Best Practices for Securing RTP Media Signaled with SIP

Although the Session Initiation Protocol (SIP) includes a suite of security services that has been expanded by numerous specifications over the years, there is no single place that explains how to use SIP to establish confidential media sessions. Additionally, existing mechanisms have some feature gaps that need to be identified and resolved in order for them to address the pervasive monitoring threat model. This specification describes best practices for negotiating confidential media with SIP, including both comprehensive protection solutions which bind the media to SIP-layer identities as well as opportunistic security solutions.

[1]  Jon Peterson,et al.  A Privacy Mechanism for the Session Initiation Protocol (SIP) , 2002, RFC.

[2]  Christer Holmberg,et al.  A Session Initiation Protocol (SIP) Usage for Incremental Provisioning of Candidates for the Interactive Connectivity Establishment (Trickle ICE) , 2021, RFC.

[3]  Peter Saint-Andre,et al.  Trickle ICE: Incremental Provisioning of Candidates for the Interactive Connectivity Establishment (ICE) Protocol , 2018, RFC.

[4]  Stephen Farrell,et al.  Pervasive Monitoring Is an Attack , 2014, RFC.

[5]  Jon Peterson,et al.  Authenticated Identity Management in the Session Initiation Protocol (SIP) , 2018, RFC.

[6]  Tirumaleswar Reddy,et al.  DTLS-SRTP Handling in SIP Back-to-Back User Agents , 2016, RFC.

[7]  Arno Fiedler,et al.  Certificate transparency , 2014, Commun. ACM.

[8]  Jon Peterson,et al.  Secure Telephone Identity Credentials: Certificates , 2018, RFC.

[9]  Ari Keränen,et al.  Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal , 2018, RFC.

[10]  Eric Rescorla,et al.  Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security (DTLS) , 2010, RFC.

[11]  Jim Schaad,et al.  Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification , 2019, RFC.

[12]  Dan Wing,et al.  Session Description Protocol (SDP) Security Descriptions for Media Streams , 2006, RFC.

[13]  Jon Peterson,et al.  PASSporT: Personal Assertion Token , 2018, RFC.

[14]  Mary Barnes,et al.  ACME Challenges Using an Authority Token , 2019 .

[15]  Tirumaleswar Reddy,et al.  Session Traversal Utilities for NAT (STUN) Usage for Consent Freshness , 2015, RFC.

[16]  Francois Audet,et al.  Session Description Protocol (SDP) Offer/Answer Negotiation For Best-Effort Secure Real-Time Transport Protocol , 2006 .

[17]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[18]  Barry Leiba,et al.  Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words , 2017, RFC.

[19]  Mats Näslund,et al.  The Secure Real-time Transport Protocol (SRTP) , 2004, RFC.

[20]  Jon Callas,et al.  ZRTP: Media Path Key Agreement for Unicast Secure RTP , 2011, RFC.

[21]  Jon Peterson,et al.  Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP) , 2006, RFC.

[22]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[23]  Rifaat Shekh-Yusef,et al.  HTTP Digest Access Authentication , 2015, RFC.

[24]  Mark Handley,et al.  SDP: Session Description Protocol , 1998, RFC.

[25]  Suhas Nandakumar,et al.  Session Description Protocol (SDP) Offer/Answer procedures for Interactive Connectivity Establishment (ICE) , 2019 .

[26]  Bernard Aboba,et al.  An Opportunistic Approach for Secure Real-time Transport Protocol (OSRTP) , 2019, RFC.

[27]  John Elwell Connected Identity in the Session Initiation Protocol (SIP) , 2007, RFC.