R0106-HP MSR Router Series Voice Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

100

Media authentication and encryption

SIP supports two media stream protocols: Real-Time Transport Protocol (RTP) and Real-Time Transport

Control Protocol (RTCP). RTP provides end-to-end transmission for real-time data, such as interactive voice

and video. RTCP monitors transmission quality and provides congestion control and flow control. RTP and

RTCP work together to achieve optimal transmission efficiency by providing efficient feedback and

minimizing overheads.

Secure Real-Time Transport Protocol (SRTP) enhances RTP by encrypting RTP/RTCP packets and providing

authentication and retransmission. For information about configuring media stream protocols for SIP, see

"Configuring SRTP for SIP calls."

TP r

equires encryption negotiation. The device supports encryption negotiation only through the crypto

headers in the Session Description Protocol (SDP). The initiator of negotiation sends its encryption

attributes to the peer, and the peer returns the attributes if it accepts them. Each party encrypts and

decrypts RTP/RTCP packets by using the negotiated key.

Table 9 Negotiation attributes

Attribute Descri

tion Remarks

Tag

Identifies a particular cryptographic attribute to determine which of the

offered cryptographic attributes was chosen by the receiver.

Mandatory.

Crypto-Suite

Defines the encryption and authentication algorithms. The device only

supports the AES_CM_128_HMAC_SHA1_80 and

AES_CM_128_HMAC_SHA1_32 suites.

Mandatory.

Key Parameters Includes the key generation method and key value. Mandatory.

Session

Parameters

Includes the key derivation rate, UNENCRYPTED_SRTP,

UNENCRYPTED_SRTCP, UNAUTHENTICATED_SRTP, and FEC.

Optional; not

supported.

TLS and SRTP can be used separately or together. TLS can secure SIP messages (user information), and

SRTP can secure media packets (the contents of calls). HP recommends that you enable both TLS and

SRTP.

Crypto engine for SIP

Signaling/media authentication and encryption can be implemented by software or hardware.

• Software implementation—Complex authentication and encryption/decryption algorithms

consume excessive CPU resources and affect overall device processing efficiency.

• Hardware implementation—Complex algorithms are processed by the hardware crypto engine

and have no impact on device processing efficiency. The device sends the data to the hardware

crypto engine. After the crypto engine completes data encryption/decryption, it sends the data

back to the device.

For more information about crypto engines, see Security Configuration Guide.

SIP configuration task list

Tasks at a

lance

Configuring SIP UA registration

• (Optional.) Configuring SIP credentials

• (Required.) Enabling a POTS entity to register with the registrar

• (Required.) Configuring registrar information