Saturday, June 16, 2007

Secure transport of media ( Voip )

What ?

What is secure transport of media ?

Think, you use a voip application ( voip phone or any other voip application ) and you are transfering money from bank. You pass your details ( SIN,DOB, Address, Telphone Pin etc ) and all these data can be sniffed and played by some other user in the network using a simple sniffer.

This is possible because, for Internet communications, media is normally transported using RTP.

What is RTP ?
The Real-time Transport Protocol (RTP) defines a standardized packet format for delivering audio and video over the Internet. RTP is not secure, means anybody can capture RTP and can access the content media transmitted over RTP.For secure communications of media using RTP use SRTP.

What is SRTP ?

The Secure Real-time Transport Protocol (SRTP) defines a profile of RTP (Real-time Transport Protocol), intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast applications.


How you can say SRTP is secure and how it make sure its secure ?

For encryption and decryption of the data flow (hence providing confidentiality of the data flow), SRTP standardizes utilization of only a single cipher, AES, which can be used in two cipher modes, which turn the originally block AES cipher into a stream cipher.

To authenticate the message and protect its integrity, the HMAC-SHA1 algorithm (defined in RFC 2104) is used, which produces a 160-bit result, which is then truncated to 80 bits to become the authentication tag appended to the packet

SRTP relies on an external key management protocol to set up the initial master key. Two protocols specifically designed to be used with SRTP are ZRTP and Mikey.

There are also other methods to negotiate the SRTP keys. There are several vendors which offer products that use the SDES key exchange method

WOW, brain overload, say me something simple.

K ,Simple words. SRTP requires other protocols for making secure sessions. There are 3 ways to do this

1) ZRTP - a key agreement protocol which performs Diffie-Hellman key exchange during call setup in-band in the Real-time Transport Protocol (RTP) media stream which has been established using some other signaling protocol such as Session Initiation Protocol (SIP). This generates a shared secret which is then used to generate keys and salt for a Secure RTP (SRTP) session.

ZRTP can be used with any signaling protocol, including SIP, H.323, Jabber, and Peer-to-Peer SIP. ZRTP is independent of the signaling layer, because it does all its key negotiations in the RTP media stream.

more details :

2) MIKEY - a key management scheme that can be used for real-time applications (both for peer-to-peer communication and group communication).
more details :

3) SDES - SDES defines a key excahnge method for SRTP profile using SDP.
more details :

Where i can find all the details ?


© yankandpaste®

No comments: