Announcing Secure Trunking

Announcing Secure Trunking

Today we are happy to announce the general availability of Secure Trunking. This launch makes further security available on all Elastic SIP Trunks, by enabling customers to use Secure Real-time Protocol (SRTP) to encrypt media and Transport Layer Security (TLS) to encrypt signaling. This encryption allows businesses with strict information security practices to reap the benefits of both SIP trunks and cloud communications.

Secure Trunking

With Secure Trunking, SRTP is used to encrypt and authenticate the media payload of all calls on that trunk. Authentication validates that packets are from the purported source (customer or Twilio), and that the packets have not been altered during transmission. Encryption ensures that the call content has remained secure during transmission. Secure Trunking support TLS for SIP, which ensures the privacy of SIP signaling between Twilio and its customers over the Internet. TLS, the same encryption model used for secure HTTP for websites, uses a handshake with an asymmetric cipher in order to establish a shared key for the session. With signaling encrypted with TLS, Twilio then uses Session Description Protocol (SDP) to negotiate the common capabilities that will be used for the call (eg codec) as well the security parameters and encryption keys for the media using SDES. (Note to encryption fans: this is in contrast to encryption in WebRTC, which uses DTLS, negotiating encryption over the media connection itself. Most SIP infrastructure, like PBXs, only support SDES). To learn more about our implementation and how to configure your VoIP infrastructure with Secure Trunking, take a look at these docs.

For those who don’t live and breath telephony, we will take a step back and explain the predecessor to SIP trunks, the benefits of SIP Trunks, the capabilities of communications in the cloud, and the key challenge for realizing these benefits and capabilities.

The need for SIP

SIP Trunks have been around for nearly two decades and provide dial-tone over an internet connection. SIP trunks are replacing time-division multiplexed (TDM) lines where voice was delivered over a dedicated phone line purchased from a local provider. TDM, in case telecom history isn’t your favorite topic (why not?!), encodes media in a digital binary signal, over a dedicated copper wire. Before SIP Trunking, you’d need to get a T1 line wired into the office, which would allow for a max of 23 concurrent phone calls. If you needed more you’d buy another T1 providing another 23 phone lines. With SIP Trunks you no longer need a dedicated phone line, you can just use your existing internet connection and layer voice on top of it.

Moving to Voice-Over-IP (VoIP) allows businesses to save money and gain flexibility. By combining voice and internet connections into only one pipe you can better optimize utilization, because the two will have different usage peaks over the course of day and year.  This results in needing less capacity overhead to ensure employees can talk on the phone and access the internet, which translates to smaller bill.  Furthermore this means you no longer need to pay a subscription for Primary Rate Interfaces/ T1s.  When you do need to add capacity with SIP Trunks,  you aren’t required to buy voice capacity in groupings of 23. With Elastic SIP Trunking, you simply pay for what you actually use, not the maximum capacity you ever need. Lastly, using SIP enables much more fault tolerant routing configurations where if one data connection goes down, traffic can be re-routed to a different ingress point and then route internally over an intra-enterprise MPLS network. All of these benefits can be further enhanced by the power of the cloud.

Using the cloud for secure, instant, global communications

Elastic SIP Trunking is offered from Twilio’s global cloud platform, which enables new capabilities, instant deployments, and additional resilience. Anyone can create, configure, and manage Elastic SIP trunks instantly through either the web portal or the REST API, taking deployment timeframes from months to seconds. You can also provision phone numbers in real-time, in fifty countries around the globe and associate them with your trunks. Additional features you may want to layer on-top of SIP Trunks are just as easy to add. Whether that’s call recording, SMS enabling the phone numbers on your trunks, connecting to a WebRTC endpoint, skills-based routing of calls to workers, multiple origination URIs for load balancing and resilience, or adding a Disaster Recovery application.

With all of these compelling reasons to leave the TDM lines invented in (I kid you not) the 1870s, why do nearly 80% of businesses still use them? Surveys from industry analysts continue to raise one concern from enterprises above all else: security. Security has been a fair concern, with all of the recent internet breaches and on-going telecom fraud. This is why Twilio has introduced Secure Trunking.

Now that Twilio has introduced Secure Trunking with SRTP and TLS, available from data centers in 6 regions each with multiple isolated availability zones, with numbers in fifty countries, and on-demand provisioning, enterprises can deploy SIP Trunking at scale, knowing it is secured with robust authentication and encryption.

To get started with Secure Trunking you can take a look at our docs or configure a new Secure Trunk through the account portal (pictured above).