Recent Changes - Search:

Resources


IP PBX Systems


Telephony Switch


Phones


Access Gateway
Signaling Converter


Lawful Interception Recorder


Others


Discontinued Products


Main Domains


In Social Media


About Us
Contact Details





.

Telesis_VoIP_Protocols_Offering_AES_256_Media_Encryption

The following VoIP protocols support media (voice) encryption in Telesis systems.

H.323 and AES 256 Media Encryption

While voice bridging distant offices over the IP with H.323 protocol, security of a VoIP call is guaranteed with the encryption of voice according to 256 bit AES (AES-256). The following paragraphs demonstrate algorithms applied for site-to-site communication in brief, such that:

  • Two Telesis systems in each site
  • Both systems are provided with necessary licenses for the VoIP media security and their parameters are set accordingly.

Secure Gatekeeper Registration

Two Telesis systems share an account name and a secret, which is the password. One system as an H.323 endpoint registers to the gatekeeper of the other with the shared account name and the password. For the registration, H.225 RAS messages are exchanged between the two Telesis systems according to the H.235 Baseline Security Profile with or Baseline Security Profile without integrity check.

Key Exchange and Encrypting the Media

For encrypting the media, 256-bit Advanced Encryption Standard (AES-256) is used. AES-256 specifies a cryptographic algorithm using a symmetrical block cipher that can process data blocks of 128 bits with 256bit chipher (crypto) key which is agreed by Diffie-Hellman procedure. Audio samples are collected from the codec, they are encrypted, and inserted into the RTP payloads. When the receiving side gets RTP payloads, the decrypting occurs.

A secure contact would be by generating and exchanging shared Diffie-Hellman half-keys. Diffie-Hellman master key for the AES-256 encryption is generated from the combination of the two shared half keys exchanged by two Telesis systems involved in a call.

Summary

Security of VoIP communication between two Telesis systems is ensured with:

  • A sufficiently long password
  • Baseline Security Profile for RAS messaging for H.323 endpoint-to-gatekeeper registration
  • Baseline Security Profile for Call Signaling for secure Diffie-Hellman key exchange.
  • Exchange of HMAC-SHA1-96 hashed Diffie-Hellman half keys
  • Cipher AES-256

xSIP and AES 256 Media Encryption

xSIP (eXtended SIP) protocol has been developed by Telesis. The main purpose of its development is to make some value-added services in Telesis systems to be applicable for VoIP calls too.

Beyond the comfort and availability of value-added services, xSIP also allows secure communication with utilizing AES-256 media encryption. While voice bridging distant offices over the xSIP, security of a VoIP call is provided by:

  • A Telesis system (where xSIP IP Telephones or XPhone Softphones register) with the necessary encryption license
  • Appropriate firmware (free) installed in the Telesis System
  • Appropriate firmware (free) installed in xSIP IP Telephones
  • Appropriate version of XPhone Softphones (PC, Pocket PC, or Smartphone Edition)

Security of VoIP communication between an xSIP IP Telephone Set (or XPhone Softphone) and a Telesis IP Telephony System is ensured with:

  • Telesis developed protocol: xSIP
  • Proprietary VoIP codecs
  • Intelligent algorithms for authentication
  • Exchange of Diffie-Hellman half keys
  • Cipher AES-256
Print - Recent Changes - Search
Page last modified on January 10, 2012, at 03:23 AM EST
Subject to change without any notice. All rights reserved 2010 - Telesis A.S.
Iskitler Cad. No.68 Ankara, TURKEY. Tel: +90 312 3840540 Fax: +90 312 3840549 http://www.telesis-pbx.com