VoIP Security
What is VoIP Security?
VoIP SecurityThe set of controls protecting Voice-over-IP calls (SIP signalling and RTP media) from eavesdropping, fraud, denial of service, and identity spoofing.
VoIP security combines transport, signalling, and media protections. Signalling typically uses SIP (RFC 3261) over TLS 1.2/1.3 with strong cipher suites, mutual authentication where possible, and SIP digest replaced by client certificates or OAuth bearer tokens for stronger trust. Media uses RTP (RFC 3550) wrapped by SRTP (RFC 3711) for confidentiality and integrity; keys are negotiated via SDES, DTLS-SRTP (RFC 5764) or ZRTP (RFC 6189) for peer-to-peer key agreement with optional Short Authentication Strings to defeat MITM. Operational hardening includes SBC (Session Border Controller) deployment, STIR/SHAKEN (RFC 8224) for caller-ID attestation, toll-fraud monitoring, rate-limiting, and protection against SIP-INVITE / OPTIONS floods.
● Examples
- 01
A WebRTC call negotiating DTLS-SRTP master keys between the browser and a media server.
- 02
A carrier using STIR/SHAKEN to mark a robocall's caller ID as 'C' (not attested) before delivering it.
● Frequently asked questions
What is VoIP Security?
The set of controls protecting Voice-over-IP calls (SIP signalling and RTP media) from eavesdropping, fraud, denial of service, and identity spoofing. It belongs to the Network Security category of cybersecurity.
What does VoIP Security mean?
The set of controls protecting Voice-over-IP calls (SIP signalling and RTP media) from eavesdropping, fraud, denial of service, and identity spoofing.
How does VoIP Security work?
VoIP security combines transport, signalling, and media protections. Signalling typically uses SIP (RFC 3261) over TLS 1.2/1.3 with strong cipher suites, mutual authentication where possible, and SIP digest replaced by client certificates or OAuth bearer tokens for stronger trust. Media uses RTP (RFC 3550) wrapped by SRTP (RFC 3711) for confidentiality and integrity; keys are negotiated via SDES, DTLS-SRTP (RFC 5764) or ZRTP (RFC 6189) for peer-to-peer key agreement with optional Short Authentication Strings to defeat MITM. Operational hardening includes SBC (Session Border Controller) deployment, STIR/SHAKEN (RFC 8224) for caller-ID attestation, toll-fraud monitoring, rate-limiting, and protection against SIP-INVITE / OPTIONS floods.
How do you defend against VoIP Security?
Defences for VoIP Security typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for VoIP Security?
Common alternative names include: SIP security, SRTP security.
● Related terms
● See also
- № 635LTE Security