A dependable privacy protection for end-to-end VoIP via Elliptic-Curve Diffie-Hellman and dynamic key changes

Voice over IP (VoIP) service has been widely deployed over the prevalent Internet due to the advanced technologies of digital voice compression, communication protocols, and wired/wireless networks. VoIP then benefitmuch lower cost of equipment, operation, and better integrationwith data applications than voice communications over telephony networks. On the other hand, VoIP further introduce security vulnerability while delivering voice packets over the public Internet, using the transparent IP protocol suite. The most popular solution to secure VoIP voice packets is to apply cost-effective AES encryption with a single key during to a voice call. In this paper, to further enhance the VoIP security to prevent malicious eavesdroppers, we propose a much stronger privacy protection for an end-to-end VoIP. This dependable solution applies not only the Elliptic-Curve Diffie-Hellman (ECDH) algorithm for key negotiation, but also the key generation function (KGF) for changing key dynamically in a VoIP call session. This 2-tier key distribution scheme provides effective and robust security for VoIP voice packets during the end-to-end call session. This proposed scheme has been deployed on an opensource SIP-based phone as our test-bed over the Internet. The performance results from the experiments with the Internet dynamics of packet loss inserted on the test-bed demonstrate that the proposed scheme not only provide more secure VoIP call, but also preserve the quality of voice packet delivery. & 2010 Elsevier Ltd. All rights reserved.