Author Topic: Voice encryption  (Read 1633 times)

Offline SeeTeaEye

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
Voice encryption
« on: September 26, 2019, 04:32:25 AM »
Hi,

Is there anyone out there doing voice encryption ? That is, using SIP and encrypting the RTP packets from the SBC to WDE/SIP enpoint.
I would be interested in hearing how difficult to implement it was and if it adds much overhead to ongoing support/maintenance.

Thanks  :)

Offline genesysguru

  • Sr. Member
  • ****
  • Posts: 293
  • Karma: 12
    • Genesys Guru Blog
Re: Voice encryption
« Reply #1 on: September 29, 2019, 11:19:46 AM »
Hi,

Since nobody else has replied I thought I would add a few words.

Technically, implementing SRTP is fairly simple but as always with SIP you open up the possibility of interoperability and performance (transcoding) issues. SRTP makes support a bit more difficult but not that bad assuming that you keep SIP messaging in the clear e.g. do not implement Secure SIP as well.  That said with SIPS if you capture the TLS handshake you can still retrieve the audio ...

The questions you need to ask first are a) why - PCI? and b) between which endpoints. After that, you can solutionize technically but in reality, in most cases, it is better to reduce scope.


Regards
Craig

Offline SeeTeaEye

  • Newbie
  • *
  • Posts: 3
  • Karma: 0
Re: Voice encryption
« Reply #2 on: September 30, 2019, 01:56:11 AM »
Hi Craig,

Thanks for those insights.

It's a good question, the why. Nowadays, everything is encrypted, all APIs endpoint connections, etc. Usually, the voice path on contact centres carries PII, and other sensitive information, so it's just surprising that it is not that common to encrypt it. But I get your points around interoperability and performance.
In our case, it's all about protecting PII, as we have other means to reduce scope for PCI.

Thanks again


« Last Edit: September 30, 2019, 02:38:00 AM by SeeTeaEye »

Offline genesysguru

  • Sr. Member
  • ****
  • Posts: 293
  • Karma: 12
    • Genesys Guru Blog
Re: Voice encryption
« Reply #3 on: September 30, 2019, 12:40:20 PM »
Indeed to in terms of PII is it a case of defining your security environment and possibly only needing to implement SRTP/SIPS at the SBC edge rather than E2E down to the agent/advisor SIP endpoint? Lots of points to "discuss" with a QSA ....

Regards
Craig