R2511-HP MSR Router Series Voice Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

141

142

143

144

145

146

147

148

149

150

136

using their own digital certificates and can communicate with each other only after passing

authentication. SIP messages are encrypted during SIP over TLS transmissions to prevent your data from

being sniffed. This increases the security of voice communications.

For more information about signaling encryption, see "Configuring TLS for SIP sessions."

IP over TLS requires the configuration of TLS security policies. For information about how to configure the

TLS security policies, see Security Configuration Guide.

Media flow encryption

Real-time Transport Protocol (RTP) and Real-time Transport Control Protocol (RTCP) are supported media

flow protocols. RTP provides end-to-end real-time transmission for real-time data such as audio and video

data. RTCP monitors data transmission in real time and performs congestion and traffic control in time.

RTP and RTCP can work together to optimize the transmission efficiency by providing efficient replies and

minimizing overheads.

Media flows are transmitted in plain text. To ensure transmission security, the Secure Real-Time Transport

Protocol (SRTP) was introduced.

SRTP provides for encryption of the RTP/RTCP packet payload, for authentication of the entire RTP/RTCP

packet, and for packet replay protection. For more information about media flow encryption, see

"Configuring media flow protocols for SIP calls."

he first step of SRTP encryption is to negotiate encryption information, which can only be carried in the

crypto header field of the Session Description Protocol (SDP) at present. The initiator sends its encryption

information to the receiver for negotiation. If the negotiation is successful, the receiver returns

corresponding encryption information. After a session is established, each end uses its own key to

encrypt sent RTP/RTCP packets and uses the key of the peer to decrypt received RTP/RTCP packets.

As shown in Table 14, SDP

negotiation includes the following cryptographic attributes:

Table 14 Cryptographic attributes

Attribute Descri

tion Remarks

Tag

The tag attribute is an identifier for a particular cryptographic

attribute to determine which of the several offered cryptographic

attributes was chosen by the receiver.

Required.

Crypto-Suite

The crypto-suite attribute defines the encryption and

authentication algorithm. The device supports suites

AES_CM_128_HMAC_SHA1_80 and

AES_CM_128_HMAC_SHA1_32.

Required.

Key Parameters

The key parameters attribute defines key information, including

the key generation algorithm and the key value.

Required.

Session

Parameters

The session parameters attribute defines session parameters,

such as key generation rate, UNENCRYPTED_SRTP,

UNENCRYPTED_SRTCP, UNAUTHENTICATED_SRTP, and FEC.

Optional.

Not supported.

When SRTP is used to encrypt RTP/RTCP packets, the encryption engine, if enabled, encrypts and

authenticates RTP/RTCP packets. If the encryption engine is disabled, the CPU encrypts and

authenticates RTP/RTCP packets. For more information about the encryption engine, see Security

Configuration Guide.

SRTP is available only for SIP calls. SIP trunk devices do not support SRTP.