SIP and RTP Security

Secure RTP

Sinch Contact Center supports Secure RTP (SRTP) between different types of terminals attached to the system, which are not behind 3rd party gateways. When streaming towards a third party hardware or software acting as a gateway, the secure stream is routed via the MRS server that makes the necessary conversion and relays plain RTP toward the external component. SRTP support is implemented using the following standards:

• RFC 3711 – Secure Real-time Protocol.Sinch Contact Center supports 128-bit AES encryption algorithm and 32-bit authentication tag length, (AES_CM_128_HMAC_SHA1_32)

• RFC 4568 – Session Description Protocol (SDP) Security Descriptions for Media Streams. This is used to negotiate SRTP support with compliant SIP endpoints (for example, desk phones)

Session Border Controller (SBC)

SIP connections can also be made secure by using third-party Session Border Controller (SBC) software or device. This is especially important if SIP terminals or gateways reside on insecure networks. SBC should always be used at the edge of corporate network and internet. The main purpose of SBC is to control SIP calls media and signaling across networks. Session Border Control takes over the control of signaling and usually also the media streams involved in setting up, conducting, and tearing down VoIP calls. SBC can solve NAT traversal issues and firewall configuration. Some SBCs are able to offload data encryption function from other elements in the network by terminating SIP-TLS, IPSec and SRTP.