The Cone of Silence: Securing Voice

Did you ever watch the old TV show Get Smart? When Maxwell Smart wanted to talk privately with the chief, Max insisted on using the "Cone of Silence," a transparent hood that descended over their heads. Today's IP telephony networks also need a cone of silence, a way to securely transmit conversations. Hacker tools proliferate in the Internet, and some tools can capture voice packets and convert a VoIP conversation to a .WAV file. Fortunately, Cisco introduced multiple security features in CallManager version 4.0, helping to keep private conversations private.

Three primary security goals include:

• Identity

• Integrity

• Privacy

Identity

In the world of security, identity verifies a user's credentials before the user receives permission to perform certain functions. A Cisco IP Phone and Cisco CallManager server can authenticate each other through the use of certificates. A certificate is a digital document containing information about the certificate's holder. But what's to prevent a hacker from creating a false certificate? A trusted third party, called a certificate authority (CA), vouches for the validity of a certificate.

Beginning with the Cisco 7970 IP Phone, Cisco installs certificates in a phone during the phone's manufacturing process. The CCM server uses a certificate created during installation. Phone models introduced prior to the 7970 use Locally Significant Certificates (LSCs), which are installed by the Cisco Certificate Authority Proxy Function (CAPF) software.

Integrity

Integrity confirms that data (or in our case, voice) hasn't been manipulated in transit. To illustrate the concept of integrity, let's say I send you a letter, and we agree that I'll write a number on the outside of the envelope. This number indicates the number of vowels contained in the letter. After you receive the envelope, you read through the letter, count the number of vowels, and compare that number with the number I wrote on the envelope. If the numbers match, you conclude the letter was not intercepted and manipulated in transit. Although IP networks use much more sophisticated methods of ensuring integrity, the concept remains the same.

Cisco IP telephony networks can provide integrity through image authentication (that is, making sure the phone's binary firmware file hasn't been tampered with), file authentication (that is, making sure the phone's configuration file hasn't been tampered with), and signal authentication (that is, making sure call signaling packets haven't been tampered with).

Privacy

Privacy involves encrypting (that is, scrambling) a packet's contents. If a hacker intercepted an encrypted packet, the packet would be of no value to the hacker. Examples of encryption technologies include Triple Data Encryption Standard (3DES) and Advanced Encryption Standard (AES). These encryption technologies involve complex mathematical functions, making a hacker's decryption attempts impractical.

Cisco leverages encryption technologies to encrypt signaling information and, in some cases, the actual voice packets. Signaling encryption scrambles the SCCP messages sent between a Cisco IP Phone and the Cisco CallManager. Examples of SCCP messages include dialed dual tone multifrequency (DTMF) digits and call status information. Encrypting voice packets is called media encryption. Media encryption uses the Secure Real-Time Transport Protocol (SRTP), which uses a form of the previously mentioned AES.