slaider
Communication network

card product

» Products » Communication network » SIP-based VoIP Security System
SIP-based VoIP Security System

1 Overview
Developed by Privis under its sole intellectual property, SIP-based VoIP Security System provides end-to-end encryption services to SIP-based VoIP system. Attaching it to soft switch / IMS network without any changes to network topology and communications infrastructure, it offers systematic, high-strength, and high-quality VoIP secure communication solutions. 

 

SIP-based VoIP Security System includes: SIP Terminal Encryptor (STE), SIP Encryption Phone (SEP), USB VoIP Encryptor (UVE) and VoIP Key Management Center (VKMC). Deployed in soft switch / IMS network, it provides users with media stream encryption services (voice, video and fax), and seamlessly integrates with 3G, 4G IP mobile terminals.

 

 

 

SIP-based VoIP Security System conforms to the standard soft switch / IMS network security system. It fits flexibly with different government and business VoIP needs (standard, customized, personalized), and offers convenient and friendly user interface to install and operate.

 

2 System Functions

  • Provide SIP-based voice, video and fax encryption protection;
  • Provide encryption protection under scenarios including voice/video conferencing, voice monitoring and terminal roaming;
  • Support SBC (Session Border Control) NAT under soft switch / IMS system;
  • Support normal SIP terminals and secure SIP terminals interoperation;
  • Support configuration, monitoring, and logging of on-line devices;
  • Provide end-to-end encryption service for smartphones;
  • Realize crypto calculation, key generation and administrator identity identification via smart key;
  • Support key generation, distribution, change and destruction;
  • Support administrator rights management and operational logs audit;
  • Support firmware upgrade

 

3 Specifications

  •  System capacity: end users ≥5000 and scalable;
  • Maximum increase of call setup time is no more than one second;
  • Support IPv4, can be extended to IPv6;
  • Encrypted transmission protocol: improved SRTP/SRTCP encapsulation protection
  • Quality of encrypted communication: MOS value exceeds 3.5;
  • Voice delay of encrypted communication: less than 1 second;
  • Encrypted call connection success rate: ≥95%
  • Encrypted call traffic consumption:
    • smartphone:<400KB/min
    • desktop:<300KB/min

 

4 Security Features

  • Adopt block cipher, support algorithms and algorithm parameters change;
  • Support online key negotiation (proprietary key negotiation protocol);
  • Support off-line distribution of device certificate and keys;
  • Key are generated via standard white noise source;
  • Key length: 128, 192, 256 bits selectable, maximum strength: 10 high 77;
  • Support crypto algorithms of SM2, SM3, SM4, and ZUC;
  • SM2 realized identity identification and key negotiation; ZUC realized voice encryption protection; SM4 realizes communication data encryption protection; SM3 realizes message digest;
  • One session one key, and keys are automatically destroyed when the session ends;
  • Support security audits of devices and system;
  • Support local or remote emergency key destruction;

 

 

5 Target Users

  • Government institutions: internal communications network deployed at government departments at all levels. SIP-based VoIP Security System can be attached to the existing internal network and configured flexibly according to government agencies needs to achieve unified management, providing users with secure, flexible, and efficient VoIP communications;
  • Large, medium and small enterprises: When corporate headquarters, divisions and branches interconnect through IP private network or Internet, SIP-based VoIP Security System can perfectly integrate into corporate existing networks without changing the network topology and communications infrastructure, providing users with safe and economical VoIP secure communication solutions.

 

 

6 Typical Application

 

 

 

7 Main Components

 

7.1 SIP Terminal Encryptor (STE)

 

STE is deployed at the line side of SIP/IMS and connected between the SIP and network to protect one or more SIP telephones. Its features include the following:

  •  Two Ethernet interfaces: The two interfaces are separately located at the network side and user side with 10/100Mbps Ethernet electrical interface, 10/100 Base-T/TX self-adaption, physical interface mode RJ45;
  • Secure communication throughput: ≥ 2 M;
  • Maximum concurrent secure tunnels: ≥ 4;
  • Dimensions:Depth 9.2 cm, Width 13.2 cm, Height 2.8 cm;
  • Power supply:It supports external power supply with Voltage 5.0 × (1±10%) V and PoE Ethernet power supply conforming to IEEE 802.3af and power feeds at the network side, power consumption ≤ 5 W;
    • Environmental:
    • Operating temperature: 0 ℃ ~ 45 ℃;
    • Storage temperature: -40 ℃ ~ 65 ℃;
    • Relative humidity: 20% ~ 80%;

 

 

7.2 SIP Encryption Phone (SEP)

 

 

SEP is deployed at the user side. As an integrated secure voice communication terminal it offers encryption protection for media flow. It is simple to operate as the ordinary civil SIP telephone with some features in the following:

  • Audio encoding and decoding mode:G.711A/U, G.729, G.726;
  • Network interface: Two 10/100 M Ethernet interfaces;
  • Network protocol:TCP/IPv4, UDP, RTP/RTCP, DHCP, etc;
  • Call Control Protocol:SIP/SDP, support software switch and IMS network environment;
  • Encrypted transmission protocol: adopt improved IPSec ESP encapsulation;
  • Encryption Rate:≥ 1 Mbps;
  • Realize the encrypted voice communication between telephones which are under the protection of STE and UVE;
  • Dimensions:Depth16.8 cm, Width22.6 cm, Height 6.8 cm;
  • Power supply: Power Supply from External power Adapter: Voltage 5.0× (±10%)V, Power consumption ≤ 10 W; Support POE Power Supply, Power consumption ≤10 W;
    • Environmental:
    • Operating temperature: 0 ℃ ~ 45 ℃;
    • Storage temperature: -40 ℃ ~ 65 ℃;
    • Relative humidity: 20% ~ 80%;

 

 

7.3 Secure SmartPhone (SS)

 

With crypto TF card inserted in it, secure smartphone provides end-to-end encrypted voice and IM services

  • End-to-end encryption;
  • One-session-one-key encryption protection;
  • Secure access control and secure storage mechanism;
  • Encryption algorithm implementation on TF encryption card;
  • Key calculation, storage and usage are within TF encryption card;
  • Online key destruction;

 

 

7.4 USB VoIP Encryptor (UVE)

 

Through USB interface UVE protects VOIP communication of SIP soft-terminal of windows system laptop or computer.

Its features include the following:

  • USB interface:support USB 2.0;
  • Encryption rate:≥ 5 Mbps;
  • Support Windows XP and Win7;
  • Dimensions:Length 4.5 cm, Width 1.8 cm, Height 0.8 cm;
  • Power supply:standard USB bus power supply, power consumption ≤ 5 W;
    • Environmental:
    • Operating temperature: 0 ℃ ~ 45 ℃;
    • Storage temperature: -40 ℃ ~ 65 ℃;
    • Relative humidity: 20% ~ 80%;

 

 

7.5 VoIP Key Management Center (VKMC)

 

VKMD is normally deployed in the subnet where IMS network element exists with functions such as equipment registration, certification distribution, key distribution, on-line centralized configuration and destruction for STE, SEP, and SS.

  • Provide identity authentication, digital signature, cipher key and certificate services;
  • Adopt hybrid cryptosystem. Symmetric key is used for message digest calculation and message encryption; the public/private key provides key protection and message signature;
  • Maximum devices management: 5000 units;
  • Interface:

Ethernet Interface:RJ45, 100/1000Base-T Self-adaption;

Equipped with IC card key injection and off-line distribution interface;

  • Security level of operator: Level 2(System operator and normal operator);
    • Environmental:
    • Operating temperature: 0 ℃ ~ 40 ℃;
    • Storage temperature: -10 ℃ ~ 55 ℃;
    • Relative humidity: 20% ~ 80%;

 

 

7.6 SIP Server

SIP server is responsible for processing the call control signal as dialing, answering and hanging the phone. The call signaling is transmitted after encryption through the secure channel to ensure its security.

  • Realizing the function of call control of all sorts of SIP terminal;
  • Realizing the function of media data forwarding;
  • Realizing the function of user management;
  • Realizing the function of system configuration management;
  • Quality of encrypted communication: MOS value exceeds 3.5;
  • Voice delay of encrypted communication: less than 1 second;
  • Encrypted call connection success rate: ≥95%
  • Encrypted call traffic consumption:
    • smartphone:<400KB/min
    • desktop:<300KB/min
  • Supports SIP;
  • Support RTSP;
  • Supports NAT traversal and media forwarding;
  • User capacity: a single server supports 20,000 users;
  • Number of concurrent calls: a single server supports 2000 concurrent calls;
    • Environmental:
    • Operating temperature: 0 ℃ ~ 40 ℃;
    • Storage temperature: -10 ℃ ~ 55 ℃;
    • Relative humidity: 20% ~ 80%;

 

 

7.7 IM Server

 

IM server is composed of an IM application server and an IM push server. The IM application server provides services as registration, login, message storage and transfer and management to the secure instant messaging client. IM push server provides message push service to the secure instant messaging client based on MQTT protocol.

  • Supporting single-chat and group-chat IM between clients
  • Supporting encryption transmission function of chat messages between clients
  • Supporting encryption transmission function of images/documents between clients
  • IM input supporting Chinese, English, figures, all sorts of characters, punctuation and emojis.
  • Images/documents transmitted shall not exceed 4M bytes
  • Message delivery time (under normal network conditions): ≤5s
  • Image format: common format for cellphones
  • Number of concurrent calls: a single server supports 2000 concurrent calls;
    • Environmental:
    • Operating temperature: 0 ℃ ~ 40 ℃;
    • Storage temperature: -10 ℃ ~ 55 ℃;
    • Relative humidity: 20% ~ 80%;

 

SIP-based VoIP Security System
Write the E-Mail, we will contact you within days.



Write the E-Mail, we will contact you within days.