Assessing the risk of intercepting VoIP calls

Voice over-IP (VoIP) solutions and services for corporate telephony are usually marketed as ‘cost-free’ and ‘secure’: this paper shows that both statements are false in general. Though being no doubt about the economical benefits resulting from the adoption of VoIP products instead of the standard telephony, hidden costs related to VoIP services security arise whenever a company intends to assure the privacy of its phone conversations. This conclusion is extensively justified in the literature and this article aims at reasserting it by analysing the risk that a VoIP phone call may be intercepted when travelling across the Internet. The purpose of deriving a well-known conclusion consists in proving that a general and formal risk assessment method can be used in place of ad-hoc methods not only without losing the strength in the results but also adding up a sound mathematical and engineering foundation.