Secure RTP

Real-time Transport Protocol (RTP) is a protocol that is used with Voice over IP to send audio data. Secure RTP provides confidentiality and message authentication to RTP data. It can be used to prevent people from listening to or tampering with the audio data sent over unsecure networks like the internet. Secure RTP uses more computational resources than an unsecure, uncompressed RTP stream due to the cryptographic operations involved.

The configuration options that control the use of RTP and SRTP for each of these are described in Security Configuration Options

These configuration options can have one of the following settings:

NONE

The default. Blueworx Voice Response does not accept secure RTP for inbound or offer secure RTP for outbound SIP requests. Inbound SIP requests that offer secure RTP only, are rejected with a 488 Not Accepted Here response.

OPTIONAL

For inbound SIP requests Blueworx Voice Response accepts secure RTP if offered, but also accepts SIP requests if only RTP is offered. If both secure RTP and RTP are offered, secure RTP is used. For outbound SIP requests, both secure RTP and RTP are offered.

MANDATORY

Blueworx Voice Response uses only secure RTP. Inbound SIP requests not capable of secure RTP are rejected with a 488 Not Accepted Here response, and outbound SIP requests that are made by Blueworx Voice Response offer secure RTP only.

It is important to note that secure RTP does not offer any protection to the signaling data of a Voice over IP communication. The signaling data is handled by the SIP protocol, and it too can be made secure. See Secure SIP for details. Secure RTP is independent of secure SIP and does not need secure SIP enabled to function.

Using secure RTP on its own is not recommended because the negotiation of the cipher keys in the signaling messages is handled in the SIP messages. An attacker who reads these SIP messages could then decode and listen to the RTP stream. For complete security, secure SIP must also be configured and enabled.