Secure RTP

Secure RTP (SRTP), as defined by RFC 3711, is a protocol that adds encryption, confidentiality, and integrity to the actual voice part of VoIP calls that use RTP and RTCP (Real Time Control Protocol). As we saw in the previous section, wrapping SIP or H.323 traffic over TLS protects the authentication information; however, the more important part of the call is probably the actual media stream that contains the audio. A SIP infrastructure using TLS with a cleartext RTP media stream still allows attackers to eavesdrop on or inject audio into calls and acquire confidential information.

SRTP works by encrypting the RTP payload of a packet. The RTP header information is not encrypted because the receiving endpoints, routers, and switches ...

Get Hacking VoIP now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.