Securing VOIP Secure RealTime Protocol: SRTP - PowerPoint PPT Presentation

1 / 24

About This Presentation

Title:

Securing VOIP Secure RealTime Protocol: SRTP

Description:

Communicates with Windows Messenger. Compare various User Agents. Internet Measurements. Collect data on a live network. SIP Menu Development. Mimic Windows Messenger ... – PowerPoint PPT presentation

Number of Views:1205

Avg rating:5.0/5.0

Slides: 25

Provided by: annama4

Category:

more less

Transcript and Presenter's Notes

Title: Securing VOIP Secure RealTime Protocol: SRTP

1
Securing VOIP(Secure Real-Time Protocol SRTP)

Towson University
Andre Alexander
May 4, 2007

2
Overview

VOIP Foundation
IP Switched Telephone Network
VOIP Channels
SIP/SDP
Sample Packet
RTP
VOIP Call Flow (SIP/SDP with RTP)
SRTP
SRTP Transforms, Crypto Context
SRTP Processing
Sender
Receiver
Key Management (SDP)
Types of Implementations
Current Projects
Next Steps

3
IP Switched Telephone Network
4
VOIP Channels

Signaling channel (SIP/SDP)
Media channel (RTP)

End to End
Hop to Hop
5
Session Initiation Protocol/Session Description
Protocol

SIP
SIP supports five facets of establishing and
terminating multimedia communications
User location determination of the end system to
be used for communication
User availability determination of the
willingness of the called party to engage in
communications
User capabilities determination of the media and
media parameters to be used
Session setup "ringing", establishment of
session parameters at both called and calling
party
Session management including transfer and
termination of sessions, modifying session
parameters, and invoking services.
SDP
The Session Description Protocol (SDP) describes
multimedia sessions for the purpose of session
announcement, session invitation and other forms
of multimedia session initiation.

6
SIP/SDP Sample Packet
INVITE sipUAB_at_example.com SIP/2.0 Via
SIP/2.0/UDP 10.20.30.405060 From UserA
ltsipUAA_at_example.comgttag589304 To UserB
ltsipUAB_at_example.comgt Call-ID
8204589102_at_example.com CSeq 1 INVITE Contact
ltsipUserA_at_10.20.30.40gt Content-Type
application/sdp Content-Length 141 v0
oUserA 2890844526 2890844526 IN IP4 10.20.30.40
sSession SDP cIN IP4 10.20.30.40 t0 0
maudio 49170 RTP/AVP 0 artpmap0 PCMU/8000
7
Real-Time Transport Protocol

RTP
Real Time Transport Protocol (RTP) is a general
purpose protocol used mainly for streaming
multimedia applications live radio and
television broadcast, webcast concerts, and video
conferencing. Defines a standardized packet
format for delivering audio and video over the
Internet.
Payload-type identification - Indication of what
kind of content is being carried
Sequence numbering
Time stamping - allow synchronization and jitter
calculations
RTP Packet Format

8
Typical VOIP Call Flow
9
Secure Real-Time Transport Protocol

SRTP
The Secure Real-time Transport Protocol (or SRTP)
defines a profile of RTP (Real-time Transport
Protocol), intended to provide encryption,
message authentication and integrity, and replay
protection to the RTP data in both unicast and
multicast applications.
SRTP Packet format

10
SRTP Transforms
SRTP Crypto Context

Encryption Key
Salt Key
Message authentication Key
32 bit rollover counter
Sequence number
SSRC
Replay list (maintained by receiver only)

11
SRTP Processing
Master Salt
12
SRTP Sender Processing
Assuming initialization of the cryptographic
context(s) has taken place via key management,
the sender SHALL do the following to construct an
SRTP packet 1. Determine which cryptographic
context to use as described in Section 3.2.3.
2. Determine the index of the SRTP packet using
the rollover counter, the highest sequence number
in the cryptographic context, and the sequence
number in the RTP packet, as described in Section
3.3.1. 3. Determine the master key and master
salt. This is done using the index determined in
the previous step or the current MKI in the
cryptographic context, according to Section 8.1.
4. Determine the session keys and session salt
(if they are used by the transform) as described
in Section 4.3, using master key, master salt,
key_derivation_rate, and session key-lengths in
the cryptographic context with the index,
determined in Steps 2 and 3.
13
SRTP Sender Processing (cont)
5. Encrypt the RTP payload to produce the
Encrypted Portion of the packet (see Section 4.1,
for the defined ciphers). This step uses the
encryption algorithm indicated in the
cryptographic context, the session encryption key
and the session salt (if used) found in Step 4
together with the index found in Step 2. 6. If
the MKI indicator is set to one, append the MKI
to the packet. 7. For message authentication,
compute the authentication tag for the
Authenticated Portion of the packet, as described
in Section 4.2. This step uses the current
rollover counter, the authentication algorithm
indicated in the cryptographic context, and the
session authentication key found in Step 4.
Append the authentication tag to the packet. 8.
If necessary, update the ROC as in Section 3.3.1,
using the packet index determined in Step 2.
14
SRTP Receiver Processing
To authenticate and decrypt an SRTP packet, the
receiver SHALL do the following 1. Determine
which cryptographic context to use as described
in Section 3.2.3. 2. Run the algorithm in
Section 3.3.1 to get the index of the SRTP
packet. The algorithm uses the rollover counter
and highest sequence number in the cryptographic
context with the sequence number in the SRTP
packet, as described in Section 3.3.1. 3.
Determine the master key and master salt. If the
MKI indicator in the context is set to one, use
the MKI in the SRTP packet, otherwise use the
index from the previous step, according to
Section 8.1. 4. Determine the session keys, and
session salt (if used by the transform) as
described in Section 4.3, using master key,
master salt, key_derivation_rate and session
key-lengths in the cryptographic context with the
index, determined in Steps 2 and 3.
15
SRTP Receiver Processing (cont)
5. For message authentication and replay
protection, first check if the packet has been
replayed (Section 3.3.2), using the Replay List
and the index as determined in Step 2. If the
packet is judged to be replayed, then the packet
MUST be discarded, and the event SHOULD be
logged. Next, perform verification of the
authentication tag, using the rollover counter
from Step 2, the authentication algorithm
indicated in the cryptographic context, and the
session authentication key from Step 4. If the
result is "AUTHENTICATION FAILURE" (see Section
4.2), the packet MUST be discarded from further
processing and the event SHOULD be logged. 6.
Decrypt the Encrypted Portion of the packet (see
Section 4.1, for the defined ciphers), using the
decryption algorithm indicated in the
cryptographic context, the session encryption key
and salt (if used) found in Step 4 with the index
from Step 2. 7. Update the rollover counter and
highest sequence number, s_l, in the
cryptographic context as in Section 3.3.1, using
the packet index estimated in Step 2. If replay
protection is provided, also update the Replay
List as described in Section 3.3.2. 8. When
present, remove the MKI and authentication tag
fields from the packet.
16
Key Management

SDP (SDES) Offer /Answer

17
SDP with Security Descriptions

inline
Defines Key-Parameters
Master Key
Master Salt
Key Lifetime
acrypto
Describes the cryptographic suite, key
parameters, and session parameters for the
preceding unicast media line.

18
SRTP Recap