Security is always one of the most important aspects of communication. Security leaks may damage personal or corporate properties like intellectual property, business secrets, personal privacy, account credentials, etc. In IMS (IP Multimedia Subsystem), communication security is usually realized by using secured media streams protected by secured protocols.
SRTP (Secure Real-Time Transfer Protocol) is commonly used as media transport protocol to secure the RTP/RTCP (Real-Time Transfer Protocol/Real-Time Transfer Control Protocol) media streams between a UE (User Equipment) and a MGW (Media GateWay). However, SRTP does not provide key management functionality, but instead depends on external key management functions to exchange secret master keys, and to negotiate the algorithms and parameters for use with those keys. DTLS-SRTP (Datagram Transport Layer Security-Secure Real-Time Transfer Protocol) is an ideal combination which provides the performance and encryption flexibility benefits of SRTP using DTLS-integrated key and association management. DTLS keying happens on the media path, independent of any out-of-band signaling channel.
For DTLS-SRTP, the DTLS handshake between UE and MGW is used to negotiate and agree keying material, algorithms, and parameters for SRTP. However, DTLS needs certificate fingerprints from both, MGW and UE. DTLS certificate fingerprints and setup attributes are exchanged via SDP (Session Description Protocol) Offer/Answer between the UE and a SBC (Session Border Controller). The UE fingerprint and setup attributes are provided to the MGW over an ITU-T H.248 protocol. In the return direction, the MGW fingerprint and setup attributes are provided to the SBC over the ITU-T H.248 protocol and are then forwarded to the UE. Once certificate fingerprints and setup attributes are successfully exchanged, DTLS negotiation can be initiated in order to start the SRTP based secured media stream.
In practice DTLS negotiation takes some time to complete, prolonging the overall session set-up time. In a typical IMS system, DTLS negotiation may take up to several seconds, leading to a very bad user experience and potentially harming the operator's reputation.
In addition, in a typical network scenario, the UE is located behind a NAT (Network Address Translation) device, preventing the UE from unauthorized access from the network side. So if the UE is behind a NAT, the UE is initially not reachable from the network side. This leads to the further problem that DTLS negotiation cannot be initiated from the MGW. Only the UE can open a pinhole in its NAT and initiate the DTLS handshake towards the MGW.