Secure IP Phone

Encrypted and Authenticated Signaling

• IP phones and CUCM exchange certificates
• IP phones and CUCM authenticate each other.
• IP phones create TLS session keys for SHA-1 authentication and AES encryption
• IP phones encrypt session keys with CUCM public key and send the keys to CUCM
• CUCM shares TLS keys with each IP phone and starts secure exchange of signaling

Encrypted and Authenticated RTP

• Session keys for SRTP SHA-1 authentication and SRTP AES encryption are generated and then exchanged via CUCM
• IP phones share SRTP keys and start secure media exchange

Certificate Exchange in TLS

• Phone Hello
  • Negotiate the encryption parameters
• The server and IP phone exchange certificates in a TLS handshake

Server to IP Phone Authentication

• The IP phone sends a random challenge to the server and requests that the server signs it.
• The server signs the random challenge with its RSA private key and returns it to the IP Phone
• The IP phone verifies the signature by using the RSA public key of the server (available locally in the CTL)

IP Phone to Server Authentication

• The server sends a random challenge to the IP phone and requests that the phone signs it.
• The IP phone signs the random challenge with its RSA private key and returns it to the server
• The server verifies the signature by using the RSA public key of the IP phone that was just received over the network (in the certificate)

TLS Session Key Exchange

• The IP phone generates session keys, encrypts them using the public RSA key of the server, and sends them to the server
  • For SHA-1 and HMAC authentication
  • For AES encryption
• The server decrypts the message, and now the IP phone and the server share session keys that can be used for signaling protection.

Authenticated Signaling using TLS

• Each signaling message (SCCP or SIP) is carried over secure TLS packets.

• SRTP session keys are generated by:
  • The phone itself, if using SIP (Peer to Peer)
  • CUCM if using SCCP (Client/Server)
• Keys are sent (SCCP) or passed on (SIP) to the IP phones by CUCM inside signaling messages.
• To ensure protection of media key distribution, encrypted signaling is mandatory.

SRTP Encryption

• The sender encrypts the RTP payload by using AES algorithm and the AES key received from CUCM
• The receiver uses the same AES key (also received from CUCM) to decrypt the RTP payload

SRTP Authentication

• The sender hashes the RTP header and RTP payload together with the SHA-1 key received from CUCM
• The hash digest is added to the RTP packet, and the combined packet is sent to the receiver
• The receiver uses the same SHA-1 key (also received from CUCM) to verify the hash digest

• Enable Public Key Infrastructure (PKI)

• Authentication and encryption are enabled by setting the device security mode in phone security profile.
• There are three options
  • Non-Secure (default)
  • Authenticated
  • Encrypted