Site Map
In a world that is quickly moving towards IP-based communications, securing data is becoming increasingly important. T.38 is a standard that defines the means to transmit a facsimile image in real-time over the IP network, yet it lacks a standardized method to secure the image sent. Using SRTP to transfer T.38 data can provide one way to increase the security of T.38.
T.38 provides two options for transporting its data: UDPTL or RTP. The most popular transport method currently, UDPTL, does not provide security services for the data it carries. It would also be inefficient to add such support, since doing so would duplicate work already completed in regards to other protocols, such as RTP. In contrast, while RTP itself does not provide security services by default, an application profile for RTP known as Secure RTP (SRTP) can be used to secure the transported data. SRTP has a minimal affect on quality of service compared to RTP due to a small increase in packet overhead. Therefore, transferring T.38 over SRTP should be the simplest way to secure T.38 while continuing to comply with the T.38 standard as closely as possible.
Some points must be taken into consideration when using SRTP to transport T.38 traffic. Encryption keys will need to be exchanged through some key management protocol outside of the T.38 transmission, such as ZRTP or MIKEY. According to RFC 4612, fax payloads should not use an HMAC-SHA1 authentication tag shorter than 80 bits. Note that while the security of the T.38 data will be increased, there may be additional measures that must be taken in order to adequately secure the communication, such as using SIP over TLS for signaling.