{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,6]],"date-time":"2026-02-06T04:47:38Z","timestamp":1770353258045,"version":"3.49.0"},"reference-count":27,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2018,1,19]],"date-time":"2018-01-19T00:00:00Z","timestamp":1516320000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"Security issues of typical Voice over Internet Protocol (VoIP) applications are studied in this paper; in particular, the open source Linphone application is being used as a case study. An experimental analysis indicates that protecting signalling data with the TLS protocol, which unfortunately is not always the default option, is needed to alleviate several security concerns. Moreover, towards improving security, it is shown that a VoIP application may operate over a virtual private network without significantly degrading the overall performance. The conclusions of this study provide useful insights to the usage of any VoIP application.<\/jats:p>","DOI":"10.3390\/cryptography2010003","type":"journal-article","created":{"date-parts":[[2018,1,22]],"date-time":"2018-01-22T04:51:13Z","timestamp":1516596673000},"page":"3","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["On the Cryptographic Features of a VoIP Service"],"prefix":"10.3390","volume":"2","author":[{"given":"Dimitrios","family":"Alvanos","sequence":"first","affiliation":[{"name":"School of Pure & Applied Sciences, Open University of Cyprus, Latsia 2220, Cyprus"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7663-7169","authenticated-orcid":false,"given":"Konstantinos","family":"Limniotis","sequence":"additional","affiliation":[{"name":"School of Pure & Applied Sciences, Open University of Cyprus, Latsia 2220, Cyprus"}]},{"given":"Stavros","family":"Stavrou","sequence":"additional","affiliation":[{"name":"School of Pure & Applied Sciences, Open University of Cyprus, Latsia 2220, Cyprus"}]}],"member":"1968","published-online":{"date-parts":[[2018,1,19]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Kuhn, D.R., Walsh, T.J., and Fries, S. (2005). Special Publication 800-58: Security Considerations for Voice over IP Systems.","DOI":"10.6028\/NIST.SP.800-58"},{"key":"ref_2","unstructured":"VoIP Security Alliance (2017, November 26). VoIP Security and Privacy Threat Taxonomy;. Available online: https:\/\/www.voipsa.org\/Activities\/VOIPSA_Threat_Taxonomy_0.1.pdf."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Wahab, A., Bahaweres, R.B., Alaydrus, M., and Sarno, R. (2013, January 12\u201314). Performance analysis of VoIP client with integrated encryption module. Proceedings of the 1st International Conference on Communications, Signal Processing, and Their Applications (ICCSPA), Sharjah, UAE.","DOI":"10.1109\/ICCSPA.2013.6487300"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Azfar, A., Choo, K.K.R., and Liu, L. (2014, January 6\u20139). A Study of Ten Popular Android Mobile VoIP Applications: Are the Communications Encrypted?. Proceedings of the 47th Hawaii International Conference on System Sciences (HICSS), Waikoloa, HI, USA.","DOI":"10.1109\/HICSS.2014.596"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"315","DOI":"10.1504\/IJCNDS.2016.077664","article-title":"Ensuring non-repudiation in human conversations over VoIP communications","volume":"16","author":"Cattaneo","year":"2016","journal-title":"IJCNDS"},{"key":"ref_6","first-page":"89","article-title":"Efficient Implementation of VoIP over VPN wrt Packet Delay and Data Security","volume":"3","author":"Ashraf","year":"2016","journal-title":"Int. J. Multidiscip. Approach Stud."},{"key":"ref_7","first-page":"41","article-title":"A Look at VoIP Vulnerabilities","volume":"35","author":"Keromytis","year":"2010","journal-title":"USENIX Mag."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1016\/j.diin.2009.10.001","article-title":"Speaker recognition from encrypted VoIP communication","volume":"7","author":"Khan","year":"2010","journal-title":"Digit. Investig."},{"key":"ref_9","first-page":"4","article-title":"Wiretapping, End-to-End Encrypted VoIP Calls: Real-World Attacks on ZRTP","volume":"3","author":"Kabus","year":"2017","journal-title":"PETS"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Shirvanian, M., and Saxena, N. (2014, January 3\u20137). Wiretapping via Mimicry: Short Voice Imitation Man-in-the-Middle Attacks on Crypto Phones. Proceedings of the ACM Conference on Computer and Communications Security, Scottsdale, AZ, USA.","DOI":"10.1145\/2660267.2660274"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Shirvanian, M., and Saxena, N. (2015, January 7\u201311). On the security and usability of crypto phones. Proceedings of the 31st Annual Computer Security Applications Conference, Los Angeles, CA, USA.","DOI":"10.1145\/2818000.2818007"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1109\/MNET.2006.1705880","article-title":"Denial of service attacks targeting a SIP VoIP infrastructure: Attack scenarios and prevention mechanisms","volume":"20","author":"Sisalem","year":"2006","journal-title":"IEEE Netw."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1880022.1880029","article-title":"Uncovering spoken phrases in encrypted voice over IP conversation","volume":"13","author":"Wright","year":"2010","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Zhang, G., Fischer-H\u00fcbner, S., Martucci, L.A., and Ehlert, S. (2009, January 16\u201319). Revealing the Calling History of SIP VoIP Systems by Timing Attacks. Proceedings of the International Conference on Availability, Reliability and Security, Fukuoka, Japan.","DOI":"10.1109\/ARES.2009.129"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Zhang, R., Wang, X., Farley, R., Yang, X., and Jiang, X. (2009, January 10\u201312). On the feasibility of launching the man-in-the-middle attacks on VoIP from remote Attackers. Proceedings of the ACM Symposium on Information, Computer and Communication Security, Sydney, Australia.","DOI":"10.1145\/1533057.1533069"},{"key":"ref_16","unstructured":"Linphone (2017, November 26). Open Source VOIP Project. Available online: http:\/\/www.linphone.org\/."},{"key":"ref_17","unstructured":"Packetizer (2017, November 26). H.323 Versus SIP: A Comparison. Available online: http:\/\/www.packetizer.com\/voip\/h323_vs_sip\/."},{"key":"ref_18","unstructured":"Network Working Group (2003). RFC 3550-RTP: A Transport Protocol for Real-Time Applications, The Internet Engineering Task Force. Technical Report."},{"key":"ref_19","unstructured":"Network Working Group (2002). RFC 3261-SIP: Session Initiation Protocol, The Internet Engineering Task Force. Technical Report."},{"key":"ref_20","unstructured":"Network Working Group (2004). RFC 3711-SRTP: The Secure Real-time Transport Protocol (SRTP), The Internet Engineering Task Force. Technical Report."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"McGrew, D., and Rescorla, E. (2010). Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-Time Transport Protocol (SRTP), The Internet Engineering Task Force. RFC 5764 Technical Report.","DOI":"10.17487\/rfc5764"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Zimmermann, P., Johnston, A., and Callas, J. (2011). RFC 6189-ZRTP: Media Path Key Agreement for Unicast Secure RTP, The Internet Engineering Task Force. Technical Report.","DOI":"10.17487\/rfc6189"},{"key":"ref_23","unstructured":"Belledonne Communications (2017, November 26). Secured Communications Using Linphone & Flexisip Solution Description. Available online: http:\/\/www.belledonne-communications.com\/uploads\/images\/Solutions-SecuredCommunications.pdf."},{"key":"ref_24","unstructured":"Critelli, A. (2017, May 20). Hacking VoIP\u2014Decrypting SDES Protected SRTP Phone Calls. Available online: https:\/\/www.acritelli.com\/hacking-voip-decrypting-sdes-protected-srtp-phone-calls."},{"key":"ref_25","unstructured":"(2017, November 26). Wireshark (Network Protocol Analyzer). Available online: https:\/\/www.wireshark.org\/."},{"key":"ref_26","unstructured":"Gauci, S. (2017, November 26). SipVicious: SIP Penetration Testing and Exploitation Kit. Available online: http:\/\/blog.sipvicious.org."},{"key":"ref_27","unstructured":"Gauci, S. (2017, November 26). If SipVicious Gives You a Ring. Available online: http:\/\/blog.sipvicious.org\/2012\/12\/if-sipvicious-gives-you-ring.html."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/1\/3\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T14:51:49Z","timestamp":1760194309000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/2\/1\/3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,1,19]]},"references-count":27,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2018,3]]}},"alternative-id":["cryptography2010003"],"URL":"https:\/\/doi.org\/10.3390\/cryptography2010003","relation":{},"ISSN":["2410-387X"],"issn-type":[{"value":"2410-387X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,1,19]]}}}