In recent days, this blog has seen an increase in traffic to entries on Asterisk and Encryption. So you're wondering if you can use OpenSSL and Asterisk to keep your phone calls private. The answer is, it depends. To keep calls private, you'll need to secure the PBX, the phones, and the connections between them.
The good news is that Asterisk is more stable than ever, and it supports OpenSSL. SIP-S behaves pretty much like https does on Apache's web server. SRTP's source code is available, although SRTP has had far less scrutiny into its encryption implementation. (I am unaware of any FIPS-140 validated SRTP modules.) Why two different forms of encryption? This is an important point:
- SIP-S encrypts just the registration and call control data. This includes extension, username, password (beyond Digest), and the phone number you're dialing. The use of digest authentication in unencrypted SIP across the Internet is a critical flaw. While digest hashes your password with MD5 with a "nonce" or salt, the nonce is sent in the clear. CAIN can crack a 4-digit password captured in digest form in less than one second.
- SRTP covers the contents of the call to include your voice back and forth. The key for SRTP is negotiated in the SIP channel, so doing SRTP only is pointless. (Select an 80-bit key for SRTP if possible.) SIP-S protects your username and password and the number dialed, but not what you're saying or hearing. In summary, you need both SRTP and SIP-S/SIP-TLS to keep your calls private.
Keep in mind that anyone eavesdropping on your network connection will still know there's a call in progress and the IP addresses of your endpoint/hardphone/softphone and your Asterisk server even if you're using both forms of encryption. In general, it's a good idea to encrypt your calls locally, because it's fairly trivial (CAIN) for your Network Admin to configure a span port and start recording all your calls to disk. Also keep in mind that monitoring is a feature of Asterisk that can be enabled. If you can't secure your server, your calls won't be private.
What about the other side of the call? Who are you talking to? How does your call get there? If you're using a commercially provided SIP trunk to get to the PSTN and dial real phone numbers, it's pretty much over right there. Few low-cost SIP providers support SIP-S or SRTP. Even if they do, they still need to fill out FCC Form 445 and FCC Form 449.
FCC Form 445 is used to monitor the progress of telecommunications carriers that provide facilities-based broadband Internet access or interconnected Voice over Internet Protocol (VOIP) services in complying with the Communications Assistance for Law Enforcement Act (CALEA) and the Commission's requirements for such facilities and services. See Communications Assistance for Law Enforcement Act and Broadband Access and Services, ET Docket No. 04-295, Second Report and Order and Memorandum Opinion and Order, FCC 06-56 (released May 12, 2006), 21 FCC Rcd 5360 (2006) (Second Report and Order). See also 47 C.F.R. § 1.2000 et seq.
FCC Form 449 and background:
With very limited exceptions, all intrastate, interstate, and international providers of telecommunications in the United States must file this Worksheet. Telecommunications providers that are contributors to any of the support mechanisms, including USF, TRS, NANPA, or LNPA, must file this Worksheet. The term "telecommunications" refers to the transmission, between or among points specified by the user, of information of the user's choosing, without change in the form or content of the information as sent and received. For the purpose of filing, the term "interstate telecommunications" includes, but is not limited to, the following types of services: wireless telephony, including cellular and personal communications services (PCS); paging and messaging services; dispatch and operator services; mobile radio services; access to interexchange service; special access; wide area telecommunications services (WATS); subscriber toll-free and 900 services; message telephone services (MTS); private line; telex; telegraph; video services; satellite services; resale services; Frame Relay services; asynchronous transfer mode (ATM) services; Multi-Protocol Label Switching (MPLS) services; audio bridging services; and interconnected VoIP services.
The keyword here is "interconnected." Also, "non-interconnected:"
Non-Interconnected VoIP Service Providers: All providers of "non-interconnected VoIP service" (as defined in section 64.601(a) of the Commission's rules) with interstate end-user revenues subject to TRS contributions must file this Worksheet in order to register with the Commission and report their revenues for purposes of calculating TRS contributions.
Unless you're Google Voice, in which case you don't have to follow the rules. This may explain the reluctance of Google to make Google Voice an "official" business app.
Back to your phone calls: if you're paying anyone else to provide anything to your phone call other than a raw internet connection, they have to register with the FCC and certify that they can provide monitoring to the government. Form 445 requires a reference number from Form 449-A so they can check. Actuallly, your broadband provider needs to do this too, so what can you do? To make private calls, they need to connect through PBXes that you control. No PSTN calls are private, ever.
So if you're going to make a secret squirrel phone call to your buddy using Asterisk, that buddy's phone had better be a client of the same Asterisk server, or you need SIP or IAX2 trunks you both control, between Asterisk servers you both control, with encryption. Yes, you can encrypt SIP and IAX2 trunks, per Asterisk docs. Even better, use VPN between the two Asterisk servers, so you have two layers of encryption. That way, a single flaw in SIP-TLS, SRTP, or OpenVPN/IPSec won't be fatal. (Some call it "swiss-cheese theory:" if you have two layers of swiss cheese, the holes probably won't overlap. Using VPN for all SIP traffic - trunks and calls - can prevent you from exposing servers and phones on the Internet. SIP scanning is one of the most common attacks I see with Snort. It's best not to leave any VOIP ports open to the Internet. Use VPN for trunks and clients.
Even with SIP-S, SRTP, and OpenVPN or IPSec, though, network traffic analysis will reveal the connection, or association, between IP addresses. You and your co-conspirators are visiting the same server, so if one of you is a target, your buddies become targets, too. Suddenly, everyone who connects to your secret squirrel Asterisk server is suspicious. While the content of your communication is secure, the IP traffic to and from your PBX reveals your whole criminal team. Now you know why numbers stations are still in use in 2013, along with one-time-pads on flash paper. Before online gambling, bookies use to keep their betting slips on flash paper.
How to build Asterisk?
From source, of course. (Although the latest stable version of the FreePBX distro has SSL and SRTP support compiled in and OpenVPN installed in CentOS 6.3, but an antique version of OpenSSL -- OpenSSL 1.0.0-fips 29 Mar 2010.) My last Fedora (Spherical Cow) install had every prerequisite installable from Yum. You could build all the prereqs from source, but that takes a while. (If you're on Amazon's cloud, it will be necessary for quite a few of them.) Then stop with RPMs. Do not use RPMs for Asterisk. Build Asterisk from source. There are too many options that need to be compiled in, from SSL to SNMP and SRTP. You can also see what's really getting built. Asterisk has a nice menuconfig that will let you know what you're missing.
For the uninitiated:
- Wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11-current.tar.gz
- Tar -zxvf asterisk-11-current.tar.gz
- Cd asterisk-11-current
- Make menuselect (and then choose your options, including SRTP.)
- Save and exit
- Run mp3 script here: asterisk-11-current/contrib/scripts/get_mp3_source.sh
- Make install
You could try building OpenSSL from source and then building Asterisk from that rather than the RPM/Deb package that came with your distribution. Then you can update it on OpenSSL's schedule rather than Fedora's. I'd complain about not getting TLS 1.2 or elliptic curves and keys, but I'm pretty sure no phones around support it. Snom phones support RC4, RSA, DH, and SHA-1, but not CRLs.
What kind of hard phone to use? The SNOM phones work best in my environment. They can even do OpenVPN before registering with your Asterisk server. However, I've had issues doing OpenVPN and SIP-TLS simultaneously because of DNS issues. (PFSense, an open-source firewall, supports OpenVPN and even has a profile export module for SNOM phones.) And unlike the Nortel phones, there's no "ringless monitoring extension" feature on SNOM phones that lets your admins place your phone's microphone and camera off-hook silently.
However, you're going to have to trust the firmware on any phone you get. Not just that it doesn't have a back door, but also that it's implementing encryption well. Some Cisco phones have FIPS-140 certification, but the SNOMs do not. (FIPS certification means the encryption has been implemented well, but it doesn't mean the phone is impervious to attack, as shown here.) The trouble with the Cisco FIPS phones is that you really don't want to try SIP out on them. Cisco small business phones support SIP, but they're not using FIPS certified encryption modules. What about soft phones? In general, general-purpose computing devices are more likely to be hacked. A Windows or Mac computer is more likely to have a virus than a VOIP hard phone -- the attack surface is larger. However, you may not have a choice if you want to try a secure call from your smart device. Fortunately, there's OpenVPN for iOS and Android now.
- Are you making the call with your computer? FAIL. Your computer is infected and copying all the data someplace else.
- Are you talking near a computer? FAIL. Your computer is infected and recording audio and video from your webcam.
- Are you talking near any other type of phone - landline, mobile? FAIL. The phone has been placed off-hook remotely and audio is being recorded.
- Are you talking in public? FAIL