VoIP Encryption

[b]Now that there’s encryption for VoIP subscriber units, many VoIP security questions are answered[/b]

Many allegations of fear, uncertainty and doubt (FUD) over VoIP security focus on VoIP streams over a public internet where any one could capture those packets, decipher them and eavesdrop on personal and business conversations unlocking personal and corporate secrets.

People used to say that about email. Then Phil Zimmerman brought Pretty Good Privacy (PGP) encryption for email to the market. His new product, Zfone, relies on encryption hash technology to provide a unique three-digit identifier that each caller will receive when initiating a VoIP call. The callers simply start their conversation by sharing these identifiers with each other, which prove there’s no man-in-the-middle attack, and the rest of the conversation is encrypted. Zfone encrypts the call end-to-end by using the Diffie-Hellman key exchange to set up a session key and then the AES (encryption used by the US government)  to encrypt the voice packets. Two users can check for a man-in-the-middle attack by comparing an authentication digest without depending on a public key infrastructure (PKI), which is what Skype uses.