MatrixSSL + MatrixDTLS Voice over IP Solutions

PeerSec Networks MatrixSSL provides a complete solution for Voice over IP security.

SIP and H.323 Security

Standards define the use of the TLS protocol to secure SIP (Session Initiation Protocol) and H.323 with H.235 VoIP sessions. Securing the call signaling channel allows the call to be authenticated and set up securely between two parties. MatrixSSL supports the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite mandated by the SIP standards group.

Secure Provisioning of VoIP Phones

MatrixSSL allows secure updates of VoIP phone configuration data and firmware. Most VoIP phones use TFTP for this purpose, an insecure protocol over UDP. With the same library used to secure the VoIP session, an authenticated software package can be downloaded from a trusted server using HTTPS.

Secure Management

On VoIP phones containing a Web based management interface, MatrixSSL can be used to provide secure configuration and administration through the Web. This is important even within an enterprise, as unauthorized call forwarding or auto-answer can cause information leaks throughout an organization.

Encrypted VoIP Calls

Call signaling protocols are able to use TLS over TCP/IP, however the actual voice data is sent over an unreliable packet based network; UDP/RTP. PeerSec Networks MatrixDTLS Datagram TLS secures UDP packets for encrypted calls.

Platform Requirements

MatrixSSL is under 50KB in flash memory; ideal for VoIP phones containing 2-4 MB of flash storage. A single library secures the call signaling, upgrading and management interface of a VoIP phone.
On current VoIP hardware (150-200Mhz CPU), full TLS session negotiation takes approximately 1/10th of a second. Resumed sessions take on the order of 10ms. These latencies affect the time to connect a call, not the actual voice call itself.