Secure Real-Time Transport Protocol and Transport Layer Security go together like peanut butter and jelly. These two protocols work together to encrypt your phone calls in modern phone systems. To really understand them though, we need a brief history lesson in how media worked in the past, and even what “media” is.
“Media” is a blanket term for content being transmitted. This is commonly audio and video. Media is almost exclusively transmitted in real-time, opposed to, uh, not… real-time. Basically, Real-Time media is transmitted as it is generated, unlike loading a webpage or downloading a file – which are sent in chunks and assembled into the final product after all the data has been received. Without real-time media, the best we’d be able to do is have an audio conversation like we check our voice mail – which is not ideal for communicating efficiently.
Back in the analog days, media was set as electronic “waves” over a wire. Phones would translate those “waves” into audio and play it through a speaker. Real-time. Now that phone systems send media over an IP network, analog “waves” aren’t an option. So, enter the Real Time Protocol – or RTP.
RTP uses one of various “codecs”, which are basically rules for how the analog audio is converted into binary so it can be transmitted on an IP network. Codecs do this by a “sampling” the analog media as binary snapshots. The more snapshots the codec makes, the higher the quality and, usually, the higher the packet size.
The problem is RTP can easily be captured by a packet sniffer on the network and rebuilt – putting your phone calls in jeopardy of being listened-in on. By utilizing S-RTP, remember the S is for Sexy -expression change – no it’s not, you can encrypt the media being handled by RTP – protecting your phone calls from snoopers.
TLS is utilized in the other part of phone calls – who you’re calling and for how long. TLS sits on top of a protocol like SIP, which is transmitting information like “Who are you calling” and “when did you call them”. So if you want to protect you call history – you want to use TLS. TLS also ensures that attackers can’t “pose” as a friendly phone system and make expensive long distance calls on your dime.
Again, typically, utilizing TLS implies that you’re also using SRTP. This technically is not a requirement, but encrypting one without the other really does not make sense.
So that’s SRTP and TLS! They work very closely with protocols like SIP which actually establishes the phone calls in a phone system.
If you want to know how SIP works, I invite you to take my Udemy Course: Introduction to SIP! Use the coupon code TA-Youtube for 50% off. Click here to go there now.