Configuring Security Features
239
To upload a device certificate via web user interface:
1. Click on Security->Server Certs.
2. Click Browse to locate the certificate (*.pem or *.cer) from your local system.
3. Click Upload to upload the certificate.
Secure Real-Time Transport Protocol
During a confidential call, you can configure Secure Real-Time Transport Protocol (SRTP) to
encrypt RTP streams to avoid interception and eavesdropping. Both RTP and RTCP signaling
may be encrypted using an AES algorithm as described in RFC3711. Encryption modifies the
data in the RTP streams so that, if the data is captured or intercepted, it cannot be
understood—it sounds like noise. Only the receiver knows the key to restore the data. To use
SRTP encryption for SIP calls, the participants in the call must enable SRTP simultaneously. When
this feature is enabled on both systems, the encryption algorithm utilized for the session is
negotiated between the systems. This negotiation process is compliant with RFC 4568.
When a site places a call on the SRTP enabled system, the system sends an INVITE message with
the RTP encryption algorithm to the destination system.
The following is an example of the RTP encryption algorithm carried in the SDP of the INVITE
message:
m=audio 11780 RTP/SAVP 0 8 18 9 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:NzFlNTUwZDk2OGVlOTc3YzNkYTkwZWVkMTM1YWFj
a=crypto:2 AES_CM_128_HMAC_SHA1_32
inline:NzkyM2FjNzQ2ZDgxYjg0MzQwMGVmMGUxMzdmNWFm
a=crypto:3 F8_128_HMAC_SHA1_80 inline:NDliMWIzZGE1ZTAwZjA5ZGFhNjQ5YmEANTMzYzA0
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:9 G722/8000
To Next Page
Loading...
Need help?
General
