Archive for August, 2009

Secure VoIP, GNU SIP Witch, and replacing Skype with free software

Thursday, August 27th, 2009

For the last few years I had been working when time was available on what is called the GNU Telephony Secure Calling Initiative. This initiative was originally started specifically to make passive voice communication intercept a thing of the past using free software and public standards, and came out of ideas from and the work of the New York City civil liberties community and New York Fair Use in the early part of this decade.

While it is true that technological means for mass communication intercept has grown with incremental improvements in communication technology, the means to apply and use encryption techniques to counter these abuses and offer communication privacy on a large scale using free software have also become possible. Given the nature of this project, important work had been done by volunteers and contributors in Europe such as Werner Dittmann who created the ZRTP compliant stack we use, over the summer of 2006, and Federico Pouzols, who re-wrote the RTP stack I originally authored for use in GNU Bayonne. The use of non-US contributors was specifically encouraged to avoid putting additional people in potential danger in the United States for working on cryptographic systems for worldwide public use specifically to avoid communication intercept.

One result of the initiative was creation of the GNU ZRTP stack (and our related GNU ZRTP4J now used in SIP communicator). The project was first publicly introduced in October 2006 during the 4th International Free Knowledge conference, where a complete ZRTP enabled client (the Twinkle softphone) became immediately available for use by anyone through Debian GNU/Linux for establishing simple secure point to point VoIP calls over the public Internet. This offered a basic means of establishing secure calls using Phil Zimmerman’s ZRTP protocol and a free software licensed implementation, but did not offer a means to truly integrate and manage secure calling or make it a standard or easy to deploy Internet user service.

This latter goal became possible through the development of GNU SIP Witch, which can be used to create and deploy network scalable secure privacy enabling VoIP solutions for individuals, private organizations, and even national governments. My focus in this project over the past year has been on this recently introduced GNU SIP Witch package. While this package is still rather new, there is a basic howto for system admins to use and deploy GNU SIP Witch with Ubuntu GNU/Linux. Ideally I would like to do far more to make it easier to deploy secure calling networks without requiring system admin skills.

GNU SIP Witch is different from many other VoIP servers, such as for example Asterisk, in that it never establishes media connections with or through a server, and hence does no protocol conversion or media operations that would otherwise require decrypting a secure audio session in a central location. Instead it relies on published open standards and the SIP protocol to coordinate secure endpoints which can then form direct peer to peer media connections. This means these media sessions are not decrypted by a central server, nor are encryption keys shared with or managed by a central server.

One use case for GNU SIP Witch is as a kind distributed domain service to handle inbound VoIP calls directly received over the public Internet for the SIP protocol much like something like sendmail does for SMTP. In this role, one could then create local publicly reachable SIP identities (URI’s) that match email addresses and thereby offer a consistent means of contact. This eliminates the need for some kind of centralized “registry” of callable users which so many other schemes and services wish to reply upon since we can make use of DNS and individually ran services. This suggests an alternate and much more distributed model for enabling secure public voice, video, and instant messaging contact to that of Skype, the latter of which requires a central user directory and control point, as well as using source secret protocols and methods which cannot be independently validated.

Another interesting use case is that of creating a secure calling “domain” in conjunction with an already existing insecure VoIP infrastructure, such as for example might be offered by Asterisk. Used this way SIP Witch will maintain both a secure and “insecure” identity for each ZRTP enabled node it is used to manage. The insecure identity will be cross-registered to the insecure IP-PBX so insecure users can reach users in the secure domain. Similarly, all non-secure destinations dialing from a secure VoIP user agent are automatically routed through the insecure IP-PBX. Dialing a secure destination from a secure user agent will however bypass the insecure IP-PBX entirely, and establish a direct peer to peer media session.

Awhile back I was asked about speaking at LinuxCon 2009 about this project, and now I am ready to do so. Given my topic, I am uncertain as to whether LinuxCon is really ready for me. However there is a preliminary copy of my presentation next month now available at http://www.gnutelephony.org/data/linuxcon2009.odp and http://www.gnutelephony.org/data/linuxcon2009.pdf for those curious about my talk next month.