How to encrypt calls with RTP encryption?

download Download: rtp-encryption.zip

This article is a brief introduction about RTP call encryption in relation with Ozeki VoIP SIP SDK. After reading through this page you will be fully familiar with all the essential terms concerning RTP encryption and what you will need for creating your own solution using Ozeki VoIP SIP SDK.

voip rtp encryption
Figure 1 - VoIP RTP encryption

What is RTP encryption?

The Secure Real-time Transport Protocol (or SRTP) defines a profile of RTP (Real-time Transport Protocol), intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast applications.
For encryption and decryption of the data flow (and hence for providing confidentiality of the data flow), SRTP utilizes AES (Advanced Encryption Standard) as the default cipher. AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. TLS and SSL encrypt the segments of network connections above the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.
Please note that, the security keys will be sent via SIP messages, so it's highly recommended to encrypt the SIP messages as well, when you are using RTP encryption.

How to implement RTP encryption using C#?

Ozeki VoIP SIP SDK supports SRTP encryption for the phone line objects. You can set the SRTPMode property of the phone line. The SRTPMode is an enum defined in the Ozeki.Network namespace. It defines three SRTP modes: None, Prefer and Force.

Ozeki VoIP SIP SDK provides three types of SRTP modes:

  • SRTPMode.None: The None SRTPMode is the default value for the encryption. If you do not set the SRTP mode in your program, there will be no RTP encryption for the calls.
  • SRTPMode.Prefer: If you set the SRTP mode to Prefer, the system will try to encrypt the RTP connection, but there will be no encryption if one of the clients does not support it.
  • SRTPMode.Force: If the SRTP mode is set to Force, the RTP connection will be encrypted no matter what.

When using UDP for message transmission, you need to select some of the codecs to disable as the maximum length of 1500 bytes of the UDP packet will be exceeded if all the codecs are enabled when using SRTP mode.

The RTP encryption can be used in the case of an Ozeki VoIP SIP SDK supported softphone application by setting it's phone line object's SRTPMode property with the preferred SRTP mode, as the following example introduces.

RTP encryption example in C#

using System;
using Ozeki.VoIP;

namespace RTP_Encryption
{
    class Program
    {
        static ISoftPhone softphone;   // softphone object
        static IPhoneLine phoneLine;   // phoneline object

        private static void Main(string[] args)
        {
            // Create a softphone object with RTP port range 5000-10000
            softphone = SoftPhoneFactory.CreateSoftPhone(5000, 10000);

            // SIP account registration data, (supplied by your VoIP service provider)
            var registrationRequired = true;
            var userName = "sipusername";
            var displayName = "sipdisplayname";
            var authenticationId = "authenticationid";
            var registerPassword = "Password";
            var domainHost = "pbxip.voipprovider.com";
            var domainPort = 5060;

            var account = new SIPAccount(registrationRequired, displayName, userName, authenticationId, registerPassword, domainHost, domainPort);

            // Send SIP regitration request
            RegisterAccount(account);

            // Prevents the termination of the application
            Console.ReadLine();
        }

        static void RegisterAccount(SIPAccount account)
        {
            try
            {
                phoneLine = softphone.CreatePhoneLine(account);
                phoneLine.Config.SRTPMode = SRTPMode.Force;
                phoneLine.RegistrationStateChanged += sipAccount_RegStateChanged;
                softphone.RegisterPhoneLine(phoneLine);
            }
            catch (Exception ex)
            {
                Console.WriteLine("Error during SIP registration: " + ex);
            }
        }

        static void sipAccount_RegStateChanged(object sender, RegistrationStateChangedArgs e)
        {
            if (e.State == RegState.Error || e.State == RegState.NotRegistered)
                Console.WriteLine("Registration failed!");

            if (e.State == RegState.RegistrationSucceeded)
                Console.WriteLine("Registration succeeded - Online!");
        }
    }
}

Related Pages

More information