Secure Calls with SRTP or SIP TLS

⌘K
  2. Home
  4. Programmable Voice
  6. HMP Elements
  8. Secure Calls with SRTP or SIP TLS

Secure Calls with SRTP or SIP TLS

SRTP is an RTP profile intended to provide encryption, message authentication and integrity, and relay attach protection to the RTP data.

SIP TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications.

Verify Your Version of HMP Elements

To implement these security protocols, HMP Elements must be at Version 2.2.9.3 or later.

To update your Voice Elements Platform, you must be enrolled in our support program.  If your enrollment has expired, contact Support and we can renew your enrollment and assist in updating your software to the latest version.  For more information, see our Support Policy.

Set up HMP Elements to Receive Secure Calls

To receive secure calls, the sender must include a cryptography key in the INVITE for the new call.

This is done by sending an INVITE with a crypto attribute of AES_CM_128_HMAC_SHA1_80, and SAVP in the m=audio line like this:

INVITE sip:184@123.45.67 SIP/2.0
...
v=0
o=- 20038 20038 IN IP4 192.168.50.22
s=SDP data
c=IN IP4 192.168.50.22
t=0 0
m=audio 11848 RTP/SAVP 0 8 18 9 101
a=rtpmap:0 PCMU/8000
a=ptime:20
a=sendrecv
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:YjU5OWUwZTdddIyMTdjzzUzMzE5ODk5NjJj5WZi

This method is known as SDES (Session Description Protocol Security Descriptions) and is defined in RFC 4568.

(When using the above method, it is best to have the user or carrier connecting to HMPelements using TLS so that the SDP is encrypted. Otherwise the session key is sent in plain text.) But it will still work with UDP or TCP.

Placing Secure Calls

To PLACE secure calls you must cast the ChannelResource to a SipChannel:

          
SipChannel sipChannel = m_ChannelResource as SipChannel;
if (sipChannel != null)
{
    sipChannel.OriginatingCallerIdName = nextStationData.CallerIdName;
    sipChannel.TransportProtocol = TransportProtocol.TLS;
    sipChannel.RtpEncryptionMode = RtpEncryptionMode.SecuredOnly;
}
m_channelResource.Dial(...);

Where Transport Protocol is:

// Summary:
//     The Transport Protocol used for the SIP Session
public enum TransportProtocol
{
    //
    // Summary:
    //     Transport is unspecified
    Unspecified = 0,
    //
    // Summary:
    //     UDP Transport
    UDP = 1,
    //
    // Summary:
    //     TCP Transport
    TCP = 2,
    //
    // Summary:
    //     TLS over TCP Transport
    TLS = 3,
    //
    // Summary:
    //     WebRTC Socket
    WebRTC = 101
}

And:

// Summary:
//     The requested encryption mode for the call's RTP stream
public enum RtpEncryptionMode
{
    //
    // Summary:
    //     Only unsecured RTP will be used
    UnsecuredOnly = 0,
    //
    // Summary:
    //     Only secured RTP will be used
    SecuredOnly = 1,
    //
    // Summary:
    //     Secure RTP is preferred but unsecured is allowed
    SecuredPreferredUnsecuredAllowed = 2,
    //
    // Summary:
    //     Unsecured RTP is preferred but secured is allowed
    UnsecuredPreferredSecuredAllowed = 3
}
Was this article helpful to you? No Yes 16

How can we help?