RTP Encryption for 3G Networks Rolf Blom, Elisabetta Carrara, Karl Norrman, Mats Näslund Communications Security Lab Ericsson.

Slides:

Advertisements

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

Advertisements

Encrypting Wireless Data with VPN Techniques

IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.

Robust Header Compression Mikael Degermark Co-chair, ROHC WG (to be) University of Arizona/ Ericsson Research.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Impacts of Security Protocols on Real- time Multimedia Communications Kihun Hong 1, Souhwan Jung 1, Luigi Lo Iacono 2, Christoph.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

1 Solutions to Performance Problems in VOIP over Wireless LAN Wei Wang, Soung C. Liew Presented By Syed Zaidi.

Activities in the field of header compression. Center for TeleInFrastructure 2 ROHC working group RFC 3095 ROHC (Framework + RTP. UDP, ESP, uncompressed)

1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Cooperative Header Compression F.H.P. Fitzek and T. K. Madsen and P. Popovski and R. Prasad and M. Katz. Cooperative IP Header Compression for Parallel.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.

Investigation of Media Streaming Service in Secure Access Network Binod Vaidya Institute of Engineering Tribhuvan University Nepal

1 TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Hai Yan Computer Science & Engineering University of Connecticut.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CSCE 715: Network Systems Security

IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.

Karlstad University IP security Ge Zhang

Network Security David Lazăr.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

Measuring of the time consumption of the WLAN’s security functions Jaroslav Kadlec, Radek Kuchta, Radimír Vrba Dept. of Microelectronics.

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.

1 Integrating security in a quality aware multimedia delivery platform Paul Koster 21 november 2001.

TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.

Overview of ROHC framework

IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

Dec GPP2 TSG-X PDS 1 BCMCS Higher-Layer Encryption Raymond Hsu, Jun Wang Qualcomm Inc. Dec Notice QUALCOMM Incorporated grants a free, irrevocable.

PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.

Virtual Private Networks Ed Wagner CS Overview Introduction Types of VPNs Encrypting and Tunneling Pro/Cons the VPNs Conclusion.

Cryptography and Network Security (CS435) Part Thirteen (IP Security)

802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.

IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

1 0-Byte Header Reduction Mechanism Fundamentals.

New Efficient Image Encryption Scheme Based on Partial Encryption Karl Martin Multimedia Lab Dept. of Electrical and Computer Eng. University of Toronto.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Network Layer Security Network Systems Security Mort Anvari.

IPSEC Modes of Operation. Breno de MedeirosFlorida State University Fall 2005 IPSEC  To establish a secure IPSEC connection two nodes must execute a.

Air-Interface Application Layer Security (A 2 LS) Wireless secure communications group, Whippany.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

Securing Access to Data Using IPsec Josh Jones Cosc352.

@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.

Lucent Technologies – Proprietary Use pursuant to company instruction Air-Interface Application Layer Security (A 2 LS) Wireless secure communications.

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

Encryption and Network Security

TinySec: Security for TinyOS

Internet and Intranet Fundamentals

IPSec IPSec is communication security provided at the network layer.

Security Of Wireless Sensor Networks

Security of Wireless Sensor Networks

Presentation transcript:

RTP Encryption for 3G Networks Rolf Blom, Elisabetta Carrara, Karl Norrman, Mats Näslund Communications Security Lab Ericsson

“Conversational Multimedia Security in 3G Networks” draft-blom-cmsec-3G-00.txt “RTP Encryption for 3G Networks” draft-blom-rtp-encrypt-00.txt

to end up with a service as attractive as today’s CS (cost and speech quality) Objective Confidentiality of media streams in Conversational Multimedia scenarios (cellular environment)

Scenario Conversational Multimedia IP-all-the-way Heterogeneous environment (including wireless)

Requirements for the encryption scheme Target BER over the air link  error-robustness Delay (processing time, thin client)  efficiency Packet-loss and non-ordered delivery (IP)  "fast-forward/rewind" property Classification and demux of the traffic  selective payload encryption

Requirements (cont.) Bandwidth  message-size expansion and added fields limitation Header Compression (ROHC)  unencrypted IP/UDP/RTP headers Unequal Error Protection  UEP classes independence

Message Integrity and Authentication Two issues: bandwidth consumption (96/128/160 bits of MAC) even using a very short MAC (with lower security), still it has cost impact, and what should it cover? Message integrity and authentication as optional

IPsec Applicability IPsec is the promising security solution for the All-IP scenario and ROHC supports IPsec hc but ‘transport ESP’ – the most efficient ROHC profile does not work –IPsec header ‘tunnel ESP’ –header overhead AH and ESP+NULL –bandwidth

Encryption Algorithm BLOCK CIPHERS STREAM CIPHERS BLOCK CIPHERS used as STREAM ( ) Cons: padding, error prop if random-access property

Conclusions We have to accept the cost/security trade-off to get an attractive service We go for –application encryption –only the RTP payload is encrypted –a block cipher used as a stream cipher –careful analysis of message authentication usage We promote the use of security profiles.

Our proposal Objective: confidentiality of the media session Use the f8 mode of operation with AES It satisfies all the requirements, plus it is flexible (any secure block cipher as core) and the sync is given by the IV on a per- packet base

IV m k AES in f8-mode AES ct=2ct=1 AES From the RTP header 128 bits, may be the same for all RTP sessions  media session Public sec evaluation doc available

Open issues Adding a MAC per-packet is unacceptable for cost (optional) realtime aspects + f8 sync mechanism make attacks difficult, at least in conversational multimedia the main danger (as usual): DoS RTCP key management

Implementation Running testbed AES/Rijndael Mbit/s 6 microsec initialization

Conclusions Our proposal {f8+AES on RTP payload} as a low cost method, to allow full hc, and low complexity implementation RTPEncrypt achieves confidentiality of the media session also in the most demanding scenario (conversational multimedia) local policies decide the sec scheme (profiles)

RTPEncrypt and SRTP Similarities confidentiality by per- packet appl of block cipher bandwidth saving (hc) low computational cost Differences f8 vs CTM authentication cost RTCP keying