SRTP (Secure Real-Time Transport Protocol or Secure RTP)

SRTP (Secure Real-Time Transport Protocol or Secure RTP)

An “internet” is a network of networks, possibly consisting of many different link types such as Ethernet and Wi-Fi. These networks support electronic mail, web browsing, and other Internet Protocol (IP) applications. More complex than IP networks alone, Internet telephony networks carry voice, fax, modem, and other media over both IP and switched telephone networks (STNs), such as public switched telephone networks.

voip call gateway
voip call gateway

Above snapshot shows a call gateway connecting an IP network to a PSTN. This gateway signals a telephone call between an PSTN and IP network. The PSTN does not necessarily run IP and the gateway usually must allow IP telephony networks to match the services of PSTNs. Many customers want these services to be confidential and integrity-protected on IP networks.

The IP network, typified by the public Internet, connects computers that run IP telephony applications. The switched telephone network (STN) connects analog telephones, modems, and other devices to a private or public telephone network. The public telephone network is commonly referred to as the public switched telephone network (PSTN), but there are private switched telephone networks as well; the term “STN” refers to both. Customers of IP telephony services expect both the connectivity and services that are afforded by today’s STNs and IP networks. This shapes IP telephony signaling and its media bearer architectures. Customer security concerns are typically focused on the IP side of an Internet telephony service—many customers want to secure call and media data against snooping, forgery, replay, and denial of service (DoS) attacks on IP networks.

Although historically there has been no perceived need for security for residential and commercial telephone services, telephone networks are now numerous, varied, and under the governance of diverse organizations. Beginning primarily in the United States, telephone companies have proliferated with different local exchange carriers, long-distance carriers, and specialized carriers offering services. Hundreds of small Internet service providers (ISPs) provide communities with both wired and wireless services; hundreds of companies operate corporate networks with voice capabilities; homeowners operate home networks; and hobbyists engineer “personal telecommunications” operations to interconnect neighborhoods and communities.

This network assembly offers many opportunities for hacker mischief, privacy violation, financial fraud, and subversion of the telephone services that billions of people depend upon every day. Telephone subscribers in the U.S. and elsewhere are subject to telemarketers, “slamming” practices of competing providers, fax spam, and marginally legal (or illegal) solicitation for various business or charitable schemes. At least some of the common problems of the public Internet, ranging from distributed DoS (DDoS) attacks to virtual identity theft, may eventually threaten our telephone networks.

SRTP : Secure RTP

SRTP is a security profile for RTP that adds confidentiality, message authentication, and replay protection to that protocol. It is an action item in the IETF Audio-Video Transport Working Group, where it is an Internet Draft and is currently in IETF WG last call.

SRTP is ideal for protecting Voice over IP traffic because it can be used in conjunction with header compression and has no effect on IP Quality of Service. These facts provide significant advantages, especially for voice traffic using low-bitrate voice codecs such as G.729 and iLBC.

SRTP (Secure Real-Time Transport Protocol or Secure RTP) is an extension to RTP (Real-Time Transport Protocol) that incorporates enhanced security features. Like RTP, it is intended particularly for VoIP (Voice over IP) communications.

SRTP was conceived and developed by communications experts from Cisco and Ericsson and was formally published in March 2004 by the Internet Engineering Task Force ( IETF ) as Request for Comments (RFC) 3711. SRTP uses encryption and authentication to minimize the risk of denial of service( DoS ) attacks. SRTP can achieve high throughput in diverse communications environments that include both hard-wired and wireless devices. Provisions are included that allow for future improvements and extensions.

Secure Real-Time Transport Protocol (SRTP) Performance for VoIP

The Secure Real-Time Transport Protocol (SRTP) is an Internet standards-track security profile for RTP used to provide confidentiality, integrity and replay protection for RTP traffic. We study the performance of SRTP when it is used to secure VoIP conversations. Experiments are conducted using snom and Twinkle softphones running on Windows and Linux platforms respectively and a bare PC softphone running with no operating system installed to provide a baseline.

Pre-defined SRTP transforms based on AES counter mode encryption with a 128-bit key and HMAC-SHA-1 with a 32-bit authentication tag, as well as 192 and 256-bit AES keys and an 80-bit authentication tag are tested. Measurement of internal processing times for each operation in the SRTP protocol indicates that authentication processing is more expensive than encryption regardless of key or tag size.

A comparison of jitter and delta (packet interarrival time) for secured and unsecured VoIP traffic reveals that the addition of SRTP protection to VoIP traffic over RTP has a negligible effect on voice quality. VoIP throughput with SRTP is about 2% more than with RTP alone since the insignificant increase in delay is offset by the small increase in packet size.

VolP is now used extensively by businesses, campus networks and individuals for low-cost communication. VolP performance is affected primarily by network delay, jitter (delay variation), and packet loss, excessive levels of which may degrade voice quality. On the Internet for example, queuing delays at routers may increase network delay and jitter and cause packets to be dropped. However, even under ideal network conditions, intrinsic processing delays and jitter introduced at end devices such as phones and gateways can also impact VoIP performance. In particular, the additional overhead due to securing VoIP conversations may have an adverse effect on performance and voice quality.

Use of SRTP

SRTP also known as Secure Real – Time Transport Protocol, is an extension profile of RTP (Real-Time Transport Protocol) which adds further security features, such as message authentication, confidentiality and replay protection mostly intended for VoIP communications.

SRTP uses authentication and encryption in order to minimize the risks of attacks such as denial of service. It was published in 2004 by IETF (Internet Engineering Task Force) as RFC 3711. SRTP, just like DTLS is one of the security protocols used for the WebRTC technology.

Leave a Reply