In bandwidth and power constrained environments, such as mobile telephony, it is important to minimize the data and complexity of processing that is required by protocols that establish secure real-time communication of data over a network.
There is an established field of real-time communications over Internet Protocol (IP) networks, which underpins widespread applications such as Voice over IP (VoIP). There are standard protocols such as Session Initiation Protocol (SIP) and Real-Time Transport Protocol (RTP) which support unencrypted real-time traffic. Secure RTP (SRTP) has been extended to encrypt real-time traffic. However, none of these protocols are well suited for bandwidth limited environments.
FIG. 1 shows a conventional system using the above-mentioned protocols. A mobile end point (110) communicates over a wireless network (100) with an IP network (200). The IP network contains a SIP stateful proxy (210), a second SIP stateful proxy (211) and a SIP stateless proxy (220). A mobile end point (110) invites another end point (120) to establish a call, using the SIP protocol, by passing messages to (210), (220) and (211). The SIP stateful servers exchange the final call-setup SIP messages by communicating directly between each other. When the call is set-up, each end point communicates directly with the other and the end points send the real-time data to each other without encryption using RTP, or encrypted using SRTP.
SRTP supports symmetric VoIP data encryption with Advanced Encryption Standard (AES). To encrypt a call using SRTP, the end points must first obtain a shared secret encryption key. Then they each use that key to encrypt the voice data that passes between them.
In some conventional systems, each end point selects the session key from a list of keys that have previously been loaded into each end point using a secure method, which often involves physical delivery to the end point or each end point securely obtains the session key over the network from a key server. Both scenarios are bandwidth intensive. Moreover, use of a key server constitutes an aggregated risk.
The present disclosure is directed toward, but not limited to, improving the above noted problems by providing minimal protocol messages to provide secure real-time communication in a bandwidth limited network environment.