In-spite of the flexibility provided by the Internet Protocol (IP) platform, Voice over Internet Protocol (VOIP) calls might still be going in an unencrypted format! This means, it might not be completely protected and a strong-minded hacker might be able to access the VoIP calls. In VoIP, two different types of protocol are used. One is responsible to establish and terminate the calls and another is responsible to transmit voice in real time. Session Initiation Protocol (SIP) is an open standard signaling protocol that initiates and enables a VOIP call, the data (voice packets) flow from one device to another using the Real-time Transport Protocol (RTP). RTP generally flows directly between the two communicating devices (IP Phones) over the UDP transport layer of the IP Network.
The issue is, RTP communications are transmitted in clear text. Most of the telephone communications in the analog world were transmitted in their native form. Well, that’s the reason they were tapped! At least in the analog world, the intruder needs to access the particular phone line that is transmitting the voice physically in order to intercept the communications. But in the IP world, the hacker might stay where he is, compromise the communicating device (or any device in the same network) and access the communications!
That’s why SRTP – Secure Real-time Transport Protocol has been introduced. SRTP not only encrypts the multimedia payload (voice, video, etc) but it also protects the message integrity and prevents attackers from tampering with the message. SRTP protects the voice traffic on the application layer. So SRTP provides features like encryption (to prevent hackers from understanding the content of the message) and authentication (to provide message integrity). SRTP is lightweight and does not consume much bandwidth. The packet sizes are limited and RTP header compression can be done independently in order to transmit information more efficiently.