Date: 12/05/2024

Vendor: Netmaker Communications

Technology/Topic: Zero-Trust Architecture (ZTA) for Voice Over Internet Protocol (VoIP)

URL: https://www.ucnetmaker.net

TEM Presentation Video (milTube)

TEM Presentation Slide-Deck

______________________________________________

Welcome to the Technical Exchange Meeting (TEM)!

Session Initiation Protocol (SIP) traffic falls under the “Application and Workload” ZTA pillar and is a vital element of Next Generation 9-1-1 (NG9-1-1). SIP traffic is encrypted via TLS and is associated with the Secure Real-Time Transport Protocol (SRTP). TLS is used for SIP signaling confidentiality, integrity, and data compression, while SRTP provides the encryption and authentication for SIP media paths. For SIP traffic, the ZTA approach should focus on a digital signature inserted in the SIP header to authenticate the call (session) at the time it is initiated. This can be accomplished by utilizing secure keys, identity verification service, identity authentication service, certificate authority, certificate repository, and key management servers. The ZTA approach mimics the Secure Telephone Identity Revisited (STIR)/Signature-based Handling of Asserted Information Using Tokens (SHAKEN) protocol, which digitally validates the handoff of phone calls passing through a network. The STIR/SHAKEN suite of protocols are used to verify SIP traffic, while combating call spoofing.

In 2020, the FCC adopted rules requiring voice service providers to implement STIR/SHAKEN in the IP portions of their voice networks by June 30, 2021. Since then, the FCC has worked to expand the implementation obligation to additional providers with the goal of achieving ubiquitous STIR/SHAKEN adoption. Today, most providers—including voice service providers, gateway providers (U.S.-based intermediate providers that receive calls directly from a foreign originating or intermediate provider), and intermediate providers that receive unauthenticated calls directly from originating providers—are required to use STIR/SHAKEN to authenticate the caller ID information for the calls they transmit. Because the STIR/SHAKEN framework is only operational on IP networks, Commission rules also require providers using older forms of network technology to either upgrade their networks to IP or actively work to develop a caller ID authentication solution that is operational on non-IP networks.

As the DoD modernizes their existing unclassified voice networks from TDM to SIP/VoIP, employing the STIR/SHAKEN suite of protocols within the new DoD unclassified VoIP environment will be germane to maintaining interoperability with the Public Switch Telephone Network (PSTN) as well as aligning the DoD VoIP enterprise to the DoD mandated ZTA framework.     

______________________________________________

To join the DISA TEM mailing list, please contact: disa.tem@mail.mil

______________________________________________

Disclaimer:

— TEMs do not serve as a marketing venue or request for proposal actions.

— TEMs shall not be interpreted as a commitment by the Government to issue a solicitation or ultimately award a contract.

— TEMs do not serve as an endorsement of any presented technologies or capabilities

— Presentations will not be considered as proposals nor will any awards be made as a result of a TEM session.

— TEMs are public open forums – no proprietary or sensitive information should be presented during TEM sessions. Only publicly facing content is permissible in DISA TEM sessions.

The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.