How we can help?

Encrypted SIP & RTP

Does Flowroute support SRTP or ZRTP for audio transport?

We offer optional SRTP to our SIP protocol. To better explain the vulnerabilities of someone eavesdropping, here is a more in-depth look at telecommunication security:

Security is only as strong as the weakest link and the PSTN is the weak link in telecommunications. The design of the PSTN is inherently insecure and that will never change. Wire tapping has always been a simple affair for law enforcement and even for a reasonably determined malicious party.

  1. SIP connection to ex: us-west-or.sip.flowroute during call:
    • The SIP signaling is extremely difficult to tamper with and no real damage can be caused by that. However, someone who hacks your customers network, or who provides Internet service for them, can sniff the any SIP signaling to see all call progress information. We offer TLS encryption to encrypt the signaling between the customer and our servers; however this still should not be considered a reasonable level of privacy because the SIP signaling from our servers to the carrier and throughout the PSTN cannot be encrypted.
  2. RTP connection to interconnection carrier during call:
    • This is not encrypted and cannot be for the foreseeable future. The reason being that the carriers do not implement any support for RTP encryption in their gateways. They likely share the belief that real privacy and security cannot be provided for calls that traverse PSTN.
  3. SRTP is secure RTP

SRTP is protocol that wraps a regular RTP media stream in an encrypted tunnel, thereby protecting it from eavesdroppers. Although we technically have the ability to implement it, it would be of little use since the PSTN carriers do not support SRTP and will not for the foreseeable future. That means that we would have to proxy media, then decrypt the media streams and relay them to the carriers as regular RTP.

 

To learn more about how to implement a SRTP/TLS signaling