Secure RTP

The use of Real-time Transport Protocol (RTP) is described, and how to configure Blueworx Voice Response to enable it.

Real-time Transport Protocol (RTP) is a protocol that is used with Voice over IP to send audio data. Secure RTP provides confidentiality and message authentication to RTP data. It can be used to prevent people from listening to or tampering with the audio data sent over an unsecure network like the internet. Secure RTP uses more computational resources than an unsecure, uncompressed RTP stream due to the cryptographic operations involved.

To enable secure RTP, open the VoIP DTEA and DTNA Media Configuration Settings window and change the RTP Security Negotiation setting. There are three different options:

The default. Blueworx Voice Response does not accept secure RTP for inbound or offer secure RTP for outbound calls. Inbound calls that offer secure RTP only, are rejected with a 488 Not Accepted Here response.
Blueworx Voice Response uses only secure RTP. Inbound calls not capable of secure RTP are rejected with a 488 Not Accepted Here response, and outbound calls that are made by Blueworx Voice Response offer secure RTP only.
For inbound calls Blueworx Voice Response accepts secure RTP if offered, but also accepts calls if only RTP is offered. If both secure RTP and RTP are offered, secure RTP is used. For outbound calls, both secure RTP and RTP are offered.

When Secure RTP has been configured for either Secure or Both, partial support is provided for optional crypto session parameters (RFC 4568 section 6.3). See RTP Security Negotiation for more information.

It is important to note that secure RTP does not offer any protection to the signaling data of a Voice over IP communication. The signaling data is handled by the SIP protocol, and it too can be made secure. See Secure SIP for details. Secure RTP is independent of secure SIP and does not need secure SIP enabled to function. Using secure RTP on its own is not recommended because the negotiation of the cipher keys in the signaling messages is handled in the SIP messages. An attacker who reads these SIP messages could then decode and listen to the RTP stream. For complete security, secure SIP must also be configured and enabled.