SRTP

Secure Real-time Transport Protocol

Security
Introduced in Rel-8
SRTP is a profile of RTP that provides confidentiality, message authentication, and replay protection for real-time media streams like voice and video. It is a fundamental security protocol for VoIP, video conferencing, and multimedia services in 3GPP's IMS and 5G networks.

Description

The Secure Real-time Transport Protocol (SRTP) is a 3GPP-standardized protocol that provides security services for Real-time Transport Protocol (RTP) traffic and its control counterpart, RTCP (secured via SRTCP). SRTP is defined as a cryptographic profile of RTP, meaning it adds security features to the standard RTP packet format without altering the underlying RTP header structure. It operates on a packet-by-packet basis, providing end-to-end security between the media endpoints, such as a UE and a Media Resource Function Processor (MRFP) or another UE in a direct communication.

SRTP works by applying cryptographic transforms to the RTP payload. For confidentiality, it encrypts the payload using a symmetric cipher, typically the Advanced Encryption Standard (AES) in Counter Mode (AES-CM). This mode is chosen because it generates a keystream that can be applied via bitwise XOR, making it efficient and error-tolerant—a single bit error in ciphertext only corrupts the corresponding bit in plaintext. For authentication and integrity, SRTP appends a Message Authentication Code (MAC), computed using a keyed hash function like HMAC-SHA1, to each packet. This MAC covers the RTP header, payload, and a packet index. A crucial mechanism is the use of a rolling packet index (derived from the RTP sequence number) and a master key to generate unique session keys for encryption and authentication for each packet, preventing key reuse.

Architecturally, SRTP relies on an external key management protocol (e.g., MIKEY, DTLS-SRTP, or 3GPP-specific key delivery from the core network) to establish a shared security context between endpoints. This context includes the master key, master salt, cryptographic suite, and the SRTP/SRTCP index rollover counters. The SRTP processing layer is typically implemented within the media stack. When sending media, the RTP payload is encrypted, the authentication tag is calculated and appended, and the resulting SRTP packet is sent over UDP/IP. The receiver performs the inverse operations: it validates the authentication tag using the replay list for replay protection, then decrypts the payload. In 3GPP networks, SRTP is mandatory for protecting media streams in IMS-based services like VoLTE, ViLTE, and Rich Communication Services (RCS), ensuring privacy and integrity for millions of real-time communications.

Purpose & Motivation

SRTP was developed to address the severe security shortcomings of the standard RTP protocol, which transmits media in the clear. As telecommunications migrated to all-IP networks with 3GPP's IMS, voice and video became vulnerable to eavesdropping, tampering, and replay attacks over untrusted IP networks like the public internet. The purpose of SRTP is to provide a standardized, efficient, and mandatory security layer specifically designed for the unique constraints of real-time media: low latency, tolerance to packet loss, and high packet rates.

The creation of SRTP within the 3GPP ecosystem was motivated by the need for a solution that could be deployed ubiquitously across devices and networks without breaking existing RTP-based applications. Previous network-level security (e.g., IPsec) was often too heavy, complex to manage end-to-end, and could introduce unacceptable latency or incompatibility with Network Address Translation (NAT). SRTP solves these problems by operating at the application layer, adding minimal overhead (typically 4-10 bytes for the auth tag and 4 bytes for the index), and using ciphers suitable for streaming media. It enables secure commercial VoIP and video services, protects user privacy, and allows operators to meet regulatory requirements for communication security, forming the bedrock for trusted multimedia delivery in 4G and 5G.

Key Features

  • Provides confidentiality for RTP media payloads using efficient stream ciphers like AES in Counter Mode (AES-CM)
  • Ensures message authentication and integrity for entire RTP packets using a keyed Message Authentication Code (MAC)
  • Includes built-in replay protection through a packet index and replay list mechanism
  • Defined as a profile of RTP, maintaining compatibility with existing RTP infrastructure and middleboxes
  • Uses a derived key mechanism to generate unique encryption and authentication keys for each packet from a master key
  • Mandatory for protecting media streams in 3GPP IMS services (e.g., VoLTE, ViLTE) and other packet-switched multimedia applications

Evolution Across Releases

Rel-8 Initial

Initial adoption and specification of SRTP as the mandatory security protocol for RTP media in 3GPP IMS and Packet-Switched Streaming (PSS). Defined the supported cryptographic transforms (AES-CM for encryption, HMAC-SHA1 for auth) and key management via MIKEY.

TS 23.334TS 23.701TS 24.380TS 24.501TS 24.581TS 26.179TS 26.234TS 26.244TS 26.281TS 26.522TS 26.806TS 26.812TS 26.822TS 26.880TS 26.998TS 29.380TS 29.582TS 33.179TS 33.180TS 33.246TS 33.303TS 33.328TS 33.871TS 33.879TS 33.880TS 37.579
Rel-9

Enhanced integration with IMS service continuity and single radio voice call continuity (SRVCC). Refined key management procedures and clarified SRTP usage for emergency calls and other critical IMS communication services.

TS 23.334TS 23.701TS 24.380TS 24.501TS 24.581TS 26.179TS 26.234TS 26.244TS 26.281TS 26.522TS 26.806TS 26.812TS 26.822TS 26.880TS 26.998TS 29.380TS 29.582TS 33.179TS 33.180TS 33.246TS 33.303TS 33.328TS 33.871TS 33.879TS 33.880TS 37.579
Rel-11

Expanded SRTP support for new advanced media services and codecs introduced with IMS Multimedia Telephony. Strengthened end-to-end security requirements for operator-provided multimedia communications.

TS 23.334TS 23.701TS 24.380TS 24.501TS 24.581TS 26.179TS 26.234TS 26.244TS 26.281TS 26.522TS 26.806TS 26.812TS 26.822TS 26.880TS 26.998TS 29.380TS 29.582TS 33.179TS 33.180TS 33.246TS 33.303TS 33.328TS 33.871TS 33.879TS 33.880TS 37.579
Rel-13

Updated specifications to align with evolving IETF standards for SRTP, potentially supporting newer encryption modes or authentication algorithms. Solidified SRTP's role in the mass deployment of VoLTE services.

TS 23.334TS 23.701TS 24.380TS 24.501TS 24.581TS 26.179TS 26.234TS 26.244TS 26.281TS 26.522TS 26.806TS 26.812TS 26.822TS 26.880TS 26.998TS 29.380TS 29.582TS 33.179TS 33.180TS 33.246TS 33.303TS 33.328TS 33.871TS 33.879TS 33.880TS 37.579
Rel-15

Fully integrated SRTP into the 5G system architecture for native IMS-based voice and multimedia services. Ensured SRTP operates effectively in 5G environments with network slicing, edge computing, and ultra-reliable low-latency communication (URLLC) requirements.

TS 23.334TS 23.701TS 24.380TS 24.501TS 24.581TS 26.179TS 26.234TS 26.244TS 26.281TS 26.522TS 26.806TS 26.812TS 26.822TS 26.880TS 26.998TS 29.380TS 29.582TS 33.179TS 33.180TS 33.246TS 33.303TS 33.328TS 33.871TS 33.879TS 33.880TS 37.579

Defining Specifications

SpecificationTitle
TS 23.334 3GPP TS 23.334
TS 23.701 3GPP TS 23.701
TS 24.380 3GPP TS 24.380
TS 24.501 3GPP TS 24.501
TS 24.581 3GPP TS 24.581
TS 26.179 3GPP TS 26.179
TS 26.234 3GPP TS 26.234
TS 26.244 3GPP TS 26.244
TS 26.281 3GPP TS 26.281
TS 26.522 3GPP TS 26.522
TS 26.806 3GPP TS 26.806
TS 26.812 3GPP TS 26.812
TS 26.822 3GPP TS 26.822
TS 26.880 3GPP TS 26.880
TS 26.998 3GPP TS 26.998
TS 29.380 3GPP TS 29.380
TS 29.582 3GPP TS 29.582
TS 33.179 3GPP TR 33.179
TS 33.180 3GPP TR 33.180
TS 33.246 3GPP TR 33.246
TS 33.303 3GPP TR 33.303
TS 33.328 3GPP TR 33.328
TS 33.871 3GPP TR 33.871
TS 33.879 3GPP TR 33.879
TS 33.880 3GPP TR 33.880
TS 37.579 3GPP TR 37.579