End-to-Site encryption security (SRTP with SDES key exchange)

To make mobile to landline calls or use any extended telephony features such as conference room, call diverting, integration with public telephony network, then an end-to-site security model apply.

For example, a manager roaming around with a PrivateGSM equipped mobile phone makes a call to his assistant on her office desk phone integrated with the corporate PBX.

In order to achieve such flexibility, calling from a secure line (the manager’s mobile with PrivateGSM) to an unsecure line (the assistant’s desk phone), the security must be terminated at a certain point of the communication line, typically at the PBX level and then forwarded like a standard unsecure call.

For security clearness, in end-to-site model the line could be “intercepted” on the cables/line that belong to the unsecure call. That part of the communication is, in a typical enterprise scenario, stay within the internal building where physical security is considered trusted and managed trough organization processes.

That’s the most flexible security model, called end-to-site encryption and we enforce it with SRTP/SDES protocol along with SIP/TLS signaling encryption.

SRTP is the open IETF standard voice encryption system to protect the communication between two peers sending the encryption keys of a phone call through the secure connection (SIP/TLS) through a VoIP PBX.

It is defined as an end-to-site encryption, because the PBX can decrypts and re-encrypts the audio flow exchanged between both parties of a phone call, so the PBX can observe and record the communication.