End-to-End call security
12 views
Skip to first unread message
Eduardo Robles Elvira
May 17, 2009, 5:32:53 AM5/17/09
to Sipdroid Developers
Hello people!
I'm new to android development and I haven't yet an Android phone but
I will get one.soon enough. I'd like to implement a secure way to do
phone calls in Android. So let's say Alice calls Bob. I want the
conversation to be ciphered end-to-end. Is something like this
implemented in Sipdroid? Anyone working on it? Anyone can give me some
hints about what is needed to accomplish it? It would be cool if this
could be implemented in a standard way, but it would be way cooler if
it could be implemented in a way that even if it's not standard it's
supported by i.e. pbxes clients. In the end, I just want something
like Off The Record (OTR) [1] but for phone calls in Android.
Thanks in advance,
Eduardo Robles Elvira.
--
http://www.cypherpunks.ca/otr/
I'm new to android development and I haven't yet an Android phone but
I will get one.soon enough. I'd like to implement a secure way to do
phone calls in Android. So let's say Alice calls Bob. I want the
conversation to be ciphered end-to-end. Is something like this
implemented in Sipdroid? Anyone working on it? Anyone can give me some
hints about what is needed to accomplish it? It would be cool if this
could be implemented in a standard way, but it would be way cooler if
it could be implemented in a way that even if it's not standard it's
supported by i.e. pbxes clients. In the end, I just want something
like Off The Record (OTR) [1] but for phone calls in Android.
Thanks in advance,
Eduardo Robles Elvira.
--
http://www.cypherpunks.ca/otr/
Antonio Anderson M. de Souza
May 18, 2009, 12:41:29 PM5/18/09
to sipdroid-...@googlegroups.com
Eduardo,
There are two standards to make possible VoIP security Calls (End-toEnd encrypted), one is TLS to encript the SIP Signaling, and another is the SRTP to encrypt the Voice streaming, the SIP, and RTP Stacks used in the Sipdroid doesn't support neither one.
I didn't know any implementations of this protocol standards for Android, but there are some opensources that maybe ported to Android.
Sip Stack with TLS support
https://jain-sip.dev.java.net/
SRTP Stack implementatio
http://srtp.sourceforge.net/srtp.html
Best regards,
Antonio--
Antonio Anderson M. Souza
Voice Technology
Rua: Libero Badaró, 293
Cj 30D - 30o. andar
CEP: 01009-907
ant...@voicetechnology.com.br
anton...@gmail.com
phone: +55 11 3588-0188
mobile: +55 11 7525-7543
http://www.voicetechnology.com.br
http://antonioams.blogspot.com
There are two standards to make possible VoIP security Calls (End-toEnd encrypted), one is TLS to encript the SIP Signaling, and another is the SRTP to encrypt the Voice streaming, the SIP, and RTP Stacks used in the Sipdroid doesn't support neither one.
I didn't know any implementations of this protocol standards for Android, but there are some opensources that maybe ported to Android.
Sip Stack with TLS support
https://jain-sip.dev.java.net/
SRTP Stack implementatio
http://srtp.sourceforge.net/srtp.html
Best regards,
Antonio
Antonio Anderson M. Souza
Voice Technology
Rua: Libero Badaró, 293
Cj 30D - 30o. andar
CEP: 01009-907
ant...@voicetechnology.com.br
anton...@gmail.com
phone: +55 11 3588-0188
mobile: +55 11 7525-7543
http://www.voicetechnology.com.br
http://antonioams.blogspot.com
Breadwinner
Jun 11, 2009, 2:34:03 PM6/11/09
to Sipdroid Developers
I was also thinking about securing call confidentiality. Porting the
entire SRTP stack would be a pain, so I was thinking about a hack-
implement some proprietary key exchange before RTP starts & encrypt
the byte pieces before passing to RTP. Of course a secure form of SIP
is also required, but I'm going to ignore that for now (possibly use
some sort of pre-shared public keys for the key exchange part). I
would welcome comments on my plan. Perhaps it would be just as easy to
use the existing RTP components & build on (the minimum required)
proper SRTP blocks?
Regards,
Martin.
On May 18, 5:41 pm, "Antonio Anderson M. de Souza"
> antonio...@gmail.com
entire SRTP stack would be a pain, so I was thinking about a hack-
implement some proprietary key exchange before RTP starts & encrypt
the byte pieces before passing to RTP. Of course a secure form of SIP
is also required, but I'm going to ignore that for now (possibly use
some sort of pre-shared public keys for the key exchange part). I
would welcome comments on my plan. Perhaps it would be just as easy to
use the existing RTP components & build on (the minimum required)
proper SRTP blocks?
Regards,
Martin.
On May 18, 5:41 pm, "Antonio Anderson M. de Souza"
<antonio...@gmail.com> wrote:
> Eduardo,
>
> There are two standards to make possible VoIP security Calls (End-toEnd
> encrypted), one is
> TLS<http://en.wikipedia.org/wiki/Transport_Layer_Security>to encript
> Eduardo,
>
> There are two standards to make possible VoIP security Calls (End-toEnd
> encrypted), one is
> the SIP Signaling, and another is the
> SRTP <http://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol> to
> encrypt the Voice streaming, the SIP, and RTP Stacks used in the Sipdroid
> doesn't support neither one.
>
> I didn't know any implementations of this protocol standards for Android,
> but there are some opensources that maybe ported to Android.
>
> Sip Stack with TLS supporthttps://jain-sip.dev.java.net/
>
> SRTP Stack implementatiohttp://srtp.sourceforge.net/srtp.html
> doesn't support neither one.
>
> I didn't know any implementations of this protocol standards for Android,
> but there are some opensources that maybe ported to Android.
>
> Sip Stack with TLS supporthttps://jain-sip.dev.java.net/
>
>
> Best regards,
>
> Antonio
>
> On Sun, May 17, 2009 at 6:32 AM, Eduardo Robles Elvira <edu...@gmail.com>wrote:
>
>
>
>
>
> > Hello people!
>
> > I'm new to android development and I haven't yet an Android phone but
> > I will get one.soon enough. I'd like to implement a secure way to do
> > phone calls in Android. So let's say Alice calls Bob. I want the
> > conversation to be ciphered end-to-end. Is something like this
> > implemented in Sipdroid? Anyone working on it? Anyone can give me some
> > hints about what is needed to accomplish it? It would be cool if this
> > could be implemented in a standard way, but it would be way cooler if
> > it could be implemented in a way that even if it's not standard it's
> > supported by i.e. pbxes clients. In the end, I just want something
> > like Off The Record (OTR) [1] but for phone calls in Android.
>
> > Thanks in advance,
> > Eduardo Robles Elvira.
> > --
> >http://www.cypherpunks.ca/otr/
>
> --
> Antonio Anderson M. Souza
> Voice Technology
> Rua: Libero Badaró, 293
> Cj 30D - 30o. andar
> CEP: 01009-907
> anto...@voicetechnology.com.br
> Best regards,
>
> Antonio
>
> On Sun, May 17, 2009 at 6:32 AM, Eduardo Robles Elvira <edu...@gmail.com>wrote:
>
>
>
>
>
> > Hello people!
>
> > I'm new to android development and I haven't yet an Android phone but
> > I will get one.soon enough. I'd like to implement a secure way to do
> > phone calls in Android. So let's say Alice calls Bob. I want the
> > conversation to be ciphered end-to-end. Is something like this
> > implemented in Sipdroid? Anyone working on it? Anyone can give me some
> > hints about what is needed to accomplish it? It would be cool if this
> > could be implemented in a standard way, but it would be way cooler if
> > it could be implemented in a way that even if it's not standard it's
> > supported by i.e. pbxes clients. In the end, I just want something
> > like Off The Record (OTR) [1] but for phone calls in Android.
>
> > Thanks in advance,
> > Eduardo Robles Elvira.
> > --
> >http://www.cypherpunks.ca/otr/
>
> --
> Antonio Anderson M. Souza
> Voice Technology
> Rua: Libero Badaró, 293
> Cj 30D - 30o. andar
> CEP: 01009-907
> antonio...@gmail.com
Reply all
Reply to author
Forward
0 new messages