SIP Security in Yate
(→SRTP Cryptographic Contexts) |
|||
| Line 3: | Line 3: | ||
SIP secure it is done by building a TLS listener. Yate will bind on [http://en.wikipedia.org/wiki/Transport_Layer_Security TLS] and will use [http://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol SRTP] packets for voice. | SIP secure it is done by building a TLS listener. Yate will bind on [http://en.wikipedia.org/wiki/Transport_Layer_Security TLS] and will use [http://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol SRTP] packets for voice. | ||
| + | |||
| + | Using SIP in Yate to protect the signaling messages against snooping or alteration use TLS. | ||
| + | |||
| + | Using SRTP, which is a security profile for RTP will add confidentiality, message authentication, and replay protection to the protocol. | ||
=== How to set a TLS listener === | === How to set a TLS listener === | ||
| Line 34: | Line 38: | ||
; secure: bool: Generate and accept RFC 4568 security descriptors for SRTP | ; secure: bool: Generate and accept RFC 4568 security descriptors for SRTP | ||
secure=enable | secure=enable | ||
| + | |||
| + | ===Advantages=== | ||
| + | |||
| + | SRTP: | ||
| + | * SRTP is ideal for protecting Voice over IP traffic because has no effect on IP Quality of Service. | ||
| + | * SRTP provide significant advantages, especially for voice traffic using low-bitrate voice codecs such as G.729 and iLBC. | ||
| + | * SRTP confidentiality of RTP packets protects packet payloads from being read by entities without the secret encryption key. | ||
| + | * SRTP message authentication of RTP packets protects the integrity of a packet against forgery, alteration, or replacement. | ||
'''See also''' | '''See also''' | ||
Revision as of 11:13, 15 November 2012
Yate can bind on UDP, TCP and TLS. This is done using a listener that it is a specific section in ysipchan.conf.
SIP secure it is done by building a TLS listener. Yate will bind on TLS and will use SRTP packets for voice.
Using SIP in Yate to protect the signaling messages against snooping or alteration use TLS.
Using SRTP, which is a security profile for RTP will add confidentiality, message authentication, and replay protection to the protocol.
Contents |
How to set a TLS listener
In ysipchan.conf:
[general] type=tls addr=x.x.x.x port=5061 sslcontext=server_context
Configure a SSL server context
In openssl.conf
[server_context] enable=yes certificate=name.crt key=name.key
The files name.crt and name.key have to be in the same place as the configuration file in this example.
Enable SRTP
Data security protocols such as SRTP rely upon a separate key management system to securely establish encryption and/or authentication keys. TLS will protect the SDP message.
In ysipchan.conf by default secure parameter is disabled, for using SRTP you have to enable it.
[default] ; secure: bool: Generate and accept RFC 4568 security descriptors for SRTP secure=enable
Advantages
SRTP:
- SRTP is ideal for protecting Voice over IP traffic because has no effect on IP Quality of Service.
- SRTP provide significant advantages, especially for voice traffic using low-bitrate voice codecs such as G.729 and iLBC.
- SRTP confidentiality of RTP packets protects packet payloads from being read by entities without the secret encryption key.
- SRTP message authentication of RTP packets protects the integrity of a packet against forgery, alteration, or replacement.
See also
