MatrixSSL + MatrixDTLS Voice over IP Solutions
PeerSec Networks MatrixSSL provides a complete solution for Voice over IP security.
VoIP Security Highlights
- SIP and H.323 standards specify TLS authentication
- STUN firewall traversal protocol specifies TLS authentication
- MatrixSSL provides call signaling security, secure provisioning and secure management for VoIP clients within a single library
- MatrixDTLS encrypts each UDP packet for secure, private calls
- Secure call connection latencies of 1/100th to 1/10th of a second on average are within customer expectations
- Eliminates concerns for security of VoIP over WiFi
- SSL/TLS support for standard VoIP client operating systems including VxWorks, Windows CE PocketPC Edition and embedded Linux
SIP and H.323 Security
Standards define the use of the TLS protocol to secure SIP (Session Initiation Protocol)
and H.323 with H.235
VoIP sessions. Securing the call signaling channel allows the call to be authenticated and set up securely between two parties.
MatrixSSL supports the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite mandated by the SIP standards group.
Secure Provisioning of VoIP Phones
MatrixSSL allows secure updates of VoIP phone configuration data and firmware. Most VoIP phones use TFTP for this purpose, an insecure protocol over UDP. With the same library used to secure the VoIP session, an authenticated software package can be downloaded from a trusted server using HTTPS.
On VoIP phones containing a Web based management interface, MatrixSSL can be used to provide secure configuration and administration through the Web. This is important even within an enterprise, as unauthorized call forwarding or auto-answer can cause information leaks throughout an organization.
Encrypted VoIP Calls
Call signaling protocols are able to use TLS over TCP/IP, however the actual voice data is sent over an unreliable packet based network; UDP/RTP. PeerSec Networks MatrixDTLS Datagram TLS
secures UDP packets for encrypted calls.
MatrixSSL is under 50KB in flash memory; ideal for VoIP phones containing 2-4 MB of flash storage. A single library secures the call signaling, upgrading and management interface of a VoIP phone.
On current VoIP hardware (150-200Mhz CPU), full TLS session negotiation takes approximately 1/10th of a second. Resumed sessions take on the order of 10ms. These latencies affect the time to connect a call, not the actual voice call itself.