Media Security - Secure RTP (SRTP)
MGU provides VoIP security according to the SRTP protocol (RFC 3711 and RFC 6188), using data flow encryption with AES in Counter Mode (CM) and authentication with HMAC-SHA1.
Data Flow Encryption
For encryption and decryption of the data flow, SRTP standardizes utilization of only a single cipher, Advanced Encryption Standard (AES), which can be used in two cipher mode: Integer Counter Mode (CM) or F8 Mode. Only CM is supported in MGU.
Authentication
AES algorithm does not secure message integrity itself, to authenticate the message and protect its integrity, the keyed-Hash Message Authentication with Secure Hash Standard (HMAC-SHA1) algorithm is used
Key Derivation
In SRTP, the different keys used in a crypto context (SRTP encryption and salt keys, and SRTP authentication key) is derived from one single Master Key (per media direction). That is, from the master keys all the necessary session keys are generated by applying the key derivation function. MGU derives the Master key for the transmitted SRTP stream from a high entropy random source. The Master key for received SRTP stream (derived by remote end-point or gateway) is received from the MX-ONE Service Node. The master keys are derived only once before the call set up. Re-keying is thus not supported.