Polycom®, Inc.
173
Implementing Media Encryption for
Secured Conferencing
Encryption is available at the conference and participant levels, based on AES 128 (Advanced Encryption
Standard) and is fully H.233/H.234 compliant and the Encryption Key exchange DH 1024-bit
(Diffie-Hellman) standards.
Media Encryption Guidelines
●
Encryption is not available in all countries and it is enabled in the MCU license. Contact Polycom
Support to enable it.
●
Media encryption is supported in CP, SVC Only and mixed CP and SVC Conferencing Modes.
●
Endpoints must support both AES 128 encryption and DH 1024 key exchange standards which are
compliant with H.235 (H.323) to encrypt and to join an encrypted conference.
●
The encryption mode of the endpoints is not automatically recognized, therefore the encryption mode
must be set for the conference or the participants (when defined).
●
Conference level encryption must be set in the Profile, and cannot be changed once the conference
is running.
●
If an endpoint connected to an encrypted conference stops encrypting its media, it is disconnected
from the conference.
●
In Cascaded conferences, the link between the cascaded conferences must be encrypted in order to
encrypt the conferences.
●
The recording link can be encrypted when recording from an encrypted conference to the RSS that
is set to encryption. For more information, see
Recording Link Encryption
.
●
Encryption of SIP Media is supported using
SRTP
(
Secured Real-time Transport Protocol
) and the
AES
key exchange method.
●
Encryption of SIP Media requires the encryption of SIP signaling - TLS Transport Layer must be used.
●
Encryption of SIP Media is supported in conferences as follows:
All media channels are encrypted: video, audio and FECC.
Collaboration Server SRTP implementation complies with Microsoft SRTP implementation.
LPR is not supported with SRTP.
The
ENABLE_SIRENLPR_SIP_ENCRYPTION
System Flag enables the SirenLPR audio
algorithm when using encryption with the SIP protocol. The default value of this flag is
NO
meaning SirenLPR is disabled by default for SIP participants in an encrypted conference. To
enable SirenLPR the System Flag must be added to system.cfg and its value set to
YES
.