Home

SRTP

SRTP, or Secure Real-time Transport Protocol, is a security extension to the Real-time Transport Protocol (RTP) that provides confidentiality, data integrity, and source authentication for real-time audio and video streams. It is designed to protect media traffic in applications such as VoIP, video conferencing, and streaming while preserving low latency.

Technical overview: SRTP does not replace RTP but adds cryptographic services to its media flow. The protocol

Key management: Keys used by SRTP are established by separate signaling or key-exchange protocols. Common approaches

Security properties and limitations: SRTP provides confidentiality for media payloads, data integrity, and protection against impersonation

uses
a
master
key
and
a
master
salt
to
derive
session
keys
for
encryption
and
for
message
authentication.
The
default
encryption
is
AES
in
Counter
Mode
(AES-CM),
and
message
authentication
is
typically
performed
with
HMAC-SHA1
using
a
truncated
tag
(commonly
80
or
96
bits).
An
authentication
tag
is
appended
to
each
SRTP
packet
to
ensure
integrity
and
origin,
and
an
optional
Master
Key
Identifier
(MKI)
can
be
used
when
multiple
keys
are
active
for
a
single
stream.
SRTP
also
includes
anti-replay
protection
via
a
sequence-number
window.
include
SDES
(signaling-based
key
exchange),
DTLS-SRTP
(DTLS-based
negotiation
used
in
WebRTC)
and
MIKEY.
Once
keys
are
exchanged,
each
endpoint
derives
the
ongoing
SRTP
session
keys
for
encryption
and
authentication.
of
the
sender.
It
does
not
secure
the
signaling
plane,
and
security
depends
on
correct
implementation
and
secure
key
management.
Like
any
security
mechanism,
SRTP
assumes
trusted
endpoints
and
proper
configuration
to
be
effective.