Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars     Apps
AFCEA logo
 

The Next Generation of Internet Protocol Services

January 2006
By Dr. Cullen Jennings

 
Because of their robust reliability, security and flexibility, voice over Internet protocol solutions are being adapted by the military worldwide.
Voice technologies evolve for tomorrow’s military networks.

The military is finding that voice over Internet protocol is an effective technology for secure collaboration and information sharing on converged networks—those that combine voice, video and data. Defense organizations are migrating from the isolated, point-to-point communications models of the past toward a more agile, networked and collaborative environment. At the same time, they are replacing their proprietary communications solutions with more interoperable systems based on open standards.

In the defense community, converged networks running on an Internet protocol (IP) infrastructure enable communications across compartmentalized organizations. Voice and data collaboration tools enhance military decision processes by allowing all parties to share and to evaluate the same information simultaneously. And mobile network services provide ubiquitous communications in exercises, logistics missions and combat operations.

Military and defense forces worldwide have adopted flexible voice over IP (VoIP) solutions. In the United States, forces such as the Missouri National Guard use converged IP communications to help meet their communications requirements.

But the true potential of VoIP lies ahead. Standards bodies and networking vendors are developing secure, collaborative VoIP technologies that will support new defense applications, including security, priority and pre-emptions; policy constraining communications; conferencing and collaboration systems; text-based instant messaging; voice and video; shared whiteboard and applications; and location-based signaling that selects the receiver based on a geographic region. The continued innovation spearheaded by standards organizations will help shape the voice and data capabilities of tomorrow’s military.

Historically, voice communication networks have been subject to a wide range of security issues, including toll fraud, eavesdropping, call misdirection, identity misrepresentation and information theft. Defense networks are an especially high-profile target for hackers and require the highest level of security possible. The standards groups and vendors are introducing a range of technologies and solutions to ensure that VoIP remains inoculated against these security risks.

As VoIP technology developed, a primary concern was preventing unauthorized access to network resources. Skeptics wondered whether such networks could hold their own against unauthorized use. A VoIP system must be able to authenticate telephones or terminals to various servers. Session Initiation Protocol (SIP) fulfills this requirement by using digest authentication, a technology deployed widely in both military and civilian settings.

In a voice environment, digest authentication operates similar to hypertext transfer protocol digest authentication from Web browser to Web server. It validates resource requests for outbound calls and confirms requests such as registration for inbound calls. Digest authentication is used only to challenge a request between the user agent and the proxy.

In addition, telephones and terminals use transport layer security (TLS) to verify that the server they are connecting to is the correct one. This is the same as using hypertext transfer protocol security sockets to connect to a Web server: The server presents a certificate using public-key encryption to prove that it is the proper server.

Eavesdropping is another critical security concern for military organizations using VoIP technology. Protecting networks from unauthorized interception of voice packets or real-time transport protocol (RTP) media streams is vital.

Hop-based data encryption using TLS is an effective signal protection solution. This method assures organizations that their call processing servers and telephone end points can be trusted. TLS creates an authenticated, encrypted, integrity-checked channel using standards such as RSA encryption, triple data encryption, advanced encryption and secure hash algorithm (SHA-1). The National Institute of Standards and Technology and other organizations also are working to provide new cryptography standards that can be plugged into existing systems.

Defense organizations can protect RTP media for audio and video traffic with the Secure RTP capability, which uses the advanced encryption standard (AES) in counter mode and SHA-1 encryption technologies to encrypt the media from one end point to another, ensuring information integrity.

Robust caller identification functions such as SIP Identity services increase security for VoIP communications by allowing network users to identify clearly with whom they are communicating. Standards for SIP Identity services are still under development.

 
An intelligent Internet protocol-based
voice network will deliver actionable information from multiple sources throughout the chain of command.
SIP Identity services are highly secure, unlike caller identification on the Public Switched Telephone Network, which can be forged easily. The capability uses a certificate to identify the organization then allows that organization to identify its members. Splitting the process into two levels makes this service easier to deploy and to manage. SIP Identity also allows the use of white lists, which authorize communications among users who communicate frequently with an organization.

Identity services are vital to voice applications for defense organizations. If users cannot verify to whom they are talking, they cannot know whether their call has been intercepted. Strong cryptographic identity tools also improve the effectiveness of the media encryption technologies, providing more robust security for the VoIP network. By implementing comprehensive, layered security throughout their VoIP implementation, defense organizations can tap the benefits of an intelligent and collaborative networked environment without placing their operations at risk.

With a secure voice network, defense organizations have an environment for voice applications that facilitates conferencing and collaboration. An intelligent, IP-based voice network delivers actionable information throughout the chain of command—from multiple sources and locations. Organizations share situational awareness, regardless of the location or time of day.

Some challenging aspects of VoIP involve ensuring interoperability between different voice systems and integrating other task-specific applications in a voice environment. Standards bodies are working to make voice collaboration easier and more feature-rich.

For example, standards are evolving that support voice conferencing. With ad hoc conferencing, teleconferences do not need to be scheduled nor do resources need to be reserved. Voice conferences would be similar to spontaneous, multiparty calls: pervasive and easy to organize. A military organization responding to a natural disaster could communicate with civilian public safety officials quickly to coordinate the joint response or could provide status updates. Standards groups are developing approaches for floor control, moderation and remote selection of input such as which users are allowed access to video streams.

Industry standards organizations also are working to expand the call handling and management features   associated with VoIP. Teleconference owners will exercise more control over their conferences, specify who is speaking and split or merge conferences easily.

Push-to-talk technology, another developing collaborative application that has long been used in radio networks, is converging with telephone and other communication systems. This technology is easy to implement on broadcast media but has been surprisingly difficult to integrate into point-to-point network environments. Push-to-talk over cellular (PoC) is a new technology that will provide more agile mobile communications. For example, a push-to-talk wireless VoIP network could act as a mobile communications system for forces on the move, combining the resilience and security of IP networking with the flexibility and mobility of traditional systems.

As these voice collaboration technologies mature, defense organizations can establish common communication environments to collaborate more securely and effectively. They will integrate telephone, IP telephone, radio and other voice systems smoothly, with IP bridging the different systems and organizations.

Another future IP capability may be overlaying networks that support multiple defense organizations and private contractors or vendors. These partitioned, intelligent networks could enable authorized vendors to communicate and collaborate with one another using a common, IP-based voice and data network. Organizations could define multiple dynamic groups that come together for a particular initiative, then split up and move on to the next mission.

The promise of a secure and pervasive network infrastructure lies in its ability to support instantaneous collaboration between military service branches and coalition partners. The active development of new industry standards, combined with ongoing innovation by technology leaders, is bringing about more secure, collaborative VoIP technology to help defense organizations meet their goal of delivering dynamic, actionable information throughout the chain of command.

Dr. Cullen Jennings is a Distinguished Engineer of the voice technology group at Cisco Systems Incorporated and a member of the Internet Engineering Task Force, an international community of network designers, operators, vendors and researchers who address Internet architecture issues.

Web Resources
Voice over Internet protocol: www.fcc.gov/voip
Voice Over Internet Protocol Security Alliance: www.voipsa.org