VoIP is poised to take over from the century-old public switched telephone network (PSTN). But VoIP telephony does not enjoy the same privacy as the old PSTN. This is because PSTN phone calls were based on establishing a “closed circuit” between the two parties, while VoIP phone calls send packets through the Internet, which everyone knows can be easily intercepted by anyone along the way. This naturally reduces the security of VoIP phone calls. While most PSTN phone users saw no justification for encrypting their calls, relying on the natural security of circuit-switched phone calls, even the less security-aware users are more likely to see a need to encrypt calls sent over the Internet.
The threat model for wiretapping VoIP is much more expansive than the one for wiretapping the PSTN. With the PSTN, the opportunities for wiretapping were in three main scenarios. First, someone could attach alligator clips to the phone wires near your home or office. Second, they could tap in at the switch at the phone company. This would likely be done by your own domesticgovernment law enforcement agency, with the phone company’s cooperation. Third, international long-distance lines could be intercepted by intelligence agencies of either your country, the other party’s country, or a third country. It generally means a reasonably resourceful opponent.
VoIP (voice over IP) networks are currently being deployed by enterprises, governments, and service providers around the globe and are used by millions of individuals each day. Today, the hottest topic with engineers in the field is how to secure these networks. "Understanding Voice over IP Security" offers this critical knowledge. The book teaches practitioners how to design a highly secure VoIP network, explains Internet security basics, such as attack types and methods, and details all the key security aspects of a VoIP system, including identity, authentication, signaling, and media encryption. What's more, the book presents techniques used to combat spam and covers the future problems of spim (spam over instant messaging) and spim (spam over internet telephony).