LTE SIP VoIP Security

Mobile device users can connect, text, talk and see each others over any WiFi or LTE networks using SIP protocol enabled mobile devices such as smartphones, laptops and tablets.  There are many SIP software packages available (Web search for "SIP softphone" ) for the mobile devices that can enable the SIP protocol and turn them into multi-media mobile devices.  

SIP software works with any IP enabled devices.  If your mobile device can access the internet, then it is IP enabled with IP over WiFi and IP over LTE. Download and install SIP software to turn your mobile device into a LTE SIP VoIP device with multi-media capability.

Session Initiation Protocol (SIP) is a VoIP signaling protocol for creating, modifying and terminating multi-media sessions with one or more peer-to-peer participants. The voice and video stream communications in SIP calls are transported by the Real-time Transport Protocol (RTP). SIP signaling procedures include setting up the parameters for the RTP media stream such as IP address, port number, protocol and codecs. The parameters are exchanged and negotiated using the Session Description Protocol (SDP) which is embedded within SIP signaling information.

SIP specifications define SIP phones, SIP servers and two distinct architectures, distributed and centralized. SIP phone specifications include SIP VoIP services to the users and SIP server descriptions include how to locate the SIP phone users.  A SIP phone user is assigned an Address of Record (AOR).  The AOR is created by the combination of user name, the at sign and the SIP server name as in the example bob@biloxi.example.com. See SIPsocial AOR or SIPsocial.net for more.

The Challenge

The SIP phone and phone call are not secure when placed in the public internet.  They are more protected behind a NAT firewall, but when the SIP phone is behind a NAT firewall, it blocks all incoming calls. This is because the NAT firewall, which translates IP addresses between private and public addressing spaces, only allows communications to initiate from private addressing space. 

The CIS Solution

SIPbiz.net software product, named Cyberspace Identity System (CIS), includes a SIP proxy server and registrar server.  The SIP phone registers with SIPbiz.net CIS registrar server to receive SIP VoIP calls.  When the SIP signaling for a call setup arrives, SIPbiz.net CIS proxy server sends it to the SIP phone using the IP address that was collected through the registration process.

SIPbiz.net CIS, installed in a private network behind a NAT firewall, can connect with another SIPbiz.net, also behind a NAT firewall, to create a TLS connection that allows the SIP signaling information to traverse through the NAT firewalls. 

The CIS connection can be initiated by one of the CIS installations.  The successful connection establishment creates a trusted internet connection over which the SIP signaling information is encrypted and transported.

When SIPbiz.net CIS is deployed behind a NAT firewall, it creates a private network in which SIPbiz.net CIS and the SIP phones communicate using private IP addresses.  Each NATed private network, with one public IP address, can support as many as 16 million SIP phone devices using private IPv4 addresses.

Benefits and Capabilities

Security Enhancement
  • Connect SIP phones, servers and gateways from behind NAT firewall
  • Mutual inclusive privacy protection with PKI
  • End-to-end encrypted SIP signaling via TLS
  • VoIP communications between private IP networks
Business Improvement  
  • Reduce communications recurrent costs
  • Improve communications by protecting network resources and simplifying network infrastructure to all-IP
  • Decrease communications problems by replacing dedicated TDM circuits, VPN lines and their legacy hardware
Technology Advantage
  • All IP networks: No TDM hand-off between carriers 
  • Scalability: There is no architectural limit on the number of trusted connections a SIPbiz.net can connect. Each SIPbiz.net can initiate and accept multiple TLS connections.
  • There is no need for SIP routing
  • Inter-operate with SIP phones, servers, gateways and any SIP devices
  • Signaling encryption from SIP server to SIP server
  • Encryption works with or without NAT firewall
  • Encryption works with IPv4 or IPv6 networks
  • Flexible SIPbiz.net connection configurations
    • Point-to-point
    • Point-to-multipoint
    • Full mesh
Other SIPbiz.net applications
  • SIP PBX 
CIS and SIP phones in this solution provides the functions of a TDM PBX system.
  • SIP Trunking
CIS and SIP gateways operating in private IP networks can provide SIP trunking services for the TDM devices.

CIS trunk services connecting SIP phones without going through SIP gateways.
  • SIP Connect
One SIP gateway, working with CIS, serves multiple SIP networks of phones.  This solution results in less dependent on TDM access. 
  • SIP SBC
CIS solution integrates data and VoIP services and provides inter-carrier interfaces for the 4G LTE wireless networks.

Inter-carrier Session Border Controller (iSBC) services without the VoIP gateway.
  • SIP Integration
CIS and SIP gateway connect the SIP VoIP networks and the PSTN.  


Learn More

For additional information on how your organization can benefit from SIPbiz.net CIS LTE SIP VoIP security solutions, please contact sipbiz@sipbiz.net.

References