Configuring Media (Srtp) Security - AudioCodes Mediant 1000B User Manual


Software Configuration: The device must be configured as follows:
•
Set the MediaChannels parameter to the maximum number of required IP media
channels, regardless of the module from where the channels are obtained.
Note: Setting the MediaChannels parameter to a value that is greater than the
available DSP resources that is provided by the MPM module(s) can result in the
"stealing" of DSP resources from the B-channels of the PRI spans.
•
Set the IPmediaChannels parameter to the number of DSP channels that you
want to "borrow" (use) from each PRI module for the SBC application and IP-to-IP
application. The setting below shows an example of borrowing DSP channels
from PRI modules #1 and #2:
[IPMediaChannels]
FORMAT IPMediaChannels_Index = IPMediaChannels_ModuleID,
IPMediaChannels_DSPChannelsReserved;
IPMediaChannels 1 = 1, 15;
IPMediaChannels 2 = 2, 10;
[\IPMediaChannels]
Notes:
•
If the device is not installed with an MPM module and you want the device to
"borrow" DSP channels from the PRI modules, you must set the
EnableIPMediaChannels parameter to 1. This parameter is automatically enabled
when the device is installed with an MPM module.
•
The value of IPMediaChannels_DSPChannelsReserved must be in multiples of 5.
•
By default, the MPM module is set to the maximum number of IP media channels.
Therefore, there is no need to define it with the IPmediaChannels parameter.
•
By default, the IPMediaChannels_DSPChannelsReserved parameter for all PRI
modules is set to 0 (i.e., no "borrowing" of IP media channels).

14.10 Configuring Media (SRTP) Security

The device supports Secured RTP (SRTP) according to RFC 3711. SRTP is used to
encrypt RTP and RTCP transport for protecting VoIP traffic. SRTP requires a key
exchange mechanism that is performed according to RFC 4568 – "Session Description
Protocol (SDP) Security Descriptions for Media Streams". The key exchange is done by
adding a 'crypto' attribute to the SDP. This attribute is used (by both sides) to declare the
various supported cipher suites and to attach the encryption key. If negotiation of the
encryption data is successful, the call is established.
SRTP supports the following cipher suites (all other suites are ignored):

AES_CM_128_HMAC_SHA1_32

AES_CM_128_HMAC_SHA1_80
When the device is the offering side, it generates an MKI of a size configured by the
'Master Key Identifier (MKI) Size' parameter. The length of the MKI is limited to four bytes.
If the remote side sends a longer MKI, the key is ignored. The key lifetime field is not
supported. However, if it is included in the key it is ignored and the call does not fail.
User's Manual
Mediant 1000B Gateway & SBC
186 Document #: LTRT-27034