Sip Security Tls Srtp

Encryption and Authentication

  • Symmetric key encryption, commonly used in media encryption, such as SRTP.

Advanced Encryption Standard (AES) , Triple Data Encryp-tion Standard (3DES) , Rivest Cipher 4 (RC4)

  • Public key cryptography, also known as asymmetric key cryptography. commonly used on the Internet today with SIP as part of transmission layer security (TLS)

Encrypt using public key, decrypt with private key.
Rivest Shamir Adellmann algorithm (RSA) ,
Diffi e-Hellman Cryptography. It is used in ZRTP. This is a very clever scheme that allows two parties to generate the same secret key independently. This is done by exchanging a few parameters between the parties, but this secret key is never transmitted from one party to the other. A third party able to view all the messages exchanged is still not able to generate the same secret key.

Message Authentication

A common first step to provide authentication of messages is to use a message digest function.

message digest

A message digest is a one-way mathematical function that produces a fi xed length output from a variable length input string.
MD5 (message digest 5) and SHA-1 (secure hash 1) are examples of message digest algorithms.

A keyed hashed message authentication code (HMAC) is a message digest function followed by encryption. For example, HMAC-SHA-1 uses the SHA-1 message digest followed by encryption.
If the key used is the private key of a public key pair, the HMAC can be used as a digital signature.

Digital Certificates

A digital certificate is a data object that makes assertions about identity. A common data format is known as X.509.

how does web browser verify certificates?
1) Your web browser downloads the web server's certificate, which contains the public key of the web server. This certificate is signed with the private key of a trusted certificate authority.
2) Your web browser comes installed with the public keys of all of the major certificate authorities. It uses this public key to verify that the web server's certificate was indeed signed by the trusted certificate authority.
3) The certificate contains the domain name and/or ip address of the web server. Your web browser confirms that the address listed in the certificate is the one to which it has an open connection.

IPSec vs TLS


IPSec operates at the IP layer of the protocol stack. As a result, it works with any transport protocol above it in the protocol stack, such as TCP and UDP, and protocols such as SIP and RTP run over it
without any changes. In general, an IPSec session needs to be established be-tween hosts on the Internet. Sometimes, this session is called a virtual private network or VPN.

IPSec needs symmetric keys in both hosts. IPSec is commonly used between hosts or between gateways where there is significant traffic exchanged.

However, for general SIP communications, which might go to multiple hosts, establishing multiple VPNs to all hosts prior to sending SIP or RTP is difficult.


Transmission layer security (TLS) is a security protocol that operates at a shim layer between the application layer and the TCP transport layer. The current version of TLS is 1.1, although versions 1.0 and earlier versions, known as secure sockets layer (SSL). TLS is widely used on the In-ternet today for secure Web browsing.

Datagram TLS or DTLS is a version of TLS that uses UDP transport.

TLS is actually two protocols :
1) One being a handshake protocol used to setup connections, perform authentication, and generate a shared secret.
2) The other protocol is the transport protocol, which uses the shared secret for bulk data encryption.

The handshake protocol usually uses digital certificates for authentication while the transport protocol uses a symmetric cipher such as AES or 3DES to encrypt the data.


sample x.509 certificate:

TLS is often used to secure SIP on a hop by hop basis.

SIP Security

SIP message can be authenticated in multiple ways:
1) it is received over an IPSec or VPN tunnel that has previously been authenticated.
2) Another method is if it is received over a TLS connection that has been properly authenticated.
3) SIP messages can also include a digital signature, done using S/MIME. this is end to end.
4) In addition, SIP can utilize HTTP digest authentication for a challenge/response authentication mechanism. The shared secret is never sent in the SIP message, but instead a message digest
5 (MD5) hash is sent instead.

SIP over TLS

Secure SIP or SIPS is a URI scheme for SIP that requires the use of TLS for every hop. As such, a proxy receiving a request with a SIPS Request-URI must either
forward the request over a TLS connection or return an error message. The registered SIP port for TLS is 5061

RTP Security


the whole RTP packet in DTLS, TLS cannot provide authentication over more than one hop.


header is still in plain text, but RTP payload is encrypted.

SRTP Keying Protocols

  • MIKEY RFC3830 Multimedia Internet keying, deployment is very limited. MIKEY uses the a=key-mgt SDP attribute
  • SDES RFC4568 SDP security descriptions, uses the a=crypto SDP attribute

Since this approach effectively involves sending the SRTP key openly in the SDP offer or answer, SIP must provide confi dentiality, authorization, and integrity protection for the keying material. While normal security requirements would mean that this required either 1) end-to-end S/MIME encryption of the SDP, in practice, 2) many deployments rely instead on hop-by-hop transport for SIP over TLS.

Both MIKEY and SDES keying approaches have limitations when used in actual SIP deployments. For example, when SIP forking, redirection, for-warding, and other features are invoked, the resulting security properties are problematic. As a result, two new keying methods have been developed: DTLS-SRTP [33] and ZRTP [10]. Both of these keying methods perform the keying in the media path.

  • DTLS-SRTP [33] DTLS SRTP key management.

DTLS-SRTP uses the SIP offer/answer exchange to establish a DTLS connection between the SIP UAs over the same address and port as the media session. A secret from the DTLS handshake is
used to derive SRTP keying material. same as TLS is hop by hop, this method is susceptible to an active MitM attack.

  • ZRTP [10] ZRTP media path key management for SRTP
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License