SFrame
Table of Contents
There are two layers of encryptions and authentication are required:
1. Hop-by-hop (HBH) encryption of media, metadata, and feedback
messages between the the endpoints and SFU
2. End-to-end (E2E) encryption of media between the endpoints
While DTLS-SRTP can be used as an efficient HBH mechanism, it is
inherently point-to-point and therefore not suitable for a SFU
context. In addition, given the various scenarios in which video
calling occurs, minimizing the bandwidth overhead of end-to-end
encryption is also an important goal
SRTP can do encryption as below
+-------------------------------+-------------------------------+^+
|V=2|P|X| CC |M| PT | sequence number | |
+-------------------------------+-------------------------------+ |
| timestamp | |
+---------------------------------------------------------------+ |
| synchronization source (SSRC) identifier | |
|=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=| |
| contributing source (CSRC) identifiers | |
| .... | |
+---------------------------------------------------------------+ |
| RTP extension(s) (OPTIONAL) | |
+^---------------------+------------------------------------------+ |
| | payload header | | |
| +--------------------+ payload ... | |
| | | |
+^+---------------------------------------------------------------+^+
| : authentication tag : |
| +---------------------------------------------------------------+ |
| |
++ Encrypted Portion Authenticated Portion +--+
Figure 1: SRTP packet format
Comments |0|
Category: Uncategorized