Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1054
Views
1
Helpful
3
Replies

Unity Connection Message Store Encryption

rchaseling
Level 4
Level 4

‎03-24-2016 02:50 AM - edited ‎03-19-2019 10:54 AM

Hi,

I've a quick query about how messages on Unity Connection 10+ are stored if the audio stream is send as sRTP. Are the messages actually stored encrypted as sRTP or does the Unity server decrypt on arrival and actually store as G711 ?

Thanks

Labels:
0 Helpful
3 Replies 3

Manish Gogna
Cisco Employee
Cisco Employee

‎03-24-2016 06:20 AM

Hi,

The process of authentication and encryption of Cisco Unity Connection voice messaging ports is as follows:

1. Each Cisco Unity Connection voice messaging port connects to the TFTP server, downloads the CTL file, and extracts the certificates for all Cisco Unified CM servers.

2. Each Cisco Unity Connection voice messaging port establishes a network connection to the Cisco Unified CM TLS port. By default, the TLS port is 2443, though the port number is configurable.

3. Each Cisco Unity Connection voice messaging port establishes a TLS connection to the Cisco Unified CM server, at which time the device certificate is verified and the voice messaging port is authenticated.

4. Each Cisco Unity Connection voice messaging port registers with the Cisco Unified CM server, specifying whether the voice messaging port will also use media encryption.

Behavior for Calls

When a call is made between Cisco Unity Connection and Cisco Unified CM, the call-signaling messages and the media stream are handled in the following manner:

If both end points are set for encrypted mode, the call-signaling messages and the media stream are encrypted.

If one end point is set for authenticated mode and the other end point is set for encrypted mode, the call-signaling messages are authenticated. But neither the call-signaling messages nor the media stream are encrypted.

If one end point is set for non-secure mode and the other end point is set for encrypted mode, neither the call-signaling messages nor the media stream are encrypted.

Manish

0 Helpful

rchaseling
Level 4
Level 4
In response to Manish Gogna

‎03-24-2016 06:32 AM

Thanks for the detailed response Manish but not exactly what I was looking for though I'd say from looking at the above you'll be able to answer quickly.

The customer wants to know how the voicemail messages are actually stored within Unity Connection if encryption is used between UCM and CUC. Are the messages actually stored as sRTP? In other words......if TAC or someone gained root access could they access and listen to any messages.

Its a customer compliance question

Thanks

0 Helpful

Jonathan Unger
Level 7
Level 7
In response to rchaseling

‎03-29-2016 11:40 PM

This is an interesting question. The only documentation I could find related to it is from UCXN 1.0 (refer to the following doc).

http://www.cisco.com/en/US/docs/voice_ip_comm/connection/1x/administration/guide/acm160.html#wp1041017

The menu items mentioned in the doc to enable encryption of secure messages do not appear to exist on modern versions of UCXN (I just checked on 11.X).

However, even if modern UCXN versions did use the same encryption methods as UCXN 1.X, if someone has root access to your system, chances are they would be able to export the private key used to encrypt the messages.

If someone else has run across this I would be interested to know the answer as well.

Customers Also Viewed These Support Documents