Cryptographic security for communication protocols adds data overhead to the protocols that it protects, and it is highly desirable to minimize the extent of that data overhead. Many communication protocols are designed to minimize the amount of data on the network. This is the case for Secure Real-time Transport Protocol (RTP), which commonly carries payloads as short as 20 bytes, and it is especially important for low-power wireless scenarios, such as those defined by IEEE 802.15, in which the maximum packet size is around 100 bytes.
Anti-replay protection is an essential part of communications security, as are confidentiality (through encryption) and message authentication. Anti-replay protection is usually provided by incorporating a sequence number in each message, and including that sequence number in the part of the message that is authenticated. This basic technique is used in Transport Layer Security (TLS), Encapsulating Security Payload (ESP), Authentication Header (AH), IEEE 802.11i, and other protocols.
Encryption algorithms typically have an Initialization Vector (IV), and message authentication requires an Integrity Check Value (ICV) (also sometimes called an Authentication Tag or Message Authentication Code (MAC)). Thus, a typical communications security protocol includes an IV, an ICV, and a sequence number. An IV can be 8-16 bytes, an ICV is often 12-16 bytes, and a sequence number is often 4 bytes, for a total of 24-36 bytes of overhead.
Some communication security protocols omit part of the sequence number, and rely on the receiver's ability to correctly guess the omitted part. This is done in Secure RTP and in ESP with the “extended sequence number” facility. However, this can create synchronization problems between the sender and receiver, especially in multiple-receiver scenarios and late-joiner scenarios, both of which occur in SRTP and can occur in ESP.