Tech

The Cloud and Voice Encryption

Published on:

February 7, 2014

When the first version of pbxnsip introduced RTP encryption, it was a pioneering feature, but it didn’t generate the expected marketing success. Back then, customers were just happy if they could hear each other over VoIP. Over time, we refined our SRTP implementation to address challenges like the rollover counter, optimized transcoding, and avoided one-way audio issues. With growing awareness of security, encryption is now a critical focus, yet many providers still don’t encrypt voice traffic. To bridge this gap, we’ve added the ability to write decrypted PCAP files, making troubleshooting encrypted voice easier. This is available in version 5.1.3.

The first version of pbxnsip had RTP encryption. It was actually one of the reasons to start a new PBX because, at that time, there was nothing affordable on the market.  I remember we made a full-page advertisement in a telephony magazine about this important feature but, instead of the phone ringing all the time about this new feature, it was a marketing flop. Almost nobody cared. At that time VoIP was in a different stage; customers were happy if they could hear each other at all. One-way audio had just been invented.

Over time we learned how to deal with the rollover counter. Instead of coming up with SSRTP, which is not backward compatible, we found a pragmatic way that works in practically all situations. We optimized the SRTP implementation, so SRTP transcoding wasn't stressing the CPU too much - also, transfers didn't cause any SRTP hiccups. We also found ways to read misleading answers during the negotiation, so we didn't end up with one-way audio because of SRTP.

After the latest revelations about the various agencies in the world, people today are a lot more aware of the importance of voice encryption and the cloud. There is still a huge gap between what could be done and the reality, however, and many hosted PBX providers aren't encrypting their voice traffic between the PBX and the handset. Even worse, the competition in the SIP trunk space is all about price. Things like encryption don’t play a role, so most of the RTP traffic in the internet backbone is completely unencrypted. With the least-cost routing that makes up most routing decisions today, it would be easy to set up a trunk provider that bids for the routes you're are interested in, and then you’ll get the voice traffic delivered to your front door.

I haven't given up the hope that SRTP will be used on a trunk one day, and we are still preparing for this. Apart from offering the encryption mechanisms, we also need to work on the tools to troubleshoot encrypted voice.

Therefore, the latest security feature we have added is the writing of decrypted PCAP files. Having the raw packets as they travel in and out of the PBX is great to analyze problems. If they are encrypted, however, they have only limited value. Because the PBX knows the security context, it can first decrypt the packets and then write them into a PCAP file, with the timestamps, when they were received. Other devices like SIP-aware firewalls and ALG are typically unable to see this traffic. This is something that's very useful in cases where installations have quality problems and customers demand encryption of their voice traffic. The feature has been available since 5.1.3 and doesn't need a separate license.

Latest Articles

View All

The Vodia PBX and the OpenAI Realtime API for Healthcare

OpenAI’s Realtime API brings low-latency, multimodal voice capabilities to developers, and Vodia PBX is already harnessing its power. By enhancing IVR with backend JavaScript, Vodia enables real-time AI-driven call interactions, eliminating the need for patterns or webhooks. This integration has a significant impact on healthcare, enabling patients to book or cancel appointments, refill prescriptions, request records, and more, all without speaking to staff, and in multiple languages. This reduces wait times and frees up medical staff to focus on in-person care. With full Microsoft Teams support, the Vodia PBX and OpenAI Realtime API integration streamlines healthcare workflows, boosting efficiency and improving patient outcomes through intelligent, voice-powered automation.

April 24, 2025

How the Hospitality Industry Can Exceed Guest Expectations

As hotels prepare for the upcoming travel season, many are rethinking their communication systems to better meet modern guest expectations. Vodia CEO Dr. Christian Stredicke explains how VoIP, AI, and app-based control are key to delivering smarter, more personalized service. Guests now expect mobile-first experiences—whether for check-in, room controls, or contacting hotel staff. Vodia’s customizable communication solutions help hotels automate tasks, streamline operations, and boost guest comfort while reducing costs. With robust security and seamless integration into existing hotel management systems, Vodia enables hotels to move beyond outdated hardware and deliver the connected, high-quality experience today’s travelers demand.

April 23, 2025

Seatrade Cruise Global 2025: Communications Revolution Onboard - What Cruise Experts Need to Know

At Seatrade’s 40th anniversary, Vodia and Lufthansa Industry Solutions showcased the Vodia Maritime Communication Server and the new CruisR World App—purpose-built for next-generation cruise ships and cost-effective retrofits. Key themes at the event included AI-powered language translation, breakthrough satellite connectivity, UC platforms, and advanced emergency protocols. These innovations enable cruise lines to streamline operations, personalize guest experiences, and meet growing expectations for safety and connectivity. As the cruise industry evolves, Vodia’s solutions position communication teams to lead with smarter, more human-centric technology at sea.

April 23, 2025