Voyant Secure Trunking operates almost entirely the same as a non-secure SIP Trunking. The only difference is a short exchange at the beginning of a call to negotiate a security cipher suite and key. After this, the SIP is encrypted via Transport Layer Security (TLS), while media is encrypted by using Secure Real-Time Transport Protocol (sRTP),  all call setup and tear downs happen normally. It is also important to note that the call is only encrypted on the leg which traverses from the customer IP PBX and the Voyant access Session Border Controller. Once the call is on the internal side of the Voyant network, encryption is no longer used.

How is trust established for Secure Trunking?
Voyant is a Certificate Authority.  Customers may submit a Certificate Signing Request to Voyant by emailing their generated CSR to securetrunking@voyant.com (a process that will soon be integrated into the Admin Portal).  Voyant will digitally sign the certificate and return to the Customer for use in establishing a trusted encrypted communication session.

Is there a cost for Secure Trunking?
Secure Trunking is available for an upcharge associated with usage, starting at $.001/minute of use.

As a Certificate Authority, does Voyant charge for the certificate?
No, we're acting as a Certificate Authority as part of the service.

Does Voyant support third party certificates?
Not at this time.  We also do not charge for signed certs, so this should represent a savings for customers.

What cipher suites does Voyant support?

SIP over TLS

TLS_RSA_WITH_AES_256_CBC_SHA256

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_RSA_WITH_AES_128_CBC_SHA256

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_3DES_EDE_CBC_SHA

SRTP

AES_CM_128_HMAC_SHA1_80

AES_CM_128_HMAC_SHA1_32

ARIA_CM_192_HMAC_SHA1_80

ARIA_CM_192_HMAC_SHA1_32

For additional reference on technical aspects of Secure Trunking, see the Voyant Secure Trunking Technical Overview.

Did this answer your question?