18.1.3.9. Voice Encryption 
Figure 374. Voice Encryption
SRTP is used for all connections (HFA, SIP, IPDA) for payload encryption.
SRTP is based on the Advanced Encryption Standard (AES). Depending on
the connection type MIKEY, SDES or MEK is used for encryption.
For this purpose, the endpoints generate (cryptographically) random
128-bit long keys. The key exchange between the participating communication
partners takes place in the framework of signaling (see Section 1.3.2,
“Signaling encryption”). Depending on the connection
type, MIKEY, SDES or internal OpenScape 4000 mechanisms are used for
generating or exchanging keys.
All keys are essentially only used once, i.e. they apply exclusively
for the duration of the relevant voice connection. Stations are shown
a message as to whether the call is end-to-end encrypted.
IPDA
Because there are no signaling connections for IPDA media streams
the usage of MIKEY for key agreement is not possible. Instead following
concept will be implemented:
- A database routing (DNIL) generates a call specific SRTP master encryption key and some other SRTP parameters e.g. key length, salt key.
- CallProcessing (CP) conveys this SRTP parameters within the path switching message (PATH_SWITCH) to the involved parties.
- The corresponding IP gateway (STMIx/NCUIx) uses the newly added parameters to generate the same SRTP parameter set as provided by MIKEY and uses it for the payload encryption.