Back to Blog
Tech

The cloud and voice encryption

Published on:

February 7, 2014

When the first version of pbxnsip introduced RTP encryption, it was a pioneering feature, but it didn’t generate the expected marketing success. Back then, customers were just happy if they could hear each other over VoIP. Over time, we refined our SRTP implementation to address challenges like the rollover counter, optimized transcoding, and avoided one-way audio issues. With growing awareness of security, encryption is now a critical focus, yet many providers still don’t encrypt voice traffic. To bridge this gap, we’ve added the ability to write decrypted PCAP files, making troubleshooting encrypted voice easier, and this feature is available in version 5.1.3.

Christian Stredicke

The first version of pbxnsip had already RTP encryption. It was actually one of the reason to start a new PBX because at that time there was nothing on the market that was affordable. I remember we made a full-page advertisement in a telephony magazine about this important feature. However, instead of having the phone ringing all the time about this new feature, it was a marketing flop. Almost nobody cared. At that time VoIP was just in a different stage, customers were happy if they could hear each other at all. One-way audio had just been invented.

Over time we learned how to deal with the rollover counter. Instead of coming up with SSRTP, which is not backward compatible, we found a pragmatic way that works in practically all situations. We optimized the SRTP implementation, so that SRTP transcoding was not stressing the CPU too much. Also transfers did not cause any SRTP hiccups. Also we found ways to read misleading answers during the negotiation so that we did not end up with one-way audio because of SRTP.

After the latest revelations about the various agencies in the world, people today are a lot more aware about the importance of voice encryption and the cloud. However there is still a huge gap between what could be done and what is the reality. Many hosted PBX providers are still not encrypting their voice traffic between the PBX and the handset. And even worse, the competition in the SIP trunk space is all about price. Things like encryption don’t play a role, and so most of the RTP traffic in the internet backbone is completely unencrypted. With least cost routing that makes up most of the routing decisions today, it would be easy to set up a trunk provider that bids for the routes that you are interested in and then you’ll get the voice traffic delivered to your front door.

I have not given up the hope that SRTP will be used on a trunk one day. We are still preparing for this. Apart from offering the encryption mechanisms, we also need to work on the tools to trouble shoot encrypted voice.

Therefore, the latest security feature that we have added is the writing of decrypted PCAP files. Having the raw packets as they go in and out of the PBX if great to analyze problems. However if they are encrypted they have only limited value. Because the PBX knows the security context, it can first decrypt the packets and then write them into a PCAP file with the timestamps when they were received. Other devices like SIP-aware firewalls and ALG are typically not able to see this traffic. This is something that is very useful in cases when installations have quality problems and the customers demand encryption of their voice traffic.The feature is available since 5.1.3 and does not need a separate license.

Latest Articles

View All
Webinar

Webinar | Real-Time Media Streaming in Vodia PBX: AI, Call Transcription, and Security in V69.5.6

Join Vodia Networks on April 8 for a live, in-depth webinar on how real-time media streaming is powering the future of voice communication. Discover how Vodia PBX version 69.5.6 enables seamless AI integration, live call transcription using the Whisper API, and secure voice data handling. Hosted by Sales Engineer Eric Altman and VoIP Engineer Hamlet Collado, this session will walk you through real-world use cases, including OpenAI and Google Speech-to-Text integrations, MS Teams support, and new security features. You’ll also get a first look at Vodia’s AI roadmap and have the opportunity to ask your questions during a live Q&A.

March 28, 2025
Tech

The Vodia PBX On-Premise Whisper AI Deployment​

Whisper, OpenAI’s Automatic Speech Recognition system, delivers multilingual, noise-tolerant, and technical-language-ready transcription through a streamlined encoder-decoder architecture. With Vodia PBX’s integration, organizations can choose between using OpenAI’s service or hosting Whisper AI locally for complete data sovereignty and control. This on-premise option ensures that sensitive call data stays within your infrastructure while still benefiting from powerful transcription capabilities. To explore deployment options, see our Whisper AI on-premise setup documentation, review a self-hosted integration example, or follow our cloud-based call transcription guide.

March 27, 2025
Announcement

Vodia at Enterprise Connect 2025: Embracing AI and Advancing Communications

Vodia Sales Engineer Eric Altman attended Enterprise Connect 2025 on March 18 and 19, where he connected with partners and gained insight into the future of enterprise communications. AI was the clear focus of the event, with discussions centered on agentic systems, chatbots, and generative technologies. “It was certainly the main element in the atmosphere,” Eric noted. He also shared his excitement about Vodia PBX version 69.5.6, which includes real-time AI integration with OpenAI and call transcription using the Whisper API. The event confirmed that AI is rapidly becoming a core component of modern communication platforms—and Vodia is well-positioned to lead the way.

March 26, 2025