Protecting Voice over IP Communication Using Electronic Identity Cards

Using communication services like voice services, chat services and web 2.0 technologies (wikis, blogs, etc) are a common part of everyday life in a personal or business context. These communication services typically authenticate participants. Identities identify the communication peer to users of the service or to the service itself. Calling line identification used in the Session Initiation Protocol (SIP) used for Voice over IP (VoIP) is just one example. Also, further mechanisms rely on identities, e.g., white lists defining allowed communication peers. Trusted identities prevent identity spoofing. They are a basic building block for the protection of VoIP communication. However, providing trusted identities in a practical way is still a difficult problem. Identity cards have been introduced by many countries supporting electronic authentication and identification of citizens, e.g., the German “Elektronischer Personalausweis” (ePA). As many German citizens will possess an ePA soon, it can be used as security token to provide trusted identities. Authentication and identification are important building blocks in the protection of VoIP communication, keying material established during authentication can be used for further protection of the communication. This paper describes how identity cards can be integrated within SIP-based voice over IP telephony to reliably identify users and authenticate participants using as example the German ePA.