Telesis STILLINK: Combined VoIP Gateway and Signaling Converters
AES 256 Media Encryption
HOW TO BUY
BECOME OUR RESELLER / DEALER
AES 256 Media Encryption
Telesis Systems Offering AES 256 Media Encryption
VoIP Protocol inTelesis Systems Offering AES 256 Media Encryption
H.323 and AES 256 Media Encryption
All Telesis systems are complete voice communication systems, which combine various TDM interfaces and IP components. They are all-in-one solutions with integrated gatekeeper, softswitch capability, IP-TDM routing (gateway) functions, and numerous IP and traditional system features. Even though the media encrypting algorithm explained here is applicable for H.323 endpoint-to-endpoint connection too, it is recommended for H.323 endpoint-to-gatekeeper connection for further security.
The following paragraphs demonstrate algorithms applied for site-to-site communication in brief, such that:
While voice bridging distant offices over the IP, security of a VoIP call is guaranteed with the encryption of voice according to 256 bit AES (AES-256).
Telesis systems support AES 256 media encryption over H.323
Secure Gatekeeper Registration
Two Telesis systems share an account name and a secret, which is the password. One system as an H.323 endpoint registers to the gatekeeper of the other with the shared account name and the password. For the registration, H.225 RAS messages are exchanged between the two Telesis systems according to the H.235 Baseline Security Profile with or without integrity check. The baseline security profile provides basic security for endpoint-to-gatekeeper registration using the secure password-based HMAC-SHA1-96 hashing algorithm.
For H.323 endpoint-to-gatekeeper registration, RAS message authentication is according to H.235 Baseline Security Profile standards. This security service supports authentication of selected fields only, but does not provide full message integrity. The authentication-only security profile may be preferable for the messages traversing NAT/firewall devices. Hashing algorithm is the password-based HMAC-SHA1-96.
For H.323 endpoint-to-gatekeeper registration, RAS message authentication and integrity is according to H.235 Baseline Security Profile standards. This is a security combining both message integrity and the authentication. Hashing algorithm is the password-based HMAC-SHA1-96.
Encrypting the Media
For encrypting the media, 256-bit Advanced Encryption Standard (AES-256) is used. AES-256 specifies a cryptographic algorithm using a symmetrical block cipher that can process data blocks of 128 bits with 256bit chipher (crypto) key which is agreed by Diffie-Hellman procedure. Audio samples are collected from the codec, they are encrypted, and inserted into the RTP payloads. When the receiving side gets RTP payloads, the decrypting occurs.
Diffie-Hellman key exchange
Telesis systems exchange Diffie-Hellman half keys using authentication based on H.235 Baseline Security Profile with or without integrity check. This prevents Man-in-the-Middle (MIM) attacks and communicating systems can be sure with whom they share the Diffie-Hellman half keys. Hash algorithm for H.235 Baseline Security Profile or H.235 Baseline Security Profile with integrity check is HMAC-SHA1-96. Exchange of HMAC-SHA1-96 hashed Diffie-Hellman half keys provides additional security.
Security of VoIP communication between two Telesis systems is ensured with:
xSIP and AES 256 Media Encryption
xSIP (eXtended SIP) protocol has been developed by Telesis. The main purpose of its development is to make some value-added services in Telesis systems to be applicable for VoIP calls too.
Telesis xSIP IP telephones connected to a Telesis system. AES 256 media encryption over xSIP
XPhone softphones connected to a Telesis system. AES 256 media encryption over xSIP
Security of VoIP communication between an xSIP IP Telephone Set (or XPhone Softphone) and a Telesis IP Telephony System is ensured with:
The perfect combination of various protocols and algorithms protect your conversations
Copyright Telesis A.S. 2006-2013