Secure Your Real-Time Communications
Data Protection in a Secure SIP Network with Linphone and Flexisip
Digital communications including voice, video and messaging involve sensitive user data that need to be protected against unauthorised access. Linphone and Flexisip provide built-in security features that allow the creation of a secure communication service across the public internet. This document describes the key technologies incorporated into a Linphone/Flexisip SIP network.
The document outlines the security mechanisms implemented in Linphone and Flexisip to ensure secure VoIP communications, messaging, and file sharing. The security steps include:
- Secure Registration and Call Setup:
- Linphone establishes a SIP-TLS connection with the Flexisip server, verifying the server’s authenticity through x509 certificates.
- SIP message authentication is handled either via password-based digest authentication or by using TLS client certificates.
- Trusted Voice and Video Streams:
- AES encryption is used for RTP streams, with three key exchange methods: SDES, ZRTP, and SRTP-DTLS.
- ZRTP, based on Diffie-Hellman key exchange, ensures end-to-end encryption and prevents man-in-the-middle attacks using a Short Authentication String (SAS).
- Secure Messaging and File Sharing:
- LIME (Linphone Instant Message Encryption), inspired by the Signal Protocol, ensures end-to-end encryption for messaging, providing asynchronous privacy and man-in-the-middle attack detection.
- Extendable with Custom Encryption Engine:
- Linphone allows for the integration of custom encryption libraries for processing audio, video, and message content using APIs that provide full control over key management and data encryption.
