Versions Compared

Old Version 7

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 8

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel

In this section:

Table of Contents
maxLevel3
Info
iconfalse

Related articles:

Scenario

The 

Spacevars
0product
 supports encryption across the access and core networks.

Background Information

  • Refer to the background information in Basic Service Availability - DNS.
  • The
    Spacevars
    0product
    supports various encryption protocols such as TLS, IPsec and SRTP.
  • Since the peers are trusted in the core network, encryption protocols may not be necessary on this side.

Description

Caption
0Figure
1Encryption support

  • IADs may use secure paths, such as TLS, IPsec and SRTP for encryption.
  • The
    Spacevars
    0product
    performs scaling as each end point requires a separate connection/tunnel. With support for encryption protocols, the
    Spacevars
    0product
    transmits the message to the core network.

DTLS Encryption

The following cipher suites are supported for DTLS encryption:

  • rsa-with-3des-ede-cbc-sha
  • rsa-with-aes-128-cbc-sha
  • rsa-with-aes-128-cbc-sha-256
  • rsa-with-aes-256-cbc-sha
  • rsa-with-aes-256-cbc-sha-256
  • rsa-with-null-sha
  • tls_ecdh_ecdsa_with_aes_256_cbc_sha384
  • tls_ecdh_ecdsa_with_aes_256_gcm_sha384
  • tls_ecdhe_rsa_with_aes_128_cbc_sha
  • tls_ecdhe_rsa_with_aes_256_cbc_sha384

SRTP Encryption

The Secure Real-time Transport Protocol (SRTP) is an IETF protocol used for securing communication across untrusted networks as described in RFC 3711.  SRTP provides confidentiality, message authentication, and optional replay protection to RTP traffic and to the control traffic for RTP and RTCP (Real-time Transport Control Protocol). The SBC 5000 series, SBC 7000, and SBC SWe Cloud support following crypto suites for SRTP and SRTCP encryption:

  • AES-CM-128-HMAC-SHA1-32 
  • AES-CM-128-HMAC-SHA1-80 
  • AES-CM-192-HMAC-SHA1-32
  • AES-CM-192-HMAC-SHA1-80
  • AES-CM-256-HMAC-SHA1-32
  • AES-CM-256-HMAC-SHA1-80
  • AEAD-AES-128-GCM
  • AEAD-AES-256-GCM
Div
classpdf8pttext
Caption
0Table
1SRTP and SRTCP Crypto Suites
3SRTP and SRTCP Crypto Suites
 Crypto Suite

Master Key
Length (bits)

Salt Value
(bits)

Cipher

Key Derivation Function

Encryption key
(bits)

Message Authentication Code

Authentication tag
length (bits)

Authentication key
length (bits)

AES-CM-128-HMAC-SHA1-32128112

AES Counter Mode

AES_128_CM_PRF128HMAC-SHA132160

AES-CM-128-HMAC-SHA1-80

128112

AES Counter Mode

AES_128_CM_PRF128HMAC-SHA180160

AES-CM-192-HMAC-SHA1-32

192

112

AES Segmented Integer Counter Mode

AES_192_CM_PRF

192

HMAC_SHA1

32

160

AES-CM-192-HMAC-SHA1-80

192

112

AES Segmented Integer Counter Mode

AES_192_CM_PRF

192

HMAC_SHA1

80

160

AES-CM-256-HMAC-SHA1-32

256

112

AES Segmented Integer Counter Mode

AES_256_CM_PRF

256

HMAC_SHA1

32

160

AES-CM-256-HMAC-SHA1-80

256

112

AES Segmented Integer Counter Mode

AES_256_CM_PRF

256

HMAC_SHA1

80

160

AEAD-AES-128-GCM

128

96

AES-CM

AES_CM PRF [RFC3711]

128

Galois Message Authentication Code (GMAC)

128

N/A

AEAD-AES-256-GCM

256

96

AES-CM

AES_256_CM_PRF [RFC6188]

256

Crypto Suites

DTLS Crypto Suites

Refer to TLS for Signaling for details.

SRTP Crypto Suites

Refer to SRTP for Media for details.

Galois Message Authentication Code (GMAC)

128

N/A


Pagebreak