PKI vs. Zfone: What's your best bet for VoIP security?

VoIP security is a big issue -- both in terms of authenticating users and devices and providing confidentiality for calls by encrypting the voice messages themselves. Is PKI the best solution, or is the new Zfone a better bet? Deb Shinder weighs the pros and cons of each solution, and she offers a third alternative to consider.

There's been a lot of talk lately about whether VoIP security should rely on public key infrastructure (PKI) or find another method of encryption and authentication. Phil Zimmermann, famous for creating the Pretty Good Privacy (PGP) encryption scheme for protecting the contents of e-mail messages and data files, recently developed a VoIP encryption product called Zfone based on the new ZRTP protocol.

Zimmermann touts one of the big advantages of Zfone as the fact that it doesn't require PKI. What's the best choice for VoIP security? Let's weigh the pros and cons of each solution.

How PKI works

PKI is one of the most secure ways to provide authentication of VoIP users and devices as well as encryption of VoIP transmissions. Authentication is the process of verifying the identity of a user or device on the network.

PKI uses X.509 digital certificates issued by trusted third parties called certification authorities (CAs) and mathematically related public/private key pairs. Because the owner is the only one who knows the private key and the public key is available to anyone, this provides a way for the owner to prove his or her identity.

Here's how it works:

  1. The owner of the key pair uses the private key to digitally sign a message by encrypting a hash of the message with the private key.
  2. The sent message also includes that encrypted value.
  3. The recipient obtains the sender's public key. (The message may include it as part of a certificate.)
  4. Using the public key, the recipient can verify that the calculated message hash is the same as the one with the original message created with the associated private key.

PKI includes one or more certification authorities that issue certificates, end users issued those certificates, and optionally registration authorities that handle PKI management tasks and/or a Certificate Revocation List (CRL) issuer. CRLs are necessary when you have to revoke a certificate. For example, you would need to revoke a certificate if someone has compromised the associated private key or the user has left the organization. Also required is a repository or database that holds the certificates and CRLs.

The most obvious disadvantage of PKI-based security is that it requires CAs. That means you must either implement internal CAs or purchase certificates from public CAs. The security provided by the PKI depends on the strength of protection of the CA's signing keys.

How Zfone works

Zimmermann's Zfone uses public key algorithms without relying on PKI. Instead of using persistent public keys, it destroys the keys at the end of a call.

However, it saves some of the key material and uses it in the next call to provide key continuity. This helps prevent man-in-the-middle (MITM) attacks. The software displays a hash of the symmetric key used to encrypt the call, which you can compare to the hash displayed to the person at the other end of the call. If they match, you're good to go. If not, you may be the victim of a MITM attack.

The ZRTP protocol negotiates the cryptographic keys over the Real-Time Transport Protocol (RTP) stream and doesn't involve the Session Initiation Protocol (SIP) servers in the process. Key management is peer to peer, and it doesn't rely on servers.

You can integrate ZRTP into VoIP hardware, or you can use the Zfone software with VoIP clients such as Gizmo or SJphone. It's currently in beta testing, and the beta runs on Windows XP, Linux, or Macintosh OS X. (It doesn't support Vista yet.)

You can run the Zfone software before you start your VoIP client program and leave it running as you make calls. The software detects whether the VoIP client on the other end of the call supports ZRTP.

If it does, Zfone establishes key agreement and proceeds to encrypt and decrypt the voice packets as you send and receive them. The Zfone Control Panel verifies that the call is secure using Advanced Encryption Standard (AES) 128-bit encryption.

Not everyone is convinced that Zimmermann's non-PKI VoIP security solution is superior to PKI-based security. In August 2005, when Zimmermann introduced it at the Black Hat conference, TechRepublic's George Ou questioned Zimmermann's criticism of PKI in a blog post. Ou also posted Zimmermann's response.

Security without the hassle

There's a way to avoid dealing with PKI issues or the Zfone software and still ensure that your calls are confidential: Use Skype for VoIP calls. Skype automatically encrypts all calls end to end, and the process is transparent to the users. It uses a proprietary session establishment protocol, which includes protection against replay attacks and supports key negotiation and verification of peer identity.

Skype uses public key cryptography; the software connects to a centralized server where the user logs in to certify his or her public key. The cryptographic standards used include AES, the RSA public key system, the RC4 cipher stream, and the SHA-1 hash function. Skype issues each user a digital certificate and integrates these certificates into its online directory, so there's also authentication based on those certificates.

However, the registration system doesn't require any positive proof of identity (such as a government-issued ID). So a person could register using a false name and pretend to be someone he or she is not.

For a more detailed discussion and independent evaluation of Skype's security mechanisms, check out this PDF by Tom Berson of Anagram Laboratories.


VoIP security is a big issue -- both in terms of authenticating users and devices and providing confidentiality for calls by encrypting the voice messages themselves. There are a number of ways to use cryptography to accomplish these purposes, some that rely on a PKI and some that don't. You can also get all the advantages of PKI without any of the hassle of implementation and management by using a product such as Skype.

Want more tips and tricks to help you plan or optimize your VoIP deployment? Automatically sign up for our free VoIP newsletter, delivered each Monday!

Deb Shinder is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. She currently specializes in security issues and Microsoft products, and she has received Microsoft's Most Valuable Professional (MVP) status in Windows Server Security.

By Deb Shinder

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...