You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

 

Secure real-time transport protocol (Secure RTP or SRTP) is an IETF cryptographic protocol used to provide secure communications over an untrusted network. SRTP provides confidentiality, message authentication and replay protection to Internet media traffic such as audio and video. The 

Unable to show "metadata-from": No such page "_space_variables"
supports Secure RTP and its associated secure real-time transport control protocol (Secure RTCP) for IPv4/IPv6 addressing for both audio and video streams.

SRTP Functionality

Secure RTP on the SBC is available using SIP signaling over UDP, TCP, and TLS (Transport Layer Security) protocol, and is signaled by specifying Secure RTP transport in an SDP (Session Description Protocol) media (m=) line. The

Unable to show "metadata-from": No such page "_space_variables"
uses the RFC4568 Security Descriptions ("sdescriptions") standard for negotiating the use of Secure RTP. TLS over TCP is recommended for SIP transport when negotiating Secure RTP, because it protects the integrity and confidentiality of the sRTP keys which would otherwise be exposed. The 
Unable to show "metadata-from": No such page "_space_variables"
supports sRTP on all call legs.

The use of Secure RTP on one call leg is independent of its use on other legs of the same call, and is negotiated for each packet leg. Secure RTP may be used outside or inside the network. All Secure RTP calls are routed through the

Unable to show "metadata-from": No such page "_space_variables"

Use of Secure RTP is provisioned on a Packet Service Profile basis; separate packet service profiles may be applied to Ingress and Egress packet signaling. 

The 

Unable to show "metadata-from": No such page "_space_variables"
supports the crypto-suite "aes-cm-128-hmac-sha1-80" and "aes-cm-128-hmac-sha1-32" for Secure RTP. Secure RTP is requested by the presence of RTP/SAVP or RTP/SAVPF in the m= line.

The

Unable to show "metadata-from": No such page "_space_variables"
does not support the "aes-cm-128-hmac-sha1-32" algorithm.

The appropriate crypto suite profile may also include valid combinations of the following session parameters:

  • UNENCRYPTED_SRTP—SRTP packet payloads are not encrypted.
  • UNENCRYPTED_SRTCP—SRTCP packet payloads are not encrypted.
  • UNAUTHENTICATED_SRTP—SRTP packet payloads are not authenticated.

By default, SRTP and SRTCP packet payloads are both authenticated and encrypted. The SRTP specification requires message authentication for SRTCP, but not for sRTP (RFC3711). Use of UNAUTHENTICATED_SRTP is not recommended.

The

Unable to show "metadata-from": No such page "_space_variables"
negotiates the use of Secure RTP/RTCP with its peer. If the
Unable to show "metadata-from": No such page "_space_variables"
and its peer cannot agree on the RTP/RTCP parameters for the connection, they can either terminate the call or continue the call with no security based on the provisioning of a fallback parameter.

Direct Media Using SIP-TLS SRTP

The 

Unable to show "metadata-from": No such page "_space_variables"
supports the following Direct Media functionality:

  • Direct Media over SRTP/TLS between subscribers in the same Media Group for both audio and video calls.
  • Direct Media between endpoints in the same media zone belonging to the same or different
    Unable to show "metadata-from": No such page "_space_variables"
    . For example, Direct Media with TLS/SRTP is applicable for a distributed network containing two
    Unable to show "metadata-from": No such page "_space_variables"
    s.

 

  • No labels