SRTP, Secure Real-time Transport Protocol

Protocol suite:	TCP/IP.
Protocol type:	Application layer protocol.
Base protocol:	RTP, Real-Time Protocol.
RTP profile:	RTP/SAVP.
Port:	5004 (UDP).
SNMP MIBs:
Working groups:
Working groups:	avt, Audio/Video Transport.
Links:	IANA: RTP parameters. www.cs.columbia.edu/~hgs/rtp

MAC header

IP header

UDP header

RTP header

SRTP message

SRTP header:

00	16	24
RTP extension :::
Payload :::	Pad	Pad count
MKI
Authentication tag

RTP extension.

Payload.

Pad.

Pad count.

MKI, Master Key Identifier. Variable length.
This field is defined, signaled and used by key management. MKI identifies the master key from which the session key(s) were derived that authenticate and/or encrypt the particular packet. Note that the MKI SHALL NOT identify the SRTP cryptographic context. The MKI MAY be used by key management for the purposes of re-keying, identifying a particular master key within the cryptographic context

Authentication tag. Variable length.
This field is used to carry message authentication data. The Authenticated Portion of an SRTP packet consists of the RTP header followed by the encrypted portion of the SRTP packet. Thus, if both encryption and authentication are applied, encryption SHALL be applied before authentication on the sender side and conversely on the receiver side. The authentication tag provides authentication of the RTP header and payload, and it indirectly provides replay protection by authenticating the sequence number. Note that the MKI is not integrity protected as this does not provide any extra protection.

Glossary:

RFCs:

[RFC 3711] The Secure Real-time Transport Protocol (SRTP).

Defines RTP profile RTP/SAVP.

[RFC 4383] The Use of Timed Efficient Stream Loss-Tolerant Authentication (TESLA) in the Secure Real-time Transport Protocol (SRTP).

Category: Standards Track.

Publications:

Obsolete RFCs: