DTLS-SRTP

The Oracle® Enterprise Session Border Controller (ESBC) supports Datagram Transport Layer Security (DTLS) to establish SRTP media traffic over UDP. You configure DTLS-SRTP security profiles and apply them to the realms that include end stations that request this security. The ESBC uses DTLS within the context of SRTP (DTLS-SRTP) per RFC 5764. This DTLS-SRTP feature provides for secure media, supports the same transfer scenarios supported for SDES-SRTP, and also supports unattended transfer, and music on hold scenarios.

DTLS operation on the ESBC is equivalent to SDES operation. It provides security against common evesdropping, tampering and message forgery. DTLS can operate over UDP. The use of UDP can eliminate some delay associated with connection protocols.

DTLS-SRTP differs from previous attempts to secure media traffic where the authentication and key exchange protocol, such as with Multimedia Internet KEYing (MIKEY) RFC3830, is piggybacked in the signaling message exchange. With DTLS-SRTP, establishing the protection of the media traffic between the endpoints is done by the media endpoints with only a cryptographic binding of the media keying to the SIP/SDP communication.