Secure Calls with SRTP or SIP TLS

SRTP is an RTP profile intended to provide encryption, message authentication and integrity, and relay attach protection to the RTP data.

SIP TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications.

Verify Your Version of HMP Elements

To implement these security protocols, HMP Elements must be at Version 2.2.9.3 or later.

To update your Voice Elements Platform, you must be enrolled in our support program. If your enrollment has expired, contact Support and we can renew your enrollment and assist in updating your software to the latest version. For more information, see our Support Policy.

Set up HMP Elements to Receive Secure Calls

To receive secure calls, the sender must include a cryptography key in the INVITE for the new call.

This is done by sending an INVITE with a crypto attribute of AES_CM_128_HMAC_SHA1_80, and SAVP in the m=audio line like this:

1INVITE sip:184@123.45.67 SIP/2.0
2...
3v=0
4o=- 20038 20038 IN IP4 192.168.50.22
5s=SDP data
6c=IN IP4 192.168.50.22
7t=0 0
8m=audio 11848 RTP/SAVP 0 8 18 9 101
9a=rtpmap:0 PCMU/8000
10a=ptime:20
11a=sendrecv
12a=rtpmap:101 telephone-event/8000
13a=fmtp:101 0-15
14a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:YjU5OWUwZTdddIyMTdjzzUzMzE5ODk5NjJj5WZi

This method is known as SDES (Session Description Protocol Security Descriptions) and is defined in RFC 4568.

(When using the above method, it is best to have the user or carrier connecting to HMPelements using TLS so that the SDP is encrypted. Otherwise the session key is sent in plain text.) But it will still work with UDP or TCP.

Placing Secure Calls

To PLACE secure calls you must cast the ChannelResource to a SipChannel:

1SipChannel sipChannel = m_ChannelResource as SipChannel;
2if (sipChannel != null)
3{
4    sipChannel.OriginatingCallerIdName = nextStationData.CallerIdName;
5    sipChannel.TransportProtocol = TransportProtocol.TLS;
6    sipChannel.RtpEncryptionMode = RtpEncryptionMode.SecuredOnly;
7}
8m_channelResource.Dial(...);

Where Transport Protocol is:

1// Summary:
2//     The Transport Protocol used for the SIP Session
3public enum TransportProtocol
4{
5    //
6    // Summary:
7    //     Transport is unspecified
8    Unspecified = 0,
9    //
10    // Summary:
11    //     UDP Transport
12    UDP = 1,
13    //
14    // Summary:
15    //     TCP Transport
16    TCP = 2,
17    //
18    // Summary:
19    //     TLS over TCP Transport
20    TLS = 3,
21    //
22    // Summary:
23    //     WebRTC Socket
24    WebRTC = 101
25}

And:

1// Summary:
2//     The requested encryption mode for the call's RTP stream
3public enum RtpEncryptionMode
4{
5    //
6    // Summary:
7    //     Only unsecured RTP will be used
8    UnsecuredOnly = 0,
9    //
10    // Summary:
11    //     Only secured RTP will be used
12    SecuredOnly = 1,
13    //
14    // Summary:
15    //     Secure RTP is preferred but unsecured is allowed
16    SecuredPreferredUnsecuredAllowed = 2,
17    //
18    // Summary:
19    //     Unsecured RTP is preferred but secured is allowed
20    UnsecuredPreferredSecuredAllowed = 3
21}

Was this article helpful to you? No Yes 16