Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Technical Review of ROC, Cryptographic Context, Indices, and Sliding Windows.

Published byEmerald Paul Modified over 9 years ago

Similar presentations

Presentation on theme: "A Technical Review of ROC, Cryptographic Context, Indices, and Sliding Windows."— Presentation transcript:

1 A Technical Review of ROC, Cryptographic Context, Indices, and Sliding Windows

2 SIPS (or SIP over TLS)  Per Hop Encryption of Transport SRTP SRTP  End-to-End Protection of Media Content  Provides Confidentiality, Message Authentication, and Replay Protection  Encryption for Confidentiality  Keyed Hash Function for Message Authentication  Counters for Replay Protection

3  Packet stored by an adversary, and then injected back into the network.  Example - storing video of a surveillance camera and injecting it to the monitoring station to avoid surveillance  Message authentication provides integrity but is not enough

4  Sequence Number  ROC (Rollover Counter)  Cryptographic Context  Implicit Index  Replay List  Sliding Window Algorithm

5  Sequence Number (SEQNUM) = 16- bits  Incremented up to 65,535 (64-bits)  Defined in the SRTP header

6

7  32-Bit Unsigned Counter  Number of Times Sequence Number Reset to Zero (After Passing Through 65,535)  Incremented By “1” When Wrapped  Maintained By SRTP (Not in the Header)

8  SRTP Creates Implicit Index from Values in the Cryptographic Context  Includes State Information to Define Proper Security Measures  16-bit Sequence Number  Also the Highest Received SRTP Sequence Number

9  Implicit (Not Carried in the Packet)  ROC + Sequence Number  48-bit (SEQNUM 16 + ROC 32)  Per Packet Basis  Also Used to Create Session Key for Encryption and Authentication  Index = 2^16 * ROC + SEQNUM

10  Receiver Calculates Implicit Index  Determines if Unique Before Accepting the Packet  Only Accepts if Within Sliding Window  Compares Index and Last Index (contained in Cryptographic Context)

11  Maintained Only by Receiver  SRTP Has to Provide Authentication and Replay Protection  Contains Indices of Recently Received and Authenticated SRTP Packets

12 Default Window Size is 64 - If the attacker chooses a sequence number at random, and the window size is 64, there is a 99.9-percent likelihood (1–64/2 16 ) that the packet will be discarded

13  Only packets with index ahead of the window, or, inside the window but not already received, SHALL be accepted.  Packets with sequence numbers < 64 packets behind the highest-numbered packet will be discarded  Packets > 64 packets ahead of the window are discarded  Discarded if “RECEIVED?” Bit = Set  Packets Within the Window Accepted  Packets Higher Than the Window Causes It to Advanced

14

15  Receiver’s Window Size (RWS)  Packets Arrive Out of Order  Sequence Number May Have Wrapped  32,768 (half of 16 bit)  Also Packet Loss and Bit Errors

16 Karen Lugo April 8, 2013 CSCI e 139

Download ppt "A Technical Review of ROC, Cryptographic Context, Indices, and Sliding Windows."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
CSCE 715: Network Systems Security

CSCE 715: Network Systems Security
RSVP Cryptographic Authentication ...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.

RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.
Impacts of Security Protocols on Real- time Multimedia Communications Kihun Hong 1, Souhwan Jung 1, Luigi Lo Iacono 2, Christoph.

Impacts of Security Protocols on Real- time Multimedia Communications Kihun Hong 1, Souhwan Jung 1, Luigi Lo Iacono 2, Christoph.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
IPSec Isaac Ghansah.

IPSec Isaac Ghansah.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.

16-1 Last time Internet Application Security and Privacy Authentication Security controls using cryptography Link-layer security: WEP.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

Similar presentations

Ads by Google