Add encryption and push to regular SIP



    Hi Habr! In this article, we would like to highlight several SIP problems when used on a mobile device, which users usually do not know or do not guess.

    One of the main problems is that if you use any SIP provider (or your own IP PBX) on your smartphone, then with 99% confidence we can say that your data is unencrypted.

    Probably many people did a simple thing - they sniffed traffic from SIP devices in order to find the cause of any inoperability of a VOIP connection.

    In practice, this means that all your SIP conversations can also be easily captured, restored and listened to on the side of the mobile client and can be done quite easily.


    Wikipedia tells us that this problem exists :

    “Connection security

    Many consumer IP telephony implementations do not support cryptographic encryption, despite the fact that having a secure telephone connection is much easier to implement as part of IP technology than on traditional telephone lines. As a result, using a traffic analyzer is relatively easy to set up to listen to IP calls, and even tweak them with some tricks. ”

    This problem arises from the desire to make a universal SIP client, although in almost all popular softphones the possibility of encryption is stated.

    But besides the softphone itself, encryption must support the SIP server and here lies the root of the problem - providers are different, they use different solutions and in order to support the entire SIP zoo of their clients' devices, encryption on the server is usually turned off.

    Another problem that also occurs quite often is blocking the SIP protocol itself.

    It can be blocking at the level of both a single provider and national operators - for example, SIP is blocked by the authorities of the UAE, China and a number of other countries.

    Another well-known problem associated with the use of SIP on mobile devices is that standard VOIP softphones, being constantly running, significantly consume the battery of a smartphone.

    This happens because most IP PBXs are a regular SIP server that requires periodic client registration, i.e., the application on the phone should always be online and, accordingly, the IP PBX always waits for the registration packet from the application.
    If within a certain time a registration package does not come from the application, the IP PBX considers that the client is offline and no one inside the PBX can make a call to that client.

    Therefore, such applications should always be online and therefore significantly consume the battery of a mobile device.

    It happened so historically when client SIP devices were mainly desktop IP phones or VOIP gateways and, accordingly, there was no problem saving batteries.
    The worst thing for iOS users right now is that since version 11, Apple has completely removed the possibility of its applications being always online and, accordingly, old SIP applications no longer work on new versions of iOS. This is dictated by the Apple policy to minimize battery consumption for all applications.

    There are several ways out of the battery situation.

    The main idea is to transfer the application to offline, i.e. “put to sleep” the application and wake it up by pushing just at the time when the incoming call comes.

    Actually, this is what all popular instant messengers with proprietary protocols are doing - WhatsApp, Viber, Telegram and others, when an incoming audio or video call goes - they push the app up, it starts and is able to receive calls after that.

    The first solution is to create your own server, your own IP PBX and write your own client under two platforms (iOS and Android), which would do the above described actions.

    In principle, some large VOIP providers (for example, MTT) or manufacturers of software for VOIP servers are doing this - they have their own SIP clients for mobile devices that operate in push mode.

    The problem is that such clients can work only with this provider or with one specific PBX, respectively, if you use your office IP PBX and other IP telephony providers at the same time, then this solution will not work for you.

    The second way is to buy a universal SIP client who can push.
    Why do such decisions cost money?

    Because a SIP client with a push is not just writing a separate application and putting it into the stack.

    To do this, you need to create and maintain a separate server that will send regular registration packets to your IP PBX, and the server itself will work directly with the application to wake it up when it is called.

    Those. to create a whole infrastructure is needed and that is why such universal solutions are paid.

    But what about the above problems with encryption and SIP blocking?

    There is a universal solution - M1 Messenger , which can also work as a SIP client with push mode, and at the same time provides encryption on the client side and protection against blocking.

    SIP traffic is “wrapped” into encrypted messenger traffic (TLS) and is no longer recognized by DPI providers as VOIP.

    All this works on absolutely any SIP server - whether it is an office Asterisk or any other provider with virtual numbers - everywhere on the client side there will be encrypted traffic and push mode.

    So, download the messenger for Android or for iOS , register (note that registration does NOT require a phone number).

    In the general menu we find the SIP Connections tab:


    Add your existing SIP-account.

    Name is the name of your provider (in our example it will be Zadarma)
    User - here you need to specify your SIP login
    Domain - the address of your VOIP provider.
    If the provider or your IP PBX uses your port, then you can
    specify it through a colon, for example: sip.voipprovider.com: 5060
    Auth - your SIP login (the same as in the User section)
    Password - your SIP account password


    Up to 8 such accounts can be added to the messenger. For outgoing dialing, a choice will be offered through which provider to make a call.

    You can add several numbers to the messenger - both office and other cities and countries, and always be available for incoming calls without fear of a large battery of the smartphone.

    Since the messenger supports push, the application in sleep mode sleeps and does not consume the battery of the smartphone.

    Thus, you can always be in touch for incoming SIP calls - with a DID of a virtual or office number for example (now SIP is usually only used for outgoing calls due to power problems).

    We hope that the new features of M1 Messenger will expand the scope of application of such a convenient and popular communication protocol like SIP.
    Tags:

    Also popular now: