How WebRTC Uses SRTP for Secure Media
WebRTC (Web Real-Time Communication) relies on the Secure Real-time Transport Protocol (SRTP) to ensure that audio and video streams transmitted between peers remain private and secure. This article explores how WebRTC integrates SRTP, the cryptographic mechanisms behind it, and why this protocol is essential for preventing eavesdropping and tampering during real-time communication.
What is SRTP?
The Real-time Transport Protocol (RTP) is the standard format for delivering audio and video over IP networks. However, standard RTP does not have built-in security features. SRTP is a security profile that extends RTP to provide:
- Encryption: Scrambles the media payload so that only authorized recipients can decode it.
- Authentication: Verifies that the media packets actually originated from the claimed sender.
- Integrity: Ensures the media packets have not been altered or tampered with during transit.
- Replay Protection: Prevents attackers from intercepting and re-sending packets to disrupt the stream.
WebRTC mandates the use of SRTP for all media streams. Unencrypted RTP is not permitted in the WebRTC specification.
Key Exchange via DTLS-SRTP
Before SRTP can encrypt media, the two connecting peers must securely agree on encryption keys without exposing them to intermediaries. WebRTC accomplishes this using Datagram Transport Layer Security (DTLS).
The process, known as DTLS-SRTP, operates in the following sequence:
- Connection Establishment: The peers use ICE (Interactive Connectivity Establishment) to find a direct network path and establish a connection.
- DTLS Handshake: Once connected, the peers perform a DTLS handshake over the established data path. This handshake allows the peers to authenticate each other using self-signed certificates (which are validated against fingerprints exchanged earlier in the Session Description Protocol (SDP) signaling).
- Key Derivation: During the DTLS handshake, the peers negotiate cryptographic algorithms and generate a shared master secret. This secret is used to derive the encryption and authentication keys specifically for the SRTP media session.
By using DTLS to generate the keys, WebRTC ensures that key exchange happens directly between the peers (end-to-end), preventing signaling servers from accessing the media keys.
How SRTP Secures Media Packets
Once the keys are established, the WebRTC media engine processes outgoing media through the SRTP layer.
1. Selective Encryption
SRTP does not encrypt the entire packet. It encrypts only the RTP payload (the actual video or audio data). The RTP header—which contains routing information like sequence numbers, timestamps, and payload types—remains unencrypted. This allows network routers to prioritize and route the packets efficiently without needing to decrypt the media content.
2. Message Authentication and Integrity
To prevent tampering, SRTP appends a Cryptographic Message Authentication Code (HMAC) to the end of each packet. WebRTC commonly uses algorithms like HMAC-SHA1 or AEAD (Authenticated Encryption with Associated Data) ciphers like AES-GCM. The receiver uses this code to verify that the packet header and encrypted payload have not been modified since they were sent.
3. Replay Protection
SRTP maintains a “sliding window” index of recently received packet sequence numbers. If an attacker captures an SRTP packet and attempts to inject it back into the stream later, the receiver detects the duplicate sequence number and immediately discards the packet.
Conclusion
WebRTC utilizes SRTP to guarantee end-to-end security for real-time media. By combining DTLS for secure peer-to-peer key exchange with SRTP for low-latency media encryption, authentication, and replay protection, WebRTC ensures that web-based voice and video communications remain private, secure, and tamper-proof.