VoIP telephony can offer substantial cost savings to the enterprise but the networking protocols it relies on also make it more susceptible to attack than traditional telephone service. Threats can be broken down into three separate areas:
Attacks to the Voice Transportation Protocols (RTP, RTCP)
Attacks to the Signaling and Call Routing Protocols (SIP, H.323)
Attacks to the physical network
VoIP developers can choose to integrate SSL/TLS–based security or IPSec-based security to protect the vulnerable protocols in their solutions. Although encrypting the signaling protocols using SSL is the easiest solution, IPSec is also a very good approach. IPSec runs at the network layer and it will work over any network to encrypt both the signally and voice-channel protocols. Through the Certicom® Security Architecture™, developers can access both Security Builder® SSL™ and Security Builder® IPSec™ to achieve strong security. Both of these toolkits call cryptographic providers through Security Builder API, which means that vendors can leverage one common security architecture for cost effective software development and faster time to market.
Security Builder SSL can also be used with ECC to further improve the efficiency of the TLS key exchange. The performance of the IPSec key change can be improved with Security Builder IPSec and the use of ECDH.
By taking advantage of the synergy of the toolkits and cryptographic providers within the Certicom Security Architecture, VoIP solution vendors can access these additional benefits:
All of the Security Builder toolkits use the same API to call the cryptographic providers, which allows vendors to leverage one common security architecture for cost effective software development and faster time to market.
All of the Security Builder toolkits are optimized for constrained environments, so the security provided is strong, but has minimal impact on performance.
Additionally, by incorporating ECC into the solution, VoIP vendors can achieve a significant performance boost without sacrificing security levels.