next up previous contents
Next: Key Distribution Up: Media Encryption Previous: IP Security Architecture

RTP Security

Eventually all low layer security services will be provided by the IP security architecture. However, since deployment of security is never speedy, due to government intervention and export problems, RTP [#!rtp!#]has defined how streams can be encrypted at the RTP layer to provide confidentiality.

The base encryption algorithm used is DES in CBC mode, with the initialisation vector chosen to be zero. RTP packets have pseudo random headers from the time stamp, but since RTCP has known plaintext at the start of each packet, a random 32 bit number is prepended to the RTCP header before encryption. Each packet is padded to multiples of 64 bits before encryption. Validity checks on each header are used to ensure that the data has been decrypted properly, such as checking that the payload types are known, and the SSRC id has been seen before.

Key munging techniques are outside the scope of the specification but are agreed between the implementors of tools which desire to be inter-operable.



Jon CROWCROFT
1998-12-03