Internet inherent security vulnerabilities. Hence, in most cases, VoIP uses the same information protection techniques as the Internet:

• DoS (Denial of Service) and overload control
• Data encryption

DoS and overload control may be handled by the VoIP gateways and/or developed applications that run on the VoIP servers. Dialexia’s products such as our IP PBX Dial-Office and our softswitch and billing software solution Dial-Gate, embed well proven control mechanisms.  Data encryption techniques, however, are managed by the VoIP underlying protocols. VoIP applications, phones and gateways have to merely support them.   

Dialexia’s products  use SIP (Session Initiation Protocol) because it is the most widely used VoIP protocol. SIP communications use SIP as signaling protocol and RTP as voice protocol. Like in any IP communication, SIP and RTP packets are wrapped in UDP or TCP packets, and the latter in IP packets. In order to secure a SIP communication, encryption could be operated at the SIP level, the TCP level, or at the IP level.  Dialexia’s products support all these configurations.

Let’s explain how it works. Given that Alice is communicating with Bob, through a VoIP call or any other means, data encryption applied to such a communication aims at assuring:

• Authentication: it’s actually Alice who is communicating with Bob and not an intruder user that is pretending she is Alice
• Confidentiality: the communication content is only understandable to Alice and Bob and nobody else. Any intruder that may capture the communication will not be able to understand its content
• Integrity: the content Bob is receiving from Alice is exactly what she sent to him. This means nobody has altered the communication content

SIP Level Encryption
Encryption at this level aims at authenticating the caller. This is done during the very first communication establishment exchanges with the aid of the MD5 algorithm. The latter is based on a shared secret password and the assumption that only the calling user, Alice, and the SIP server know Alice’s password. Successful communication establishment means that the server has successfully authenticated Alice. 

TCP Level Encryption
Encryption is performed here in order to assure the communication confidentiality and integrity. So, in order to hide the information about who is calling who, SIP may encrypt the signaling exchange between the server and both of the caller’s and callee’s phones. For that, SIP changes its name to SIPS (Secure SIP) because it will be conveyed by SSL or TLS protocols instead of UDP or TCP.
Further, in order to encrypt voice itself, a SIP communication may use SRTP (Secure RTP) instead of the RTP protocol. SRTP conveys encrypted packets of voice. The callee’s phone has then to decrypt the voice packets.

IP Level Encryption 
This technique uses the IPsec protocol instead of IP. It is another means to assure confidentiality and integrity. First, the involved nodes (phones, gateways, servers) will exchange secret passwords (encryption keys) and encryption algorithms in order to establish secured communication channels. Once this is done, the IP packets, may they convey signaling or voice,  will be instantly encrypted by the sender and decrypted by the receiver.