Encrypted Key Transport for Secure RTP draft-mcgrew-srtp-ekt-00.txt David McGrew
Download
Report
Transcript Encrypted Key Transport for Secure RTP draft-mcgrew-srtp-ekt-00.txt David McGrew
Encrypted Key Transport
for Secure RTP
draft-mcgrew-srtp-ekt-00.txt
David McGrew
Flemming Andreasen
Lakshminath Dondeti
March 21, 2006
MSEC / IETF 65
1
Overview
• In-band keying, protected by separate RTP
session-level key
• Conveys SRTP master key and ROC
• Contains ‘Offer’ correlator
– Security Parameter Index (SPI)
• Indicates key scope
– Initial Sequence Number (ISN)
• Uses SRTCP Authentication Tag for transport
– Could use SRTP Auth Tag or Header Extension
March 21, 2006
MSEC / IETF 65
2
How it works
QuickTi me™ and a
TIFF ( Uncompressed) decompressor
are needed to see thi s pi ctur e.
SRTCP
Processing
SRTCP Packet
EKT Data
SRTP source
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
Session
Organizer
March 21, 2006
Qui ckTime™ and a
TIFF (U ncompr essed) decompressor
are needed to see thi s pi cture.
Decrypt
EKT key
MSEC / IETF 65
Master key
ROC
Initial SEQ
3
Authentication Tag Format
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
:
Base Authentication Tag
:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
:
Encrypted Master Key
:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Rollover Counter
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Initial Sequence Number
|
Security Parameter Index
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
March 21, 2006
MSEC / IETF 65
4
Architectural View
Signaling
EKT
SRTP
March 21, 2006
Establishes parameters and session keys
Invites members to SRTP session
Transports source keys, ROCs
Indicates ‘Offer’ in SPI
Indicates key scope
Protects media
Generates source keys as needed
MSEC / IETF 65
5
Late Joiners
SRTP
Quic kTime™ and a
TIFF (Unc ompres sed) dec ompres sor
are needed to see this pic ture.
Quic kTime™ and a
TIFF (Unc ompres sed) dec ompres sor
are needed to see this pic ture.
SRTCP
Sender
Reports
Quic kTime™ and a
TIFF (Unc ompres sed) dec ompres sor
are needed to see this pic ture.
Quic kTime™ and a
TIFF (Unc ompres sed) dec ompres sor
are needed to see this pic ture.
March 21, 2006
MSEC / IETF 65
6
Scalability
SRTP
Quic kTime™ and a
TIFF (Unc ompres sed) dec ompres sor
are needed to see this pic ture.
Quic kTime™ and a
TIFF (Unc ompres sed) dec ompres sor
are needed to see this pic ture.
Quic kTime™ and a
TIFF (Unc ompres sed) dec ompres sor
are needed to see this pic ture.
SRTCP
Quic kTime™ and a
TIFF (Unc ompres sed) dec ompres sor
are needed to see this pic ture.
March 21, 2006
MSEC / IETF 65
7
New RTP Sources
Quic kTime™ and a
TIFF (Unc ompres sed) dec ompres sor
are needed to see this pic ture.
Quic kTime™ and a
TIFF (Unc ompres sed) dec ompres sor
are needed to see this pic ture.
Signaling
Source A
{ Key A }EKT Key
Qu i ck Ti me ™a nd a
TIF F (Un co mpre ss ed )d ec omp res so r
a re ne ed ed to s ee th i s pi c tu re.
Source B
{ Key B }EKT Key
March 21, 2006
MSEC / IETF 65
8
Benefits
• EKT decouples SRTP from signaling
– Allows endpoints to start up (or rekey) SRTP
sources at will
– Allows participants to join sessions that are
already in progress
– No central coordination of ROCs, SSRCs, or
SRTP’s per-source master keys required
– Allows SRTP to indicate cryptosuite
• Solves SIP Early Media problem without Preconditions
March 21, 2006
MSEC / IETF 65
9
Benefits (continued)
• High scalability
– SRTCP receiver reports ‘carry own keys’
• Can work with any SRTP keying system
– Transports keys rather than setting them
• No extra round trips
• Benefits multiparty RTP
– SIP parallel forking
March 21, 2006
MSEC / IETF 65
10
EKT Limitations
• Requires SRTCP
– Could be extended to use SRTP
• Requires EKT secret keys established
through out-of-band means
– Could be extended to work with Diffie-Hellman
• Provides group security after SIP parallel fork
– But meets all SRTP security requirements
• Adds ~ 24 bytes to each SRTCP packet
• No parameter negotiation
March 21, 2006
MSEC / IETF 65
11
Future Work
• Standards track?
• Implement in libsrtp
– mpeg4ip integration
•
•
•
•
Incorporate feedback
Extend MIKEY bindings
Define bindings to DTLS-RTP and/or SDP DH
SRTP transport method
March 21, 2006
MSEC / IETF 65
12