How Does ZRTP Protect VoIP End-Points from Man-in-the-Middle Attacks?

There are a number of routes by which cybercriminals and hackers can disrupt VoIP communications. One of the most insidious is the man-in-the-middle attack. This is where a hacker secretly intercepts, relays and perhaps even alters the communication between two parties that think they are communicating directly with one another.

Encryption is the key

The best way to guard against this kind of attack and keep your communications secure is to use some form of encryption. ZRTP is a key exchange protocol that allows VoIP systems to negotiate secure keys between them. Unlike other protocols that use the signalling stream to do this – thus leaving the negotiation potentially visible to eavesdroppers – ZRTPuses the media stream, making interception much harder.

ZRTP uses an algorithm called Diffie-Hellman which avoids the need for certificate management and its associated overheads. The keys agreed are temporary, used to encrypt the media stream and then get discarded at the end of each call, thereby adding security and doing away with the need for key management.

Man-in-the-middle protection

There are also specific features aimed at guarding against man-in-the-middle attacks. MitM relies on attackers being able to intercept the communication between two parties and relay messages between them, so each believes they have a secure connection to the other.

ZRTP guards against this by the use of short authentication strings (SAS) and key continuity. So how does this work? SAS exchanges a cryptographic hash of the Diffie-Hellman values as a word pair on the display of the user device – the words are selected from a PGP list. Users compare the strings by reading them out to each other. Because SAS has the potential to generate more than 65,000 different values, it’s almost impossible for MitM attackers to succeed because they would need to guess the correct key value in order to intercept the call.

As if this wasn’t secure enough, key commitment adds extra reassurance by using some of the key in ensuing key agreements between the same callers. This makes it even harder for MitM attackers because an attack would require knowledge of the first call between the parties using voice termination providers such as IDT.

Obviously, this requires a little work by the user, but simply by reading a word pair, they have the peace of mind that they are using a secure line and that their communication is encrypted.


Implementing ZRTP can be managed at various levels of the communication structure. It’s possible to implement it on some PBX systems, for example. It’s also available for many different makes of IP phone. There are also both open source and commercial implementations available for installation onto a communications gateway so that ZRTP calls can be made using SIP-based PBX and any ZRTP capable phone.

ZRTP can be used on mobile networks too; implementations are available for Android, Blackberry, iOS and other mobile phone operating systems. Whatever your phone system, therefore, ZRTP can be used to protect your calls.