Author:
Steffen Fries
Affiliation:
Corporate Technology, Siemens AG, Germany
Keyword(s):
Voice over IP, security, encryption, authentication, integrity, SIP, H.323, Megaco, MGCP, SRTP.
Related
Ontology
Subjects/Areas/Topics:
Cloud Computing
;
Data and Systems Security
;
Information and Systems Security
;
Service and Systems Design and Qos Network Security
;
Services Science
Abstract:
This document describes current state of the art security functionality provided in the four mainly used and standardized Voice over IP (VoIP) signaling protocols, as there are the Session Initiation Protocol (SIP), H.323, Megaco, and the Media Gateway Control Protocol (MGCP). It outlines the security provided by the protocols itself or by dedicated security extensions including lower layer security protocols like Transport Layer Security (TLS) or IPSec. Moreover, vulnerabilities, which still remain in protocols or certain scenarios, are depicted as well. Furthermore discussed are also security approaches for the media data provided by the Secure Real-time Transport Protocol (SRTP) and associated key management schemes. Conclusions are given by identifying work areas, in which further security related work in the area of multimedia communication in general and VoIP in specific has to be done.