A security profile for the Real-time Transport Protocol (RTP), which is widely used for delivering audio and video over IP networks, such as in Voice over IP (VoIP), video conferencing, and live streaming. SRTP was standardized by the Internet Engineering Task Force (IETF) in RFC 3711 to address the security vulnerabilities in RTP, which transmits data in cleartext by default.
SRTP ensures confidentiality, message authentication, and integrity for RTP streams. It encrypts the payload data, so eavesdroppers cannot access the transmitted media, and it uses authentication tags to confirm that packets have not been tampered with during transmission. SRTP also helps protect against replay attacks by using sequence numbers and rollover counters.
The protocol operates efficiently, adding minimal overhead to real-time communications, making it suitable for latency-sensitive applications. It can work alongside key management protocols such as Session Initiation Protocol (SIP) with Secure/Multipurpose Internet Mail Extensions (S/MIME), Datagram Transport Layer Security (DTLS), or ZRTP to handle encryption key exchange.
Key Components of SRTP
- Encryption: Typically uses the Advanced Encryption Standard (AES) in counter mode to ensure media data is protected from interception.
- Authentication and integrity: Employs HMAC-SHA1 to validate packet authenticity and prevent alteration.
- Replay protection: Uses sequence numbers and anti-replay mechanisms to stop attackers from resending old packets.
- Low overhead: Designed to work in real-time environments without introducing significant delays or bandwidth requirements.
SRTP is widely adopted in secure communications platforms, including WebRTC-based applications, SIP-based VoIP services, and enterprise collaboration tools, providing a balance of strong security and real-time performance.
Related Martech Zone Content
