Wednesday, May 11, 2011

Is this the end of SIP over UDP?

The recent move in market with the acquisition of Skype is going to impact many things on the VoIP space, in many cases in a positive way.

Most of the SIP traffic these days is over UDP - unreliable and unencrypted protocol - everything is sent in clear text over the internet: who you are calling to, content of the text messages, your presence states.

Skype made a reputation for itself as offering very secure communication. Microsoft is a marketing devil, no secret, any bit they can exploit will become a sales weapon. Secure communication is one of what they've just got.

To be able to fight in the SMB/enterprise market, the Unified Communication (UC)/VoIP solutions providers will have to deliver from now on secure communication systems. SIP has all the meanings of ensuring secure communication, but it was not deployed much in that way. The companies were focused to check the bullets in the list of the 500 old PBX features.

It was a clear increase in the demand for secure SIP communication platforms lately, but the Skype take over by Microsoft will accelerate it a lot. Otherwise it will be extremely hard to compete against the new Microsoft UC solutions.

Fortunately, the open source SIP-based UC applications are ready. On the server side, being a lot deployed in insecure environments (e.g., well known Internet), we directed a lot of efforts at SER/Kamailio open source SIP server project to ensure the security of unified communication sessions - signaling for voice, video or desktop sharing, instant messaging and presence.

Starting with v3.0.0, there is a brand new architecture for TLS communication, designed for scalability (e.g., up to 80 000 active TLS connections on an average server hardware). In v3.1.0 that work was completed with asynchronous processing of TLS connections, increasing substantially the capacity to handle such secure connections.

On the client side, open source softphone applications such as Jitsi can connect to the server through TLS and send the media stream via SRTP (secure RTP) or ZRTP, thus the entire communication is secure.

For client side, there are also many choices of SIP hard phones with TLS and SRTP support, such as Snom or Cisco. Therefore doing secure communication with SIP is possible, very easy. The time to promote and deploy it massively has arrived.

UDP for SIP may stay for some time in many SIP-based UC systems, but this moment can mark the start of its end.

No comments:

Post a Comment