What is SIPS and SRTP?
In Voice over IP telephony, two standard protocols are used. SIP (Session Initiation Protocol) creates the connection from peer to peer (e.g. phone to phone or phone to phone system). Let’s say it sets the switches for the audio stream. Once the connection is established, the RTP (Real time Transport Protocol) is used to transport the audio or video data. A big security issue of standard SIP/RTP connections is that SIP messages and RTP streams can be intercepted and read/listened to by every one with basic network technology knowledge. Due to this, it is recommend to use plain SIP/RTP only in local area networks (LAN) and not via the public internet.
To overcome the security flaws of SIP and RTP and safely make secure calls via the internet, encrypted versions of both protocols have been developed. SIPS, which stands for SIP Secure, is SIP, extended with TLS (Transport Layer Security). With this TLS, a secure connection between IP PBX and VoIP telephone can be established using a handshake approach. SRTP encodes the voice into encrypted IP packages and transport those via the internet from the transmitter (IP phone system) to the receiver (IP phone or softphone), once SIPS has initiated a secure connection. To allow the receiver to decrypt the packages, a key is sent via SIPS, while the connection is initiated in the previous step.
Using SIPS/SRTP, a secure peer to peer connection is used not just used for the audio but also while the connection is established. That means not just the audio is encrypted, but also the connection details (who is calling whom etc.). To use those secure protocols, all involved devices have to support SIPS and SRTP. If one peer does not support those protocols, it is not possible to establish a secure connection. It is recommended to use SIPS and SRTP in scenarios where attacks from the outside world are to expect (i.e. in the cloud or if no VPN is available).
Starting from version 4.0 AskoziaPBX fully supports SIPS and SRTP.
Common Questions about IP Phone Systems, PBX and VoIP
- Best practices for secure VoIP telephony
- Connect multiple PBXs and IP phone systems
- Firewall for VoIP PBX
- How can I save energy with Green VoIP and my IP PBX?
- How to do call recording with your IP PBX
- Inhouse vs. Hosted PBX
- IP Door Intercom Systems
- Medical Office PBX
- PBX for Law Firms
- Smart Housing and public announcements via VoIP
- VoIP Telephony Glossary
- What are SIP or VoIP phones?
- What do FXS and FXO mean?
- What is a PBX Phone System?
- What is a softphone?
- What is a voicemail system?
- What is BLF?
- What is a Call Flow?
- What is Computer Telephony Integration (CTI)?
- What is PRI?
- What is SIP Trunking?
- What is SIP?
- What is SIPS and SRTP?
- What is VPN?