Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SIP Requirements for SRTP Keying Dan Wing IETF 66 v4.

Published byLeslie Alexander Modified over 9 years ago

Similar presentations

Presentation on theme: "1 SIP Requirements for SRTP Keying Dan Wing IETF 66 v4."— Presentation transcript:

1 1 SIP Requirements for SRTP Keying Dan Wing dwing@cisco.com IETF 66 v4

2 2 SIP Requirements for SRTP Keying 1.SIP Forking and Retargeting 2.Avoid Clipping Media Before SDP Answer 3.Best-Effort Encryption 4.Shared-Key Conferencing 5.Attack Protection 6.Perfect Forward Secrecy 7.Future Algorithms 8.Computational Effort when Forking 9.Self-Signed Certificates 10.Rekeying 11.SSRC/ROC signaling 12.Clock Synchronization

3 3 Presentation Format 3 minutes: Present requirement 2 minutes: Microphone Discussion 1 minute: Hum vote MUST/SHOULD/MAY –Votes drive requirements for protocol design

4 4 1. SIP Forking and Retargeting

5 5 Review: SIP Forking AliceAtlantaBiloxi Bob INVITE OK Carol INVITEOK SRTP Alice/Bob and Alice/Carol need different keys

6 6 Offerer doesn’t know final target Review: SIP Retargeting draft-ietf-sip-certs AliceProxy Bob INVITE 3xx redirect OK Carol INVITE OK

7 7 SIP Forking & Retargeting Requirements (1/3) Forking and Retargeting MUST be possible when all endpoints are SRTP? –Retargeting: offerer doesn’t know final target

8 8 SIP Forking & Retargeting Requirements (2/3) Forking and Retargeting MUST allow establishing SRTP or RTP with mixed of SRTP- and RTP-capable targets

9 9 SIP Forking & Retargeting Requirements (3/3) Forking and Retargeting MUST/SHOULD be secured –Immediately? –Can we do RTP for “a while” and upgrade to SRTP? –Can other forks and other targets see keys?

10 10 2. Avoid Clipping Media Before SDP Answer

11 11 Avoid Clipping Media Before SDP Answer AliceBiloxiBob INVITE SRTP (before SDP Answer) Provisional ACK (Ringing) OK (containing SDP answer) SRTP (Two-Way) (Bob answers) avoid clipping Provisional ACK (Ringing)

12 12 Avoid Clipping MUST/SHOULD avoid clipping without additional SIP signaling? –Without PRACK (RFC3262) –Without Security Preconditions (-mmusic- securityprecondition)

13 13 3. Best-Effort Encryption

14 14 Retargeting: If one party doesn’t understand RTP/SAVP, Bad Things Happen –entire call fails or –Quietly re-Invite on error Re-alert called party Additional signaling, additional user-noticed latency Security Preconditions helps, but doesn’t cure Best Effort Encryption

15 15 Best Effort Encryption AliceProxy Bob’s phone RTP only INVITE SRTP OK Bob’s voicemail with SRTP NAK AliceProxy Bob’s phone with SRTP INVITE SRTP NAK Bob’s voicemail RTP only INVITE SRTP NAK CANCEL

16 16 Best Effort Encryption OfferAnswererSession RTP SRTPRTP SRTPRTP SRTP MUST provide mechanism for non-SRTP-aware answerers to use RTP?

17 17 4. Shared-Key Conferencing

18 18 Shared-Key Conferencing Alice BobSam Conference Bridge Alice Talks Different SRTP key for each participant Unique key conferencing Key=B Key=S AliceBob Sam Router or Conference Bridge Multicast or unicast Shared key conferencing Alice Talks Key=C

19 19 Shared-Key Conferencing Requirement Useful application: push-to-talk groups MUST/SHOULD support shared-key conferencing? MUST/SHOULD allow initiator to indicate the shared key? MUST/SHOULD allow terminator to indicate shared key? MUST/SHOULD allow either?

20 20 4. Attack Protection

21 21 Attack Protection Attacker can include SIP proxies Passive Attacker –Attacker sniffs signaling or media streams Active Attacker –Attacker modifies packets SIP, SDP, or media-path packets Example: downgrade security

22 22 Attack Protection Requirements MUST protect against passive attack? –afterall, that’s why we’re doing SRTP SHOULD/MUST protect against active attack?

23 23 6. Perfect Forward Secrecy

24 24 Perfect Forward Secrecy Disclosure of private key doesn’t disclose all previous and all future sessions –typically uses Diffie-Hellman operation MUST be able to establish PFS?

25 25 7. Future Algorithm Negotiation

26 26 Future Algorithm Negotiation Computationally expensive offers are computationally expensive! –Example:Offer with MIKEY-RSA, MIKEY- RSA-R, and SRTP with AES and SRTP with AES MUST offer multiple SRTP cipher suites without additional computational expense –SRTP with ECC –SRTP with SHA-256

27 27 8. Computational Effort when Forking

28 28 Computational Effort when Forking Forking can cause multiple Answers. If these answers require computational effort to process, the offerer can be swamped. Offerer SHOULD (MUST?) be able to associate SDP answer with incoming SRTP flow.

29 29 9. Self-Signed Certificates

30 30 Self-Signed Certificate Endpoints might have self-signed certificates MUST operate with self-signed certificates

31 31 10. Rekeying

32 32 Rekeying MUST support rekeying SHOULD/MUST support rekeying without a re-INVITE? –We have separate dialogs, but additional signaling isn’t desirable

33 33 11. SSRC and Rollover Counter (ROC)

34 34 SSRC / Rollover Counter (ROC) Call setup entity may not always be aware of SSRC values or ROC value Signaling SSRC duplicates RTP’s SSRC collision detection Late joiners –Use their own SSRCs SSRCs –Need to learn ROC MUST NOT signal SSRC SDP? MUST NOT require signaling ROC?

35 35 12. Clock Synchronization

36 36 Clock Synchronization MUST NOT require synchronized clocks?

37 37 The End

Download ppt "1 SIP Requirements for SRTP Keying Dan Wing IETF 66 v4."

Similar presentations

Re-INVITE Handling draft-camarillo-sipping-reinvite-00.txt

Re-INVITE Handling draft-camarillo-sipping-reinvite-00.txt
SIP Interconnect Guidelines draft-hancock-sip-interconnect-guidelines-02 David Hancock, Daryl Malas.

SIP Interconnect Guidelines draft-hancock-sip-interconnect-guidelines-02 David Hancock, Daryl Malas.
Non-200 response to PRACK (Due to rejected SDP offer or other reasons) Christer Holmberg

Non-200 response to PRACK (Due to rejected SDP offer or other reasons) Christer Holmberg
Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.

Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.
Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,

Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,
Overview of SIP Media Security Options

Overview of SIP Media Security Options
SIP and ’call flows’ A special type of MSC as used by IETF This differ from the MSC-standard Z.120 as thought in ttm4115 Lill Kristiansen.

SIP and ’call flows’ A special type of MSC as used by IETF This differ from the MSC-standard Z.120 as thought in ttm4115 Lill Kristiansen.
July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
IETF 91 DISPATCH draft-jesske-dispatch-forking- answer-correlation-02 Roland Jesske.

IETF 91 DISPATCH draft-jesske-dispatch-forking- answer-correlation-02 Roland Jesske.
SIP Testing Methodology Elie Cohen ProLab PM 17/01/2003.

SIP Testing Methodology Elie Cohen ProLab PM 17/01/2003.
SIPPING 5/6/02 Meetingdraft-ietf-sipping-service-examples-01.txt1 Open Issues in SIP Service Examples Recent Changes Added SUBSCRIBE/NOTIFY using Dialog.

SIPPING 5/6/02 Meetingdraft-ietf-sipping-service-examples-01.txt1 Open Issues in SIP Service Examples Recent Changes Added SUBSCRIBE/NOTIFY using Dialog.
Session Initiation Protocol (SIP) By: Zhixin Chen.

Session Initiation Protocol (SIP) By: Zhixin Chen.
ICE Jonathan Rosenberg dynamicsoft. Issue 1: Port Restricted Flow This case does not work well with ICE right now Race condition –Works if message 13.

ICE Jonathan Rosenberg dynamicsoft. Issue 1: Port Restricted Flow This case does not work well with ICE right now Race condition –Works if message 13.
An Introduction to SIP Moshe Sambol Services Research Lab November 18, 1998.

An Introduction to SIP Moshe Sambol Services Research Lab November 18, 1998.
1 Extending SIP Speaker: Hsuan-Ming Chen Adviser: Ho-Ting Wu Date: 2005/04/26.

1 Extending SIP Speaker: Hsuan-Ming Chen Adviser: Ho-Ting Wu Date: 2005/04/26.
Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.

Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.
SIP-SAML assisted Diffie-Hellman MIKEY IETF 65 MSEC Mar 21, 2006 Robert Moskowitz.

SIP-SAML assisted Diffie-Hellman MIKEY IETF 65 MSEC Mar 21, 2006 Robert Moskowitz.
End-to-End SIP Session-ID at IETF84 draft-jones-insipid-session-id-00 1 August 2012 James Polk, Paul Jones Gonzalo Salgueiro, Chris Pearce.

End-to-End SIP Session-ID at IETF84 draft-jones-insipid-session-id-00 1 August 2012 James Polk, Paul Jones Gonzalo Salgueiro, Chris Pearce.
Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.

Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.

Similar presentations

Ads by Google