Secure Real-time Transport Protocol
   HOME

TheInfoList



OR:

The Secure Real-time Transport Protocol (SRTP) is a profile for
Real-time Transport Protocol The Real-time Transport Protocol (RTP) is a network protocol for delivering audio and video over IP networks. RTP is used in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applicatio ...
(RTP) intended to provide encryption, message
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...
and
integrity Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions. Inte ...
, and
replay attack A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary wh ...
protection to the RTP data in both
unicast Unicast is data transmission from a single sender (red) to a single receiver (green). Other devices on the network (yellow) do not participate in the communication. In computer networking, unicast is a one-to-one transmission from one point in ...
and
multicast In computer networking, multicast is group communication where data transmission is addressed to a group of destination computers simultaneously. Multicast can be one-to-many or many-to-many distribution. Multicast should not be confused with ...
applications. It was developed by a small team of
Internet Protocol The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. IP h ...
and
cryptographic Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...
experts from
Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...
and
Ericsson (lit. "Telephone Stock Company of LM Ericsson"), commonly known as Ericsson, is a Swedish multinational networking and telecommunications company headquartered in Stockholm. The company sells infrastructure, software, and services in informat ...
. It was first published by the
IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...
in March 2004 as . Since RTP is accompanied by the
RTP Control Protocol The RTP Control Protocol (RTCP) is a sister protocol of the Real-time Transport Protocol (RTP). Its basic functionality and packet structure is defined in RFC 3550. RTCP provides out-of-band statistics and control information for an RTP session. ...
(RTCP) which is used to control an RTP session, SRTP has a sister protocol, called Secure RTCP (SRTCP); it securely provides the same functions to SRTP as the ones provided by RTCP to RTP. Utilization of SRTP or SRTCP is optional in RTP or RTCP applications; but even if SRTP or SRTCP are used, all provided features (such as encryption and authentication) are optional and can be separately enabled or disabled. The only exception is the message authentication feature which is indispensable and required when using SRTCP.


Data flow encryption

SRTP and SRTCP use
Advanced Encryption Standard The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant ...
(AES) as the default
cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is ''encipherment''. To encipher or encode i ...
. There are two cipher modes defined which allow the AES
block cipher In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...
to be used as a
stream cipher stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream ...
: ; Segmented Integer Counter Mode: A typical
counter mode In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transforma ...
, which allows random access to any blocks, which is essential for RTP traffic running over unreliable network with possible loss of packets. In the general case, almost any function can be used in the role of ''counter'', assuming that this function does not repeat for a large number of iterations. But the standard for encryption of RTP data is just a usual integer incremental counter. AES running in this mode is the default encryption algorithm, with a default
key size In cryptography, key size, key length, or key space refer to the number of bits in a key used by a cryptographic algorithm (such as a cipher). Key length defines the upper-bound on an algorithm's security (i.e. a logarithmic measure of the fastest ...
of 128 bits and a default session salt key length of 112 bits. ; f8-mode: A variation of output feedback mode, enhanced to be seekable and with an altered initialization function. The default values of the encryption key and salt key are the same as for AES in counter mode. (AES running in this mode has been chosen to be used in 3G mobile networks.) Besides the AES cipher, SRTP allows the ability to disable encryption outright, using the so-called ''NULL cipher'', which can be assumed as an alternate supported cipher. In fact, the NULL cipher does not perform any encryption; The encryption algorithm functions as the
identity function Graph of the identity function on the real numbers In mathematics, an identity function, also called an identity relation, identity map or identity transformation, is a function that always returns the value that was used as its argument, un ...
, and copies the input stream to the output stream without any changes. It is mandatory for this cipher mode to be implemented in any SRTP-compatible system. As such, it can be used when the confidentiality guarantees ensured by SRTP are not required, while other SRTP features, such as authentication and message integrity, may be used. Through SRTP can easily accommodate new encryption algorithms, the SRTP standard states that new encryption algorithms may only be introduced through publication of a new companion standard track
RFC RFC may refer to: Computing * Request for Comments, a memorandum on Internet standards * Request for change, change management * Remote Function Call, in SAP computer systems * Rhye's and Fall of Civilization, a modification for Sid Meier's Civ ...
which must clearly define the new algorithm.


Authentication, integrity and replay protection

The above-listed encryption algorithms do not alone secure message integrity, an attacker will not be able to decrypt data but may be able to forge or replay previously transmitted data. Hence the SRTP standard also provides the means to secure the integrity of data and safety from replay. To authenticate the message and protect its integrity, the
HMAC-SHA1 In cryptography, an HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secre ...
algorithm is used. This produces a 160-bit result, which is then truncated to 80 or 32 bits to become the authentication tag appended to each packet. The HMAC is calculated over the packet payload and material from the packet header, including the packet sequence number. To protect against
replay attack A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary wh ...
s, the receiver maintains the sequence numbers of previously received messages, compares them with the sequence number in each new received message and admits the new message only if it has not been previously received. This approach relies on the integrity protection to make it impossible to modify the sequence number without detection.


Key derivation

A
key derivation function In cryptography, a key derivation function (KDF) is a cryptographic algorithm that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudorandom function (which typically uses a crypto ...
is used to derive the different keys used in a crypto context (SRTP and SRTCP encryption keys and salts, SRTP and SRTCP authentication keys) from one single ''master key'' in a cryptographically secure way. Thus, the key management protocol needs to exchange only one master key, all the necessary session keys are generated by applying the key derivation function. Periodic application of the key derivation function prevents an attacker from collecting large amounts of ciphertext encrypted with one single session key. This provides protection against certain attacks which are easier to carry out when a large amount of ciphertext is available. Furthermore, multiple applications of the key derivation function provides backwards and forward security in the sense that a compromised session key does not compromise other session keys derived from the same master key. This means that even if an attacker managed to recover a session key, he is not able to decrypt messages secured with previous and later session keys derived from the same master key. (Note that, of course, a leaked master key reveals all the session keys derived from it.) SRTP relies on an external key management protocol to set up the initial master key. Two protocols specifically designed to be used with SRTP are
ZRTP ZRTP (composed of Z and Real-time Transport Protocol) is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over IP (VoIP) phone telephony call based on the Real-time Transport Protocol. ...
and
MIKEY Mikey is a masculine given name, often a diminutive form (hypocorism) of Michael. It may also refer to: People * Mikey Ambrose (born 1993), American Major League Soccer player * Mikey Arroyo (born 1969), Filipino actor and politician, son of Phil ...
. There are also other methods to negotiate the SRTP keys. There are several vendors which offer products that use the
SDES SDES (Session Description Protocol Security Descriptions) for Media Streams is a way to negotiate the key for Secure Real-time Transport Protocol. It has been proposed for standardization to the IETF in July 2006 (see RFC khh.) How it works The ...
key exchange method.


Interoperability and applications

See for phones, servers and applications supporting SRTP.


Telephony (VoIP)

*
Asterisk (PBX) Asterisk is a software implementation of a private branch exchange (PBX). In conjunction with suitable telephony hardware interfaces and network applications, Asterisk is used to establish and control telephone calls between telecommunication ...


Web browser support

Known browsers with SRTP support of some kind *
Blink (browser engine) Blink is a browser engine developed as part of the Chromium project with contributions from Google, Meta, Microsoft, Opera Software, Adobe, Intel, IBM, Samsung, and others. It was first announced in April 2013. Naming Blink's naming was ...
family *
Chromium (web browser) Chromium is a free and open-source web browser project, mainly developed and maintained by Google. This codebase provides the vast majority of code for the Google Chrome browser, which is proprietary software and has some additional features. ...
supporting (but not universally) SRTP experimentally since 2016 *
Opera (web browser) Opera is a multi-platform web browser developed by its namesake company Opera. The browser is based on Chromium, but distinguishes itself from other Chromium-based browsers ( Chrome, Edge, etc.) through its user interface and other features. O ...
*
Vivaldi (web browser) Vivaldi ( ) is a freeware, cross-platform web browser developed by Vivaldi Technologies, a company founded by Tatsuki Tomita and Jon Stephenson von Tetzchner, who was the co-founder and Chief executive officer, CEO of Opera Software. Vivaldi was ...
Web browser families with some level of SRTP in the mainline updating branches from the core rendering system *
Gecko (software) Gecko is a browser engine developed by Mozilla. It is used in the Firefox browser, the Thunderbird email client, and many other projects. Gecko is designed to support open Internet standards, and is used by different applications to display web p ...
*
MSHTML Trident (also known as MSHTML) is a proprietary browser engine for the Microsoft Windows version of Internet Explorer, developed by Microsoft. MSHTML debuted with the release of Internet Explorer 4 in 1997. For versions 7 and 8 of Internet Expl ...
(superseded, but minimal support existed at time of expiration) *
WebKit WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as on the iOS and iPadOS version of any web browser. WebKit is also used by the BlackBerry Browser, PlayStation consoles beginning from the PS ...
So far no known SRTP support exists for text based web browsers. Although SRTP could be used to operate in a
VPN A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
, in conjunction with web browsers, no VPN networks are known to be using it.


Standards documents

* , Proposed Standard, The Secure Real-time Transport Protocol (SRTP) * , Proposed Standard, Integrity Transform Carrying Roll-Over Counter for the Secure Real-time Transport Protocol (SRTP) * , Standard 65, RTP Profile for Audio and Video Conferences with Minimal Control * , Standard 64, RTP: A Transport Protocol for Real-Time Applications * , Informational, HMAC: Keyed-Hashing for Message Authentication * , Proposed Standard, AES-GCM Authenticated Encryption in the Secure Real-time Transport Protocol (SRTP)


References

{{Reflist Cryptographic protocols