SRTP

Owned by Nathaniel Halbrooks
Feb 01, 2024
3 min read

Overview

The Secure Real-time Transport Protocol (SRTP) defines a profile of RTP (Real-time Transport Protocol), intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast applications.
VEGA supports Secure Real-time Transport Protocol (SRTP) to secure the RTP in between the VEGA and the remote end. 

NOTE: VEGA should and must have SRTP license in order to support SRTP functionality

SRTP Configuration

The format of an SRTP packet is illustrated as given below:

image2017-3-7 14_10_48.png

 

 

The OPTIONAL MKI and the RECOMMENDED authentication tag are the only fields defined by SRTP that are not in RTP.

VEGA allows user to configure list of SRTP parameters in order to have secure RTP established between VEGA and its peer.

Configurable Parameters

SL. No.

SRTP Parameters

Values

Description

SL. No.

SRTP Parameters

Values

Description

 

 

1

 

 

mode

 

 

off, supported, require, require_rfc4568

off: SRTP not used (initiated or accepted)

 supported: uses "RTP/AVP" in "m=" line and adds the "a=crypto:" line. It interop’s with non-SRTP UAs (i.e. only best effort to use SRTP)

require: uses "RTP/AVP" in "m=" line and adds the "a=crypto:" line Requires that remote endpoint has the "a=crypto:" line

require_rfc4568: as, require‟ but uses "RTP/SAVP" in "m=" line

 

2

 

Default authentication bits

 

32 or 80

The crypto-suite field is an identifier that describes the encryption and authentication algorithms (e.g., AES_CM_128_HMAC_SHA1_80) for the transport

32: Request 32-bit authentication in any initiated INVITE

80: Request 80-bit authentication in any initiated INVITE

3

Minimum authentication bit

32 or 80

32: Min authentication level accepted (where encryption is used) is 32-bit authentication

80: Min authentication level accepted (where encryption is used) is 80-bit authentication

 

 

4

 

 

Crypto Life Time

 

 

disable, low, medium, high

Crypto life time is lifetime of the master key as measured in maximum number of SRTP or SRTCP packets using that master key
(i.e., the number of SRTP packets and the number of SRTCP packets each have to be less than the lifetime).

disable: No crypto life time included

low: Crypto lifetime of 2^16 lifetime is included.

med: Crypto lifetime of 2^31 lifetime is included.

high: Crypto lifetime of 2^48 lifetime is included.

5

Crypto MKI length

disable, 1:1

The MKI identifies the master key from which the session key(s) were derived that authenticate and/or encrypt the particular packet.
The MKI length is the size of the MKI field in the SRTP packet, specified in bytes as a decimal integer.

disable: No MKI length included in crypto field

1:1: Means MKI value of 1 and MKI length of 1 is included in crypto field

 

SRTP configuration is present within “SIP Profile Configuration” option as present within “SIP Profile” under “SIP Tab” of “Expert Config Section”
(i.e. Expert Config Section-> SIP-> SIP Profile and edit SIP Profile Configuration) as shown below:

image2017-3-7 14_54_5.png

 

Troubleshooting

  1.  You can easily troubleshoot SRTP message flow by filtering wireshark pcap trace by filter "sip".

  2. Here below is the screen capture of one sip call pcap trace with SRTP messages:

Return to Documentation Home I Return to Sangoma Support