SRTP is an encrypted version of RTP. It also includes SRTCP, which is the secure version of RTCP. This protocol assumes that a key exchange already happened in another protocol, like SIP/SDP offer/answer or another mechanism, like SIP/SDES. Assuming that both ends have an encryption key, SRTP will provide confidentiality, message authentication and replay protection.

From RFC 3711:

“SRTP provides a framework for encryption and message authentication of RTP and RTCP streams (Section 3). SRTP defines a set of default cryptographic transforms (Sections 4 and 5), and it allows new transforms to be introduced in the future (Section 6). With appropriate key management (Sections 7 and 8), SRTP is secure (Sections 9) for unicast and multicast RTP applications (Section 11).

SRTP can achieve high throughput and low packet expansion. SRTP proves to be a suitable protection for heterogeneous environments (mix of wired and wireless networks). To get such features, default transforms are described, based on an additive stream cipher for encryption, a keyed-hash based function for message authentication, and an “implicit” index for sequencing/synchronization based on the RTP sequence number for SRTP and an index number for Secure RTCP (SRTCP).”

Key exchange in SIP/SRTP calls

There are multiple ways to handle key exchange.

  • MIKEY, Multimedia Internet Keying, RFC 3830, supports pre-shared keys, PKI-supported key exchange and a few other mechanisms.
  • SDES, key exchange using SDP, RFC 4568, assumes protection of the signalling by TLS
  • Using DTLS/UDP for key exchange using the same mechanism as TLS/TCP is the IETF recommendation (see this the SRTP/DTLS draft which will be published as RFC 5763)

Links:

Related posts