6.8 Encrypted SIP
SIP encryption is a security mechanism that protects SIP session communications from eavesdropping or tampering. The SIP encryption feature allows you to encrypt communications between your fixed VoIP phones and the Enreach Contact platform. When SIP encryption is enabled, the following two protocols are used:
TLS (Transport Layer Security)TLS is a widely used security protocol designed to facilitate privacy and data security for communications over the internet. In Enreach Contact, TLS encrypts the signalling of the calls, which can be thought of as the set-up and tear-down part of a call.
Secure Real-time Transport Protocol (SRTP)SRTP is an extension to RTP (Real-Time Transport Protocol) that provides enhanced security features. SRTP encrypts the actual audio of the call. Both the incoming and outgoing call audio is encrypted.
To enable SIP encryption, SIP encryption needs to be activated in the customer account. Once activated, SIP encryption can be enabled for all VoIP phones that support TLS/SRTP encryption. When SIP encryption is enabled for a phone, the device is reprovisioned (this requires a reboot of the device) and the device then connects to the encrypted SIP proxy of Enreach Contact (securevoip.voipoperator.tel, port 5062). All SIP traffic between the phone and the Enreach Contact platform will then be encrypted using SRTP and TLS.
SIP encryption cannot be enabled for VoIP phones that do not support TLS/SRTP encryption. These phones to not need to be reprovisioned and will connect to the Enreach Contact unencrypted SIP proxy (mv.voipoperator.eu, port 5080). SIP traffic between these phones and the Enreach Contact platform is unencrypted and uses Real-time Transport Protocol (RTP) and Session Description Protocol (SDP).
For a list of devices for which SIP encryption is supported, see App. B: Devices.