[Freeswitch-users] Encrypted RFC2833 DTMF

Steven Ayre steveayre at gmail.com
Mon Jun 3 13:24:27 MSD 2013


Personally I'd still say that's not good enough. Depending on what they're
dialing in from some or all of the DTMF might still leak through as inband
DTMF in the audio. So you'd want the entire media stream encrypted then.

Doing DTMF without the rest of the voice is more of a compromise between
security and CPU load.

That still doesn't guarantee it's end-to-end, but then you're never truly
going to be able to guarantee that unless they're calling the softswitch
directly via VoIP rather than going via a string of SIP providers so it's
probably the best you can hope for (for now).

-Steve



On 3 June 2013 02:04, Steve Underwood <steveu at coppice.org> wrote:

> On 06/03/2013 08:19 AM, James Cloos wrote:
> > Goog found this:
> >
> > http://enterprise.huawei.com/ilink/enenterprise/download/HW_U_149094
> >
> > which says:
> >
> > ,----< excerpt from HW_U_149094.pdf §35.3 >
> > | Huawei NGN Cipher Version1 (HNC1) is a patented algorithm of Huawei
> > | and supports the 122/256-bit key.  In encryption, the softswitch
> > | (SoftX3000) of Huawei is required to cooperate.  Currently, HNC1 is
> > | used in the application scenarios in which the UA5000 works with the
> > | SoftX3000.
> > `----
> >
> > It also says that those two products encrypt the rfc2833 traffic with
> > that algorithm, w/o implying that it is part of 2833.
> >
> > As for why it is useful to encrypt the 2833 w/o also encrypting the
> > voice, I can only speculate.  Perhaps some idiosyncrasy of PRC law?
> > Or to provide better integrity?
> >
> > -JimC
> There is an excellent reason for encrypting DTMF, when encrypting the
> voice is unimportant. If you can compromise a gateway and pick out all
> the DTMF, you might have the ability to recover a lot of passwords used
> for things like phone banking. On the PSTN this kind of thing only
> really works with a focussed hardware attack on the lines to the banking
> system, but with VoIP any compromised node could be a problem.
>
> Steve
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130603/a9dc29d9/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list