Dan Wing dwing@cisco.com IETF83 - March 2012 RTCWEB Working Group Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past.

Slides:



Advertisements
Similar presentations
IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
Advertisements

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
© 2006 Solegy LLC Internal Use Only Getting Connected with SIP Encryption _______________________________ By Eric Hernaez Solegy LLC May 16, 2007.
SSH: An Internet Protocol By Anja Kastl IS World Wide Web Standards.
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
Circuit & Application Level Gateways CS-431 Dick Steflik.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
RTP Multiplexing draft-rosenberg-rtcweb-rtpmux Jonathan + {Rosenberg, Lennox}
Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
1 RTCWEB interim Remote recording use case / requirements John Elwell.
DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-91 Hawaii, Nov 12, 2014 Presenter: Tirumaleswar Reddy Authors: Ram Mohan, Tirumaleswar.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston.
RTCWEB Signaling Matthew Kaufman. Scope Web Server Browser.
Chapter 13 – Network Security
SIPREC Conference Recording (draft-kyzivat-siprec-conference-use-cases-01) IETF 89, March 7, 2014 Authors: Michael Yan, Paul Kyzivat, Simon Romano.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Session Recording Protocol Requirements IETF 75, Stockholm (Leon Portman on behalf of the team)
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
IETF70, Vancouver, December 2007draft-wing-sipping-srtp-key-021 Disclosing Secure RTP (SRTP) Session Keys draft-wing-sipping-srtp-key-02 Dan Wing,
Session Recording (SIPREC) Protocol (draft-ietf-siprec-protocol-09) Leon Portman Henry Lum
Peering: A Minimalist Approach Rohan Mahy IETF 66 — Speermint WG.
ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.
GROBJ Problem Statement – GROBJ BoF – IETF76 1 GROBJ BoF: Problem Statement Dan Wing, v0.3, revised: 2-Nov-2009.
IETF70, Vancouver, December 2007draft-wing-sip-identity-media-011 SIP Identity using Media Path draft-wing-sip-identity-media-01 Dan Wing,
Session-ID Requirements for Interim-3 draft-ietf-insipid-session-id-reqts-00 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel Kaplan.
SIPREC Conference Recording (draft-kyzivat-siprec-conference-use-cases-00) IETF 87, November 4, 2013 Authors: Michael Yan, Paul Kyzivat, Simon Romano.
1 Session Recording Protocol Requirements IETF 75, Stockholm (Leon Portman on behalf of the team) Draft authors: Rajnish Jain, Leon Portman, Vijay Gurbani,
1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.
Secure HTTP (HTTPS) Pat Morin COMP 2405.
Computer and Network Security
VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts.
Chapter 7 - Secure Socket Layer (SSL)
Data Virtualization Tutorial… SSL with CIS Web Data Sources
End-to-middle Security in SIP
IP Telephony (VoIP).
Virtual Private Networks
Encryption and Network Security
Cryptography and Network Security
CLUE WG Interim Meeting San Jose, CA Sept , 2012
Secure Sockets Layer (SSL)
Internet Security CS457 Seminar Zhao Cheng
Securing the Network Perimeter with ISA 2004
3 | Analyzing Server, Network, and Client Health
BINF 711 Amr El Mougy Sherif Ismail
Session Initiation Protocol (SIP)
Chapter 6: Network Layer
CSE 4095 Transport Layer Security TLS
Cryptography and Network Security
0x1A Great Papers in Computer Security
Cryptography and Network Security
Protocol ap1.0: Alice says “I am Alice”
Proposal for a Generic Emergency Call Support
Outline Using cryptography in networks IPSec SSL and TLS.
Internet Basics Videos
Protecting Yourself in a WebRTC World
Network Security 4/21/2019 Raj Rajarajan.
Unit 8 Network Security.
Advanced Computer Networks
VoIP Signaling Protocols Framework
Slides Credit: Sogand Sadrhaghighi
Cryptography and Network Security
An Architecture for Media Recording using the Session Initiation Protocol draft-ietf-siprec-architecture Andy Hutton
Lecture 36.
Lecture 36.
Presentation transcript:

Dan Wing dwing@cisco.com IETF83 - March 2012 RTCWEB Working Group Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past and the future Dan Wing dwing@cisco.com IETF83 - March 2012 v2

IETF83 – RTCWEB – Media Security Agenda Scope Upcoming Questions for Working Group RTP versus SRTP RTP, Recording, RTP versus SRTP Keying Intro to Security Descriptions & DTLS-SRTP Interworking SDESC and DTLS-SRTP using EKT Working Group Discussion IETF83 – RTCWEB – Media Security

Purpose of This Presentation DTLS-SRTP is best path forward DTLS-SRTP meets RTCWEB’s technical requirements Interoperation with existing SIP endpoints Best security we know how to build Allows adding identity IETF83 – RTCWEB – Media Security

Reading List: Keying Mechanisms (1/3) Security Descriptions, RFC4568 Sends SRTP session key over SIP signaling Also called SDES or SDESC DTLS-SRTP, RFC5763 and RFC5764 DTLS on media path establishes SRTP session key EKT, Encrypted Key Transport, draft-ietf-avt-srtp-ekt Group keying (and interoperation!) IETF83 – RTCWEB – Media Security

Reading List: Analysis of Keying Mechanisms (2/3) Requirements and Analysis of Media Security Management Protocols, RFC5479 Analyzed 15 SRTP keying mechanisms Many criteria: SIP forking, retargeting, call signaling versus media path, group keying Conclusion: best keying mechanism: DTLS-SRTP (Most deployed is Security Descriptions) more on that later IETF83 – RTCWEB – Media Security

Reading List: Identity (3/3) SIP Identity, RFC4474 Signs certain SIP headers and entire SDP SIP Identity using Media Path, draft-wing-rtcweb-identity-media/draft-wing-rtcweb-identity-media (2007) Signs certain SIP headers and a=fingerprint DTLS handshake and identity signature proves identity Cisco IPR statement, https://datatracker.ietf.org/ipr/1709 IETF83 – RTCWEB – Media Security

Model Provides ICE connectivity checks Media gateway Call Controller (SIP or proprietary) Web Server SIP signaling JSEP signaling media media Browser IP phone Often private address space SIP system IETF83 – RTCWEB – Media Security

Questions for working group IETF83 – RTCWEB – Media Security

Questions for Working Group At end of meeting, chairs will ask questions similar to: Should we allow RTP? For SRTP keying: Do we need Security Descriptions? IETF83 – RTCWEB – Media Security

IETF83 – RTCWEB – Media Security RTP versus srtp IETF83 – RTCWEB – Media Security

IETF83 – RTCWEB – Media Security RTP Pros Cons Interoperability Listening by good actors Debugging during development and deployment Listen for faults (e.g., echo) Modification by good actors Remove echo Transcoding Listening by attackers Modification by attackers Identity is difficult-to-impossible IETF83 – RTCWEB – Media Security

IETF83 – RTCWEB – Media Security RTP Interoperability Web Server SIP Proxy SIP JSEP SIP Browser IP phone RTP But IP phone probably doesn’t do ICE. So this slide is missing a media gateway IETF83 – RTCWEB – Media Security

IETF83 – RTCWEB – Media Security Debugging RTP is easier to debug But still needs a decoder (RTP is not ASCII) SRTP supports NULL ciphers Allows un-encrypted data on the wire Now looks like RTP on the wire IETF83 – RTCWEB – Media Security

IETF83 – RTCWEB – Media Security Protocol Complexity Allowing both RTP and SRTP increases complexity More code, more test cases IETF83 – RTCWEB – Media Security

IETF83 – RTCWEB – Media Security RTP Risks RTP for interoperability runs risks of RTP everywhere RTCWEB will be deployed everywhere Not solely on managed networks Coffee shop, attacker upstairs collecting traffic IETF83 – RTCWEB – Media Security

IETF83 – RTCWEB – Media Security SRTP Pros Cons Passive listeners need SRTP session keys Modification needs SRTP session keys Identity is possible depending on keying mechanism We have to choose keying mechanism(s) (more on that later) IETF83 – RTCWEB – Media Security

SRTP Interoperability This device is already present – Session Border Controller Web Server Media gateway SIP Proxy SIP JSEP SIP (S)RTP SRTP Browser IP phone Enterprise network IETF83 – RTCWEB – Media Security

IETF83 – RTCWEB – Media Security RECORDING IETF83 – RTCWEB – Media Security

Recording Some environments REQUIRE recording jails, stock broker, bank, travel agency Yet need to encrypt the audio and video attorney/client privilege, account number, credit card number, mother’s maiden name Attackers on internal network (ethernet sniffer, WiFi) Attackers on the Internet SIPREC allows recording SRTP-encrypted flows SRTP session keys are given to recorder

Independent Sessions CS = Content Session = Existing session to be recorded RS = Recording Session = Session established with the recorder Security requirements of CS != those of RS When SRTP used in CS, decryption/re-encryption may occur in RS

SBC Recording Model RS +-----------+ +-------- SIP ------->| | | | Session | | +----- [S]RTP ---->| Recording | | | | Server | | | +-- Metadata -->| | | | | +-----------+ | | | v v | +---------+ ADMINISTRATIVE DOMAIN | Session | |Recording| +---------+ | Client | +---------+ | |<---- SIP ---->| |<---- SIP ---->| | | UA-A | | SBC | | UA-B | | |<---- SRTP --->| |<---- SRTP --->| | +---------+ +---------+ +---------+ |_____________________________________________________________| CS SBC, acting as the forking point for the media to the recorder, MUST OWN the identity of UA-A, i.e., be IdP for UA-A

UA Recording Model ADMINISTRATIVE DOMAIN RS +-----------+ +-------- SIP ------->| | | | Session | | +----- [S]RTP ---->| Recording | | | | Server | | | +-- Metadata -->| | | | | +-----------+ v v | +---------+ | Session | |Recording| | Client | +---------+ | |<---- SIP ---->| | | UA-A | | UA-B | | |<---- SRTP --->| | +---------+ +---------+ |___________________________________| CS UA-A, acting as the forking point for the media to the recorder, MUST BE TRUSTED by the recorder to faithfully deliver the media.

Question for Working Group 15 minutes Is unsecured RTP necessary? IETF83 – RTCWEB – Media Security

Security Descriptions versus DTLS-SRTP IETF83 – RTCWEB – Media Security

IETF83 – RTCWEB – Media Security The Need for Identity Confidentiality is good (SDESC) But not good enough What if you’re talking to an attacker? Secure communications requires peer authentication (DTLS-SRTP) See EKR’s plenary presentation User authentication comes from IdP’s Facebook Connect, Twitter, Google+, etc. Increasingly used IETF83 – RTCWEB – Media Security

Why Consider Security Descriptions at all? Backwards compatibility IETF83 – RTCWEB – Media Security

Security Descriptions Interop Web Server SIP Proxy SIP JSEP + SDESC keys SIP + SDESC keys Browser IP phone SRTP But IP phone probably doesn’t do ICE. So this slide is missing a media gateway IETF83 – RTCWEB – Media Security

DTLS-SRTP and Security Descriptions Interop Web Server Media gateway SIP Proxy SIP JSEP + a=fingerprint SIP + SDESC keys SRTP DTLS handshake, SRTP Browser IP phone Media Gateway decrypts and re-encrypts SRTP going from Security Descriptions to DTLS-SRTP. Ouch!! IETF83 – RTCWEB – Media Security

Crypto Burden on Media Gateway Interworking DTLS-SRTP to Security Descriptions is CPU intensive SRTP from DTLS-SRTP end flows easily SRTP from SDESC end requires auth+decrypt, and encrypt+auth Reason: DTLS-SRTP handshake has both ends choose “half” of the SRTP key Solution: Allow each end can choose its own SRTP key, using EKT IETF83 – RTCWEB – Media Security

Encrypted Key Transport (EKT) draft-ietf-avt-srtp-ekt-03 Benefits: Key changes share fate w/ SRTP packet itself Immediate key changes (no signaling delay) Useful for group keying Operation: Encrypts the new SRTP key using another key Sends this key in SRTP (or SRTCP) packet IETF83 – RTCWEB – Media Security

IETF83 – RTCWEB – Media Security Using EKT for Interop Use EKT’s functionality to ease interop between DTLS-SRTP and Security Descriptions Mechanism: Send the Security Descriptions key using EKT Eliminates per-packet crypto for media gateway! Hurray! IETF83 – RTCWEB – Media Security

Enhancement to EKT for Interop Proposed by David McGrew on AVTCORE Current EKT specification replaces SRTP authentication tag with EKT tag Change: Retain SRTP authentication tag Benefit: Easy for media gateway DTLS-SRTP-EKT leg Security Descriptions leg Media gateway RTP header RTP header SRTP payload SRTP payload SRTP authentication tag SRTP authentication tag EKT tag IETF83 – RTCWEB – Media Security

DTLS-SRTP-EKT and Security Descriptions Interop Web Server Media gateway SIP Proxy SIP JSEP + a=fingerprint SIP + SDESC keys SRTP DTLS –SRTP-EKT, SRTP Browser IP phone IETF83 – RTCWEB – Media Security

SRTP Key Changes DTLS-SRTP-EKT Security Descriptions Re-INVITE, a=crypto Web Server Media gateway SIP Proxy SIP Re-INVITE, a=crypto JSEP + a=fingerprint SRTP EKT Key Browser IP phone IETF83 – RTCWEB – Media Security

SRTP Key Changes DTLS-SRTP-EKT Security Descriptions Re-INVITE, a=crypto Web Server Media gateway SIP Proxy SIP Re-INVITE, a=crypto JSEP + a=fingerprint SRTP EKT Key Browser IP phone IETF83 – RTCWEB – Media Security

Keying Comparison: DTLS-SRTP and SDESC Two RTPSEC BoFs Analyzed 15 keying mechanisms IETF66, July 2006 IETF68, March 2007 Result was for DTLS-SRTP Documented in RFC5479 IETF83 – RTCWEB – Media Security

Security Descriptions Pros Cons Widely deployed No additional round trips Trust every signaling hop with SRTP keys Log files Compromised host Perhaps this was acceptable within one administrative domain No forward secrecy Cannot add identity Insecure forking and retargeting IETF83 – RTCWEB – Media Security

IETF83 – RTCWEB – Media Security DTLS-SRTP-EKT Pros Cons Best security (RFC5479) Foundation for identity Using fingerprints Using IdP Group keying Fate sharing of SRTP key changes Additional round trips Little deployment of DTLS-SRTP(-EKT) Change to improve EKT interoperability is new IETF83 – RTCWEB – Media Security

Removing Barriers to DTLS Make the DTLS handshake shorter Use public keys instead of certificates DTLS-SRTP doesn’t use certs, anyway draft-ietf-tls-oob-pubkey Do part of DTLS handshake in ICE connectivity checks draft-thomson-rtcweb-ice-dtls DTLS session resumption? IETF83 – RTCWEB – Media Security

Summary of DTLS-SRTP-EKT Strongest security Allows building identity on top Interworks with Security Descriptions IETF83 – RTCWEB – Media Security

IETF83 – RTCWEB – Media Security Choices DTLS-SRTP-EKT only DTLS-SRTP-EKT and Security Descriptions DTLS-SRTP-EKT and Security Descriptions and RTP IETF83 – RTCWEB – Media Security

Discussion Diagram DTLS-SRTP-EKT Security Descriptions Web Server Media gateway SIP Proxy SIP JSEP + a=fingerprint SIP + SDESC keys SRTP DTLS –SRTP-EKT, SRTP Browser IP phone IETF83 – RTCWEB – Media Security

The End

IETF83 – RTCWEB – Media Security JUNK SLIDES IETF83 – RTCWEB – Media Security

RTCWEB Model Web Server SIP Session Border Controller SIP JSEP Browser IP phone media media IETF83 – RTCWEB – Media Security

Questions for Working Group 15 minutes SDESC or DTLS-SRTP RTP or SRTP SRTP STOP STOP IETF83 – RTCWEB – Media Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.