Configuring Media (Srtp) Security - AudioCodes Mediant 800B User Manual
Gateway & enterprise sbc (e-sbc)
Hide thumbs
Also See for Mediant 800B:
- User manual (1258 pages) ,
- Installation and maintenance manual (104 pages) ,
- Hardware installation manual (56 pages)
Table of Contents
Advertisement
•
'AGC Maximum Gain' (AGCMaxGain) - Defines the maximum gain (in dB) by the
AGC when activated.
•
'AGC Disable Fast Adaptation' (AGCDisableFastAdaptation) - Enables the AGC
Fast Adaptation mode.
3.
When
(TranscodingMode) parameter must be set to Force. The parameter can either be the
global parameter or per IP Profile.
4.
Click Apply.
14.7
Configuring Media (SRTP) Security
The device supports Secured RTP (SRTP) according to RFC 3711. SRTP is used to
encrypt RTP and RTCP transport for protecting VoIP traffic. SRTP requires a cryptographic
key exchange mechanism to negotiate the keys. To negotiate the keys, the device
supports the Session Description Protocol Security Descriptions (SDES) protocol
(according to RFC 4568) or Datagram Transport Layer Security (DTLS) protocol for SBC
calls. For more information on DTLS, see SRTP using DTLS Protocol on page 224. The
key exchange is done by adding the 'a=crypto' attribute to the SDP. This attribute is used
(by both sides) to declare the various supported cipher suites and to attach the encryption
key. If negotiation of the encryption data is successful, the call is established.
SRTP supports the following cipher suites (all other suites are ignored):
AES_CM_128_HMAC_SHA1_32
AES_CM_128_HMAC_SHA1_80
ARIA_CM_128_HMAC_SHA1_80
ARIA_CM_192_HMAC_SHA1_80
When the device is the offering side (SDP offer), it can generate a Master Key Identifier
(MKI). You can configure the MKI size globally (using the SRTPTxPacketMKISize
parameter) or per SIP entity (using the IP Profile parameter, IpProfile_MKISize). The length
of the MKI is limited to four bytes. If the remote side sends a longer MKI, the key is ignored.
Note:
•
Gateway application: The device only initiates the MKI size.
•
SBC application: The device can forward MKI size transparently for SRTP-to-
SRTP media flows or override the MKI size during negotiation (inbound or
outbound leg).
The key lifetime field is not supported. However, if it is included in the key it is ignored and
the call does not fail. For SBC calls belonging to a specific SIP entity, you can configure the
device to remove the lifetime field in the 'a=crypto' attribute (using the IP Profile parameter,
IpProfile_SBCRemoveCryptoLifetimeInSDP).
For SDES, the keys are sent in the SDP body ('a=crypto') of the SIP message and are
typically secured using SIP over TLS (SIPS). The encryption of the keys is in plain text in
the SDP. The device supports the following session parameters:
UNENCRYPTED_SRTP
UNENCRYPTED_SRTCP
UNAUTHENTICATED_SRTP
Session parameters should be the same for the local and remote sides. When the device is
the offering side, the session parameters are configured by the following parameter -
'Authentication On Transmitted RTP Packets', 'Encryption On Transmitted RTP Packets,
and 'Encryption On Transmitted RTCP Packets'. When the device is the answering side,
User's Manual
using
AGC
with
the
Mediant 800B Gateway & E-SBC
SBC
application,
222
the
'Transcoding
Mode'
Document #: LTRT-10632
Advertisement
Table of Contents
