Tip of the Trade: ZFone

by Carla Schroder

Advanced encryption has come to VoIP, with ZFone stopping sniffers in their tracks.

Discuss this article in the ServerWatch discussion forum

Unsure About an Acronym or Term?
Search the ServerWatch Glossary

The VoIP industry has been amazingly uninterested in figuring out how to protect the privacy and security of VoIP users. Of all the commercial service providers, only Skype provides encryption and authentication. Fortunately, Phil Zimmerman, the inventor of the best encryption software for all platforms, PGP (Pretty Good Privacy), has turned his talents to protecting VoIP. This is good news because eavesdropping on VoIP traffic is just as easy as sniffing any TCP/IP traffic. So we now have the ZFone.

ZFone operates invisibly, without needing administration and setup the way PGP does. With PGP you have to set up a public key infrastructure (PKI). A PKI performs authentication, verifying that the person you're communicating with really is who he or she claims to be, prevents eavesdropping and alerts you if the transmission has been altered in transit. This is what Skype uses. It works because Skype operates a closed network and because the Skype protocol is so efficient the additional overhead of a PKI doesn't harm call quality.

But this is cumbersome for the way most people use telephones. Most of us don't want to hassle with closed networks or having to exchange public keys with everyone with whom we want to talk. We want to do what we've always done — just pick up the phone and call whomever we want. ZFone promises the best of all worlds: ease-of-use and genuinely strong protection. It works with any SIP/RTP phone. It auto-detects if encryption is supported by other endpoints, then handles the key exchange and encryption automatically. It does not perform authentication; all it does is securely encrypt your call. It's available as a plugin for softphones, so you can start using it now.

Even better — the code is open, so developers can download the SDK (software development kit) and integrate it into their own products.

This article was originally published on Tuesday Jan 1st 2008
Mobile Site | Full Site