Secure Real Time Transport Protocol (SRTP), aka Secure RTP or RTP Protocol, is used in VoIP, video and multimedia applications. Certain umbrella specifications and SIP profiles, such as Assured Services SIP (AS-SIP), specified by the DoD in AS-SIP 2013 , and WebRTC mandate it’s use. SRTP is very suitable for VoIP applications, especially those that involve low-bitrate voice codecs (i.e. G.729, iLBC, MELP, etc.) since secure RTP can be used with header compression and has no significant impact on Quality of Service. SRTP can also be used with ITU Recommendation H.264 and MPEG-4 to stream video securely in multimedia applications.
VOCAL’s SRTP source code is optimized for execution on ANSI C and leading DSP architectures from TI, ADI, Intel, ARM and other vendors. Our SRTP library is available standalone and with a VoIP stack. Contact us to discuss your secure RTP application requirements with our engineering staff.
SRTP Protocol Features
- Fully compliant with RFC 3711
- Various encryption libraries available
- SRTP/RTCP payloads
- Ensure integrity of RTP/RTCP payloads
- Protect against replayed packet attack
- Low bandwidth implementation
- Low computational cost and small footprint
- Independent of network and physical layers
Secure Real Time Transport Protocol
SRTP (RFC3711) defines a framework which provides confidentiality, message authentication, and replay protection for both unicast and multicast RTP and RTCP streams. Secure RTP can achieve high throughput and low packet expansion even in environments which are a mixture of wired and wireless networks.
SRTP is the security layer which resides between the RTP/RTCP application layer and the transport layer, generating Secure RTP packets from the RTP/RTCP stream and forwarding these to the receiver. Similarly, it also transforms incoming Secure RTP packets to RTP/RTCP packets and passes these up the stack. The cryptographic state information associated with each Secure RTP stream is termed the cryptographic context. It must be maintained by both the sender and receiver of these streams. If there are several Secure RTP streams present within a given RTP session, separate cryptographic contexts must be maintained for each. A cryptographic context includes any session key (a key directly in encryption/message authentication) and the master key (a securely exchanged random bit string used to derive session keys), as well as other working session parameters.
While Secure RTP does not define a precise mechanism to implement key exchange (which may be done using SDES), it does provide for several features which make key management easier and heighten overall key security. The single master key is used to provide keying material for a key derivation function. This can generate the initial session keys, as well as provide new session keys periodically to ensure that there will be a limited amount of ciphertext produced by any given encryption key. Salting keys are used to provide protection against various assaults such as pre-computation and time-memory attacks.
- cryptographic context – the cryptographic state information associated with each SRTP stream, which also includes the master key and session keys. This must be maintained by both the sender and receiver of each stream.
- session key – a key directly used in encryption or message authentication
- master key – a securely exchanged random bit string used to derive session keys
VOCAL’s optimized software is available for the following platforms. Please contact us for specific SRTP supported platforms.