Login/Register
Difference between DTLS-SRTP and SRTP packets send over DTLS connections
Asked Answered
Solved webrtcsiprtpdtls
F

2

15

I have two SIP endpoint and wanted to send the media over DTLS-SRTP. I am little bit confuse in below points

  1. Is DTLS-SRTP and SRTP packets send over DTLS connections are same or different ?

  2. If different, Could you please explain me how are they different ?

Favorable answered 15/7, 2015 at 5:6 Comment(1)
There is no difference. DTLS-SRTP means SRTP packets sending over DTLS connection.Leatherwood
Z
15

DTLS is utilized to establish the keys that are then used for securing the RTP stream. Once the keys are established, they are used to encrypt the RTP stream to make it SRTP(nothing special about the encryption, standard SRTP rfc3711) and then sent over that DTLS channel. If you read rfc5764, you can get more specifics about what a DTLS channel is and demultiplexing the packets, etc.

So, DTLS is key MANAGEMENT for the SRTP exchange. See rfc5764 section 4.1 for a little example.

In summary: if by SRTP over a DTLS connection you mean once keys have been exchanged and encrypting the media with those keys, there is not much difference. The main difference is that with DTLS-SRTP, the DTLS negotiation occurs on the same ports as the media itself and thus packet demultiplexing must be taken into account over those ports.

Zwart answered 15/7, 2015 at 14:8 Comment(3)
So SRTP data is transmitted via DTLS, and not plain UDP, correct?Frankiefrankincense
@Frankiefrankincense see: https://mcmap.net/q/766148/-difference-between-dtls-srtp-and-srtp-packets-send-over-dtls-connectionsZwart
Got it, so it's SRTP over plain UDPFrankiefrankincense
I
16

The above answer is almost correct. In DTLS-SRTP, a DTLS handshake is indeed used to derive the SRTP master key.

However, once the master key is obtained, DTLS is not used to transmit RTP : RTP packets are encrypted using SRTP and sent directly over the underlying transport (UDP).

Incense answered 23/2, 2018 at 10:50 Comment(3)
Found your answer easier to understand. Respect.Dabchick
Is it really uses plain UDP under the hood to transfer SRTP data OR it uses DTLS?Frankiefrankincense
DTLS is purely used for key derivation during the handshake. The actual media is encrypted using SRTP, which is directly on top of UDP, no DTLS involved.Incense
Z
15

DTLS is utilized to establish the keys that are then used for securing the RTP stream. Once the keys are established, they are used to encrypt the RTP stream to make it SRTP(nothing special about the encryption, standard SRTP rfc3711) and then sent over that DTLS channel. If you read rfc5764, you can get more specifics about what a DTLS channel is and demultiplexing the packets, etc.

So, DTLS is key MANAGEMENT for the SRTP exchange. See rfc5764 section 4.1 for a little example.

In summary: if by SRTP over a DTLS connection you mean once keys have been exchanged and encrypting the media with those keys, there is not much difference. The main difference is that with DTLS-SRTP, the DTLS negotiation occurs on the same ports as the media itself and thus packet demultiplexing must be taken into account over those ports.

Zwart answered 15/7, 2015 at 14:8 Comment(3)
So SRTP data is transmitted via DTLS, and not plain UDP, correct?Frankiefrankincense
@Frankiefrankincense see: https://mcmap.net/q/766148/-difference-between-dtls-srtp-and-srtp-packets-send-over-dtls-connectionsZwart
Got it, so it's SRTP over plain UDPFrankiefrankincense

© 2022 - 2024 — McMap. All rights reserved.