Alcatel is developing the IP equivalent of a scrambler-phone, in an effort to win ultra-cautious users over to IP telephony. It says current security schemes for IP may not satisfy the needs of some government departments or large businesses.

Based on Alcatel's OmniPCX Enterprise IP communication server and due next year, the system will use Mistral hardware encryption modules from Thales to provide wirespeed encryption. These will be integrated everywhere from the IP trunk to the IP phone, says Alcatel solutions marketing manager Neil Tilley.

"Some sectors I talk to just do not think the standards stuff is enough, especially in banking and defence - they want special encryption tools," he says. "When the banking infrastructure of a country could depend on a conversation not being overheard, you have to show them physical separation from what everyone else is doing. A lot of companies have confidence in IPsec, but it has been around for a while and there are issues - with certificate management, for instance."

However, users seeking secure telephony should not get hung up on the type of encryption used, warns Vincent Bieri, Cisco's EMEA marketing manager for security. "Encryption is not a magic technology to solve all problems. It can provide privacy and authentication, but it cannot guarantee no-one has had physical access," he says.

"In terms of breaking encryption, brute-forcing triple-DES has never been a success. The only way to break it is to get access to the keys, so physical infrastructure security is vital." Neil Tilley agrees, pointing out that strong encryption only forms part of a complete security process. He notes too that the Thales modules use key auto-generation at all IP endpoints, thereby providing authentication and integrity without the complexity of certificate management.

"The bottom line is voice server security versus DoS attacks, for example," he says. "Then it's network security, through authenticated VLANs and so on, on top of that there's management security, and on top of that, communications security."