Voice over Internet Protocol (VoIP)

Communication is paramount to life as human beings. Many of the most important inventions in the past 300 years have tackled how we communicate. The first telephone, created by a man you have most likely heard of – Alexander Graham Bell in 1876 – changed the way the world worked by cramming voices into a wire. Sir Tim Berners-Lee, inventor of the internet, uncorked the world wide web in March 1989. There is no need to discuss how often you use or how important these services are to both business and residential consumers alike. In fact, over 70% of readers (that’s you) are probably using both a smartphone and the Internet to read this article.

Voice over Internet Protocol (VoIP) is the synthesis of these two great communication ideas. In 2018, it is likely that you have heard the term and have probably used the technology in one way or another (perhaps without knowing it). Real time communication (RTC) over the internet has been made easier, safer, and expanded to deliver many benefits for businesses and residential consumers alike.

The major difference between traditional digital telephony and VoIP telephony primarily comes down to the network that transmits the voice data. Traditional digital phones use the public switched telephone network (PTSN) to make and receive calls, whereas VoIP services utilize a packet-switched network such as a local area network (LAN) or the Internet. This difference introduces several important perks, mainly the ability to customize your own network far more easily. For example, with a Voice over Internet Protocol Private Branch Exchange (VoIP PBX) system, you can:

  1. Make and receive internal calls over a LAN, keeping information flow inside your business or home network
  2. Make and receive calls to any phone number in the world, with exceptionally low cost long distance rates compared to PTSN rates
  3. Safeguard voice data being transferred over the network(s) using encryption protocols such as Secure Real-time Transport Protocol (STRP)
  4. Safeguard call initiation information with Secure Session Initiation Protocol (Secure SIP)

The impact of the last two points pertaining to encryption may elude you, depending on how much you enjoy understanding how data security and the Internet impacts what you do. Regardless of your interest level, it is extremely like that you have heard of notorious events such as the Equifax financial and personal information breach, Yahoo email data breach, or perhaps read about the security of your texts via SMS. The importance of security is not lost on US Congress, which encouraged the use of encrypted message platforms over traditional networks.

Technology Terminology Explained

What is SRTP?

Seure Real-time Protocol is defined by RFC3711, which describes how the encryption protocols work at a detailed too specific to delve into here. Nevertheless, it confirms the important bits of information regarding STRP that are important to implementation of SRTP for VoIP.

  1. Advanced Encryption Standard (AES) is used in concert with hash-based message authentication code secure hash algorithm 1 (HMAC-SHA1) to secure the information with 160 bit encryption and prevent forgery of the keys used that are used to protect the data. You can read more about this on Cisco’s Security Center article on securing VoIP.
  2. SRTP is a critical component in a system designed to protect and secure voice data against snooping, forgery, denial of service (DoS), and replay from unauthorized parties.

What is Secure SIP?

Secure Session Initiation Protocol is defined by RFC3261, which decribes how encryption is used to protect the the creation, modification, and termination of call sessions with one or more participants (such as multimedia distribution or multimedia conferences).

Protection of call events can be difficult and complex due to the many hops and systems that transport the call data. Secure SIP employs transport layer security (TLS) encryption to do the heavy lifting. Similar to the way websites use TLS to make sure that the content is not tampered with on its way to you, Secure SIP uses public certificates that are known to be safe to protect the interactions between two points.

Does Encryption Matter?

Despite common platitudes such as “I have nothing to hide”, “it’s too complicated to setup and maintain”, or “what we have now is fine”, an overwhelming shift to VoIP PBX services has been, and continues to be, underway. This is, in part, due to the ease and utility that these systems offer; however, it is also because of the increased security over traditional networks.

Business and residential consumers alike ought to be concerned with data security and the flow of data. The control and visibility of your data is important! Traditional/legacy systems, and even some existing VoIP setups, fall short of the utility and security of a proper setup. The Cisco Security Center article above summarizes this well:

“Although historically there has been no perceived need for security for residential and commercial telephone services, telephone networks are now numerous, varied, and under the governance of diverse organizations. Beginning primarily in the United States, telephone companies have proliferated with different local exchange carriers, long-distance carriers, and specialized carriers offering services. Hundreds of small Internet service providers (ISPs) provide communities with both wired and wireless services; hundreds of companies operate corporate networks with voice capabilities; homeowners operate home networks; and hobbyists engineer “personal telecommunications” operations to interconnect neighborhoods and communities. This network assembly offers many opportunities for hacker mischief, privacy violation, financial fraud, and subversion of the telephone services that billions of people depend upon every day.” Section 2. Requirements for Secure IP Telephony

We (Beyond the Geek, based in Katy TX) are concerned about your data, your security, your overall experience in a highly connected world. It is paramount to implement systems that bolster communication and increase its utility for you. If you would like to learn more about the topic or the services that Beyond the Geek offers, please reach out to us any time. You may wish to read more on the subject of VoIP and PBX on our website, or have a conversation with us. We are eager to discuss how we can help you, your business, or your community!