Defect #2921
closed
Using proxy feature in Groundwire to provide limited voice encryption?
0%
Description
Hello!
Groundwire has a proxy feature
In the insturctions for sip2sip
http://wiki.sip2sip.info/projects/sip2sip/wiki/SipDevicesAcrobitsGroundwire
It is said that "Optionally set to a proxy that performs some traffic manipulation e.g. TLS to UDP translation.This proxy is usually not related to the SIP provider. If regular proxy is specified as well, the SIP traffic will be routed to the proxy on the second hop."
There is a simple and reasonably secure (against opportunistic "middle brother" :)adversaries) Android proxy called Shadowproxy, and it does have UDP forwarding capabilities.
Would it be possible to use it for UDP forwarding so as to make sure that voice traffic (RDP) is encrypted on the path between me (android app) and Shadowproxy server (self-hosted outside of local snoop's reach) for both incoming and outgoing calls.
I'm from Ukraine and tend to visit Russia a lot, and so it's kinda important for me.
Updated by Adrian Georgescu over 9 years ago
- Status changed from New to In progress
We have not written that entry, it is user contributed. So we cannot advise how to configure Acrobits software. You can ask this question best of SIP beyond VoIP mailing list, where other users may be able to answer. The list is found here http://lists.ag-projects.com/mailman/listinfo/sipbeyondvoip
As a general rule, just enable ZRTP in your end-points, this way the media will be encrypted end-to-end. You can use TLS for SIP signalling but the proxy always has access to the signalling information, so is not possible to hide to the proxy who and when you are calling.
More info about privacy on sip2sip is found here
http://wiki.sip2sip.info/projects/sip2sip/wiki/DataStoragePolicy
Updated by Alex Cee over 9 years ago
Thanks for prompt reply!
I need to recieve incoming calls from US landlines (so ZRTP is unlikely to be of use)
My concern is primarily the encryption between Groundwire and the proxy (I have a USA VPS to host the proxy myself, so I am not particularly concerned about the proxy having access to the data, but since I will be recieving the calls in Ukraine and Russia I am very concerned about data being unencrypted between the foreign servers and me)
I'll ask around in the mail lists.
By the way, there's another issue in groundwire I'm having (I decided to try out google voice > IPkall and, well, am having a ton of trouble, but that's a separate ticket I guess)
Updated by Adrian Georgescu about 9 years ago
- Status changed from In progress to Closed
Again signalling can always be considered compromised. It does not matter if you use TLS or not as it is not end-to end enforced and any intermediate node has access to all signaling. So unless you encrypt the media itself in a deterministic matter you call privacy is compromised anyway.