{"id":5432,"date":"2017-05-26T09:34:11","date_gmt":"2017-05-26T14:34:11","guid":{"rendered":"https:\/\/www.nurango.ca\/?p=5432"},"modified":"2023-02-01T20:28:29","modified_gmt":"2023-02-01T20:28:29","slug":"encrypting-voip-comparing-in-wireshark","status":"publish","type":"post","link":"https:\/\/www.nurango.ca\/blog\/encrypting-voip-comparing-in-wireshark","title":{"rendered":"Encrypting SIP Using TLS & SRTP – A Look With Wireshark"},"content":{"rendered":"

VoIP & Encryption is the result of encapsulating the transmission of the VoIP protocol packets and the accompanying audio packets into some type of encryption method, such as TLS (Transport Layer Security). In our case, we use the most common VoIP protocol \u2013 SIP (Session Initiation Protocol) and the media method – RTP (Real-time Transfer Protocol).<\/span><\/p>\n

(To view the video version of this walk-through, visit https:\/\/youtu.be\/XMjXixv7h28<\/a>)<\/em><\/span><\/p>\n

To be fair, one can be encrypted without the other but essentially renders the other useless or vulnerable beyond what you might deem to be “a good idea”. For example;<\/span><\/p>\n

An admin decides to encrypt the SIP packets but not the audio – A malicious network user can now sniff out the audio packets from all of your conversations and play them back. Just as bad \u2013 the attacker can also capture DTMF (touch tone) sounds over the network and capture credit card and account data.<\/span><\/p>\n

Although they wouldn\u2019t be able to view the details of the phone calls from the packets themselves, what\u2019s the point really?<\/span><\/p>\n

In reverse<\/strong> \u2013 Our admin encrypts the audio packets but not the SIP packets. You might be saying, \u201cwell the conversation is more important isn\u2019t it?\u201d. Although I would tend to agree there is still information the attacker can obtain in order to carry out other types of attacks.<\/span><\/p>\n

These would include;<\/span><\/p>\n

Discovering the IP of the PBX:<\/strong> The PBX could now be targeted for entry or DDoS<\/span><\/p>\n

Discovering the User device IP:<\/strong> Handset could be targeted for DDoS.<\/span>
\n If the IP phone uses POE it might be daisy chained through the users PC and that would also be vulnerable. The IP could also be used for future identification of the user.<\/span><\/p>\n

As the last examples and most important:<\/strong> The phone extension data could be used to spoof calls and the username\/password combo can be sniffed for a complete device hijack!<\/span><\/p>\n

As mentioned above, the common Encryption used for SIP is the TLS protocol (SIP\/TLS). Such is that the encryption has the benefits and limitations of TLS and any security vulnerabilities that may come with it. This is also why it\u2019s important to stay up-to date on TLS issues such as the Heartbleed Bug (https:\/\/xkcd.com\/1354\/<\/a>) , and changing encryption from v1.0\/1.1 to 1.2.<\/span><\/p>\n

For the audio packet encapsulation, we use what\u2019s called DTLS-SRTP (https:\/\/en.wikipedia.org\/wiki\/Datagram_Transport_Layer_Security<\/a>) \u2013 Secure Realtime Transport Protocol (as you may have guessed) which is also based off of the TLS protocol.<\/span><\/p>\n

There is also another project called ZRTP (https:\/\/en.wikipedia.org\/wiki\/ZRTP<\/a>), where the Z comes from \u201cZimmerman\u201d whom created the PGP project as well. Although this method was created in 2006 there isn\u2019t as wide an adoption as SRTP likely due to the lack of endpoints that support it.<\/span><\/p>\n

Let\u2019s look at\u00a0 some packet comparisons from Wireshark<\/span><\/h4>\n
Un-encrypted SIP Call Packet<\/span><\/h5>\n
\"Insecure<\/a>
Insecure SIP Packet. Notice the full call details.
<\/strong><\/span><\/figcaption><\/figure>\n
\"Insecure<\/a>
Un-encrypted SIP Call-Flow<\/strong><\/span><\/figcaption><\/figure>\n
Encrypted Call using SIP\/TLS<\/span><\/h5>\n
\"Secure
Secured Call Full. Notice the absence of the call details.
<\/strong><\/span><\/figcaption><\/figure>\n
\"Secure<\/a>
Secure SIP Call-Flow. Can’t capture the call details.
<\/strong><\/span><\/figcaption><\/figure>\n

Now what about audio (RTP)?<\/span><\/h4>\n
Un-encrypted Audio Capture<\/span><\/h5>\n
\"Un-encrypted<\/a>
Un-encrypted RTP Audio. Fully captured and re-playable.
<\/strong><\/span><\/figcaption><\/figure>\n
Encrypted Audio with SRTP<\/span><\/h5>\n
\"Secure<\/a>
Secure SRTP Packet. Cant decipher the audio.
<\/strong><\/span><\/figcaption><\/figure>\n

Being that SIP\/TLS and SRTP are natively built into most all SIP devices I have seen in the last 10 years, and even ready to go in projects such as asterisk now, there is little to no excuse not to use it. For added security you can also choose a SIP Provider like that offers Encrypted Calling<\/a> as well.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

VoIP & Encryption is the result of encapsulating the transmission of the VoIP protocol packets and the accompanying audio packets into some type of encryption method, such as TLS (Transport Layer Security). In our case, we use the most common VoIP protocol \u2013 SIP (Session Initiation Protocol) and the media method – RTP (Real-time Transfer Protocol). (To view the video version of…<\/p>\n","protected":false},"author":1,"featured_media":5495,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[4],"tags":[14,15,9,16,17],"class_list":["post-5432","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-guides","tag-encrypted-voip","tag-encryption","tag-sip","tag-siptls","tag-srtp"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.nurango.ca\/blog\/wp-json\/wp\/v2\/posts\/5432","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nurango.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nurango.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nurango.ca\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nurango.ca\/blog\/wp-json\/wp\/v2\/comments?post=5432"}],"version-history":[{"count":3,"href":"https:\/\/www.nurango.ca\/blog\/wp-json\/wp\/v2\/posts\/5432\/revisions"}],"predecessor-version":[{"id":10220,"href":"https:\/\/www.nurango.ca\/blog\/wp-json\/wp\/v2\/posts\/5432\/revisions\/10220"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.nurango.ca\/blog\/wp-json\/wp\/v2\/media\/5495"}],"wp:attachment":[{"href":"https:\/\/www.nurango.ca\/blog\/wp-json\/wp\/v2\/media?parent=5432"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nurango.ca\/blog\/wp-json\/wp\/v2\/categories?post=5432"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nurango.ca\/blog\/wp-json\/wp\/v2\/tags?post=5432"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}