Manualshelf

User`s manual

ManualsBrandsAudioCodes ManualsComputer equipmentMP-1FXO
291292293294295296297298299300
SIP User's Manual 12. Security
Version 5.0 293 December 2006
12.3 SRTP
The gateway supports Secured RTP (SRTP) according to RFC 3711. SRTP is used to
encrypt RTP and RTCP transport since it is best-suited for protecting VoIP traffic.
SRTP requires a Key Exchange mechanism that is performed according to <draft-ietf-
mmusic-sdescriptions-12>. The Key Exchange is executed by adding a ‘Crypto’ attribute to
the SDP. This attribute is used (by both sides) to declare the various supported cipher
suites and to attach the encryption key to use. If negotiation of the encryption data is
successful, the call is established.
Use the parameter MediaSecurityBehaviour (described in Table 5-50) to select the
gateway’s mode of operation: Must or Prefer. These modes determine the behavior of the
gateway if negotiation of the cipher suite fails.
Mandatory = the call is terminated. Incoming calls that don’t include encryption
information are rejected.
Preferable = an unencrypted call is established. Incoming calls that don’t include
encryption information are accepted.
To enable SRTP set the parameter EnableMediaSecurity to 1 (described in Table 5-50).
Notes:
When SRTP is used the channel capacity is reduced (refer to the
parameter EnableMediaSecurity.
The gateway only supports the AES 128 in CM mode cipher suite.
Figure 12-11: Example of crypto Attributes Usage
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:PsKoMpHlCg+b5X0YLuSvNrImEh/dAe
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:IsPtLoGkBf9a+c6XVzRuMqHlDnEiAd