SRTP (Secure Real-time Transport Protocol)

What is SRTP?

The Secure Real-time Transport Protocol (SRTP) is an extension of RTP (Real-time Transport Protocol) that adds security features. It is the standard for delivering secure audio and video in WebRTC and most modern VoIP systems.

Key Security Features

• Confidentiality (Encryption): SRTP encrypts the payload (the actual audio/video data) so that even if packets are intercepted, they cannot be played back. Note: The RTP header remains unencrypted to allow routers to manage the traffic.
• Message Authentication: Ensures that the data hasn't been tampered with or corrupted during transit.
• Replay Protection: Prevents attackers from capturing packets and re-sending them later to disrupt the call.

How Keys are Exchanged

SRTP itself does not have a mechanism to generate encryption keys. Instead, it relies on an external key management protocol. In WebRTC, DTLS (Datagram Transport Layer Security) is used to perform the initial handshake and securely exchange the master keys that SRTP uses to encrypt the media stream.