Security Analysis of Voice-over-IP Protocols

Sep 7, 2007

analysis
encryption
white paper
sdes
security paper
voip security paper analysis encryption zrtp mikey sdes sip
zrtp
sip
mikey
voip
paper
security tools

This paper talks about the state of security or lack of of the VoIP protocols. It talks a lot about encryption and introduces some attacks in that area. Of interest:

replay attack on SDES key exchange causing SRTP to use the same keystream in multiple sessions. This means that the attacker removes encryption from SRTP-protected data streams.
An attack on ZRTP involving unauthenticated uesr IDs. This allows bypassing / disabling of authentication or a DoS attack.
A security issue related to randomness in MIKEY