Voice-over-IP Encryption

Voice-over-IP has revolutionised the voice telephony. It provides flexibility, portability, cost savings and convenience. Many of these benefits come about because it uses a public network for all traffic (the Internet). The public nature of the network, however, and the unpredictable routing of this technology means that other new technology makes it easier to snoop or eavesdrop on your calls, which can be a real problem if you are involved in sensitive activities where 3rd parties might wish to listen-in (industrial espionage etc.). It's true enough though that even on a regular phone line, it's easy enough to bug calls (for example tapping into the wires outside your office or at the local exchange).

Standard Voice-over-IP is carried across the internet in clear form; your voice is encoded (i.e. turned into a digital signal) but not encrypted). It is then transmitted to the remote location where it is then converted back into voice for the other person to hear. Anyone on the network path between you and the remote site could capture that data (known as 'sniffing') and listen in or record the call without you knowing; there are lots of tools readily available to do that.

DrayTek's VoIP Encryption system makes it impossible for anyone 'en-route' to listen in to your call. Even if they have complete access to your network or all data to or from your premises, encrypted VoIP traffic leaving the router is safe. Using DrayTek VoIP encryption is more secure than using standard analogue lines, ISDN lines or cellphones. Whether you are involved in confidential research, corporate secrecy (Takeovers, Mergers & Acquisitions), Finance (trading etc.) you will appreciate the confidence of knowing that no-one on the Internet is listening.

Technical Explanation

DrayTek's VoIP Encryption feature is easy to operate. It's based on a combination of the ZRTP and SRTP protocols. You do not need to set any passwords or secret keys yourself; it's all automatic (using a complex but clever method called Diffie-Hellman Key Exchange). This compares to other encryption systems where you have a 'public key infrastructure' or pre-shared key which you have to somehow get to the other party (and therefore risk interception in transit). In addition, the use of an SAS (Short Authentication String) eliminates any realistic possibility of a MitM (Man-in-the-Middle) attack.

With the DrayTek solution, you call the remote party as normal and once connected, you hear an audio confirmation that you're secure. It really is that easy to make an encrypted call. As for 'how secure'; DrayTek use 128-bit AES encryption. That cannot be cracked by brute force, and ZRTP takes care of keeping the decryption keys secure. When we say 'cannot', actually the NIST does concede that you could currently crack it if you allowed 149 trillion years (that's a long time) using today's computers. Additionally, there's no possibility of your keys becomming compromised (known by others) because you don't have to distribute them to the other person - they are automatically generated and exchanged in real-time.

listen to a sample audio confirmation

Select a DrayTek product with VoIP Encryption

Voice-over-IP Encryption is currently supported on the Vigor 2820Vn ADSL Router/Firewall (you need compatible products both ends). That provides twin phone ports and both can be active on encrypted calls simultaneously. If you already have that model, you can download a free upgrade to your router's firmware from the DrayTek web site. For a guide to setting up VoIP Encryption on the Vigor 2820Vn, Click Here.

To learn more about DrayTek routers with VoIP Encryption and to select the right model for your needs, speak to your DrayTek Authorised Dealer.