What is SIPS and SRTP?

In Voice over IP telephony, two standard protocols are used. SIP (Session Initiation Protocol) creates the connection from peer to peer (e.g. phone to phone or phone to phone system). Let’s say it sets the switches for the audio stream. Once the connection is established, the RTP (Real time Transport Protocol) is used to transport the audio or video data. A big security issue of standard SIP/RTP connections is that SIP messages and RTP streams can be intercepted and read/listened to by every one with basic network technology knowledge. Due to this, it is recommend to use plain SIP/RTP only in local area networks (LAN) and not via the public internet.

To overcome the security flaws of SIP and RTP and safely make secure calls via the internet, encrypted versions of both protocols have been developed. SIPS, which stands for SIP Secure, is SIP, extended with TLS (Transport Layer Security). With this TLS, a secure connection between IP PBX and VoIP telephone can be established using a handshake approach. SRTP encodes the voice into encrypted IP packages and transport those via the internet from the transmitter (IP phone system) to the receiver (IP phone or softphone), once SIPS has initiated a secure connection. To allow the receiver to decrypt the packages, a key is sent via SIPS, while the connection is initiated in the previous step.

Scheme of a SIPS/SRTP connection

Using SIPS/SRTP, a secure peer to peer connection is used not just used for the audio but also while the connection is established. That means not just the audio is encrypted, but also the connection details (who is calling whom etc.). To use those secure protocols, all involved devices have to support SIPS and SRTP. If one peer does not support those protocols, it is not possible to establish a secure connection. It is recommended to use SIPS and SRTP in scenarios where attacks from the outside world are to expect (i.e. in the cloud or if no VPN is available).

Starting from version 4.0 AskoziaPBX fully supports SIPS and SRTP.