You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

The Secure Real-time Transport Protocol (Secure RTP or SRTP) is an IETF cryptographic protocol used to provide secure communications over untrusted networks as described in RFC 3711. SRTP provides confidentiality, message authentication and replay protection to Internet media traffic such as audio and video. The 

Unable to show "metadata-from": No such page "_space_variables"
supports Secure RTP and its associated secure real-time transport control protocol (Secure RTCP) for IPv4/IPv6 addressing for both audio and video streams.

SRTP Functionality

Secure RTP on the SBC is available using SIP signaling over UDP, TCP, and TLS (Transport Layer Security) protocol, and is signaled by specifying Secure RTP transport in an SDP (Session Description Protocol) media (m=) line. The

Unable to show "metadata-from": No such page "_space_variables"
uses the RFC 4568 Security Descriptions ("sdescriptions") standard for negotiating the use of Secure RTP. TLS over TCP is recommended for SIP transport when negotiating Secure RTP, because it protects the integrity and confidentiality of the sRTP keys which would otherwise be exposed. The 
Unable to show "metadata-from": No such page "_space_variables"
supports sRTP on all call legs.

The use of Secure RTP on one call leg is independent of its use on other legs of the same call, and is negotiated for each packet leg. Secure RTP may be used outside or inside the network. All Secure RTP calls are routed through the

Unable to show "metadata-from": No such page "_space_variables"

Use of Secure RTP is provisioned on a Packet Service Profile basis; separate packet service profiles may be applied to Ingress and Egress packet signaling. 

The 

Unable to show "metadata-from": No such page "_space_variables"
supports the crypto-suite "aes-cm-128-hmac-sha1-80" and "aes-cm-128-hmac-sha1-32" for Secure RTP. Secure RTP is requested by the presence of RTP/SAVP or RTP/SAVPF in the m= line.

The appropriate crypto suite profile may also include valid combinations of the following session parameters:

  • UNENCRYPTED_SRTP—SRTP packet payloads are not encrypted.
  • UNENCRYPTED_SRTCP—SRTCP packet payloads are not encrypted.
  • UNAUTHENTICATED_SRTP—SRTP packet payloads are not authenticated.

By default, SRTP and SRTCP packet payloads are both authenticated and encrypted. The SRTP specification requires message authentication for SRTCP, but not for sRTP (RFC3711). Use of UNAUTHENTICATED_SRTP is not recommended.

The

Unable to show "metadata-from": No such page "_space_variables"
negotiates the use of Secure RTP/RTCP with its peer. If the
Unable to show "metadata-from": No such page "_space_variables"
and its peer cannot agree on the RTP/RTCP parameters for the connection, they can either terminate the call or continue the call with no security based on the provisioning of a fallback parameter.

Direct Media Using SIP-TLS SRTP

The 

Unable to show "metadata-from": No such page "_space_variables"
supports the following Direct Media functionality:

  • Direct Media over SRTP/TLS between subscribers in the same Media Group for both audio and video calls.
  • Direct Media between endpoints in the same media zone belonging to the same or different
    Unable to show "metadata-from": No such page "_space_variables"
    . For example, Direct Media with TLS/SRTP is applicable for a distributed network containing two
    Unable to show "metadata-from": No such page "_space_variables"
    s.

SRTP Crypto Suites

The

Unable to show "metadata-from": No such page "_space_variables"
 platforms support the following crypto suites for SRTP and SRTCP encryption:

SRTP and SRTCP Crypto Suites

 Crypto Suite

Master Key
Length (bits)

Salt Value
(bits)

Cipher

Key Derivation Function

Encryption key
(bits)

Message Authentication Code

Authentication tag
length (bits)

Authentication key
length (bits)

AEAD-AES-128-GCM

128

96

AES-CM

AES_CM PRF [RFC3711]

128

Galois Message Authentication Code (GMAC)

128

N/A

AEAD-AES-256-GCM

256

96

AES-CM

AES_256_CM_PRF [RFC6188]

256

Galois Message Authentication Code (GMAC)

128

N/A

AES-CM-128-HMAC-SHA1-32128112

AES Counter Mode

AES_128_CM_PRF128HMAC-SHA132160

AES-CM-128-HMAC-SHA1-80

128112

AES Counter Mode

AES_128_CM_PRF128HMAC-SHA180160

AES-CM-192-HMAC-SHA1-32

192

112

AES Segmented Integer Counter Mode

AES_192_CM_PRF

192

HMAC_SHA1

32

160

AES-CM-192-HMAC-SHA1-80

192

112

AES Segmented Integer Counter Mode

AES_192_CM_PRF

192

HMAC_SHA1

80

160

AES-CM-256-HMAC-SHA1-32

256

112

AES Segmented Integer Counter Mode

AES_256_CM_PRF

256

HMAC_SHA1

32

160

AES-CM-256-HMAC-SHA1-80

256

112

AES Segmented Integer Counter Mode

AES_256_CM_PRF

256

HMAC_SHA1

80

160

 

  • No labels