Protect your VOIP Conversations with SRTP

You might be surprised to know that in-spite of the flexibility provided by the IP platform, your VOIP calls might still be going in an unencrypted format! Which means, it might not be totally secure and a determined hacker might be able to access your calls. In this article, we will look at the SRTP protocol and determine why it is good to secure your VOIP calls with SRTP.

While SIP might be the open standard signaling protocol that initiates and enables a VOIP call, the data (voice packets) flow from one device to another (IP Phone/ Soft Phone/ Wi-Fi Phone, etc) using the Real-time Transport Protocol (RTP). RTP generally flows directly between the two communicating devices (IP Phones) over the UDP transport layer of the IP Network.

The issue is, RTP communications are transmitted in clear text. What’s the problem, you might ask. Most of the telephone communications in the analog world were transmitted in their native form. Well, that’s the reason they were tapped! At least in the analog world, the intruder needs to access the particular phone line that is transmitting the voice physically in order to intercept the communications. But in the IP world, the hacker might stay where he is, compromise the communicating device (or any device in the same network) and access the communications!

SRTP – Secure Real-time Transport Protocol:

That’s why SRTP – Secure Real-time Transport Protocol has been introduced. SRTP not only encrypts the multimedia payload (voice, video, etc) but it also protects the message integrity and prevents attackers from tampering with the message. SRTP protects the voice traffic on the application layer.

So SRTP provides features like encryption (to prevent hackers from understanding the content of the message) and authentication (to provide message integrity). But these features are optional, and they can be enabled or disabled individually.

The Master key (which is used to generate the session keys) is not directly generated by SRTP, but it relies on protocols like MIKEY or ZRTP to set up the initial master key. There is only one master key and the individual session keys are generated by applying a key derivative function to this master key.

SRTP is lightweight and does not consume much bandwidth. The packet sizes are limited and RTP header compression can be done independently in order to transmit information more efficiently. IP Phone / Soft Phone vendors could (and should) implement SRTP in their devices/ applications and SRTP needs to be supported by IP PBX/ Soft Switches as well.

Encryption in SRTP:

AES-CM (Advanced Encryption Standard – Counter Mode) is the common encryption method used in SRTP. There are many advantages of using AES-CM encryption method, including:

  • Almost same length for encrypted packet and original packet
  • Packets can be processed in parallel
  • Out of order packets can also be processed
  • Support for optional AES-f8 encryption method used in 3G networks

Authentication (Message Integrity) in SRTP:

Authentication is applied to packets, after encrypting them. Authentication ensures message integrity by appending a sequence number for every packet transmitted. So, if certain packets are received with the same sequence number they should have been tampered with in the middle, and can be discarded. This ensures that hackers cannot intercept communications and modify/ insert additional packets in the stream. Attacks like ‘Replay’ attacks in which hackers keep playing the same message again and again can be avoided by using Authentication.

You can follow the latest Computer Networking/IT Products released for homes/small businesses & reviews by subscribing to this blog with your email address in the top right-hand sidebar box: ‘Follow by E-mail’. You can expect one mail per week (max).