Presentation is loading. Please wait.

Presentation is loading. Please wait.

SDP Security Descriptions for Media Streams draft-ietf-mmusic-sdescriptions-02.txt November 14, 2003 Flemming Andreasen Mark Baugher.

Published byEleanore Armstrong Modified over 8 years ago

Similar presentations

Presentation on theme: "SDP Security Descriptions for Media Streams draft-ietf-mmusic-sdescriptions-02.txt November 14, 2003 Flemming Andreasen Mark Baugher."— Presentation transcript:

1 SDP Security Descriptions for Media Streams draft-ietf-mmusic-sdescriptions-02.txt November 14, 2003 Flemming Andreasen (fandreas@cisco.com) Mark Baugher (mbaugher@cisco.com) Dan Wing (dwing@cisco.com)

2 Overview of Changes Recap: –Establish secure media streams by sending security descriptions with ciphers, keys, etc. in SDP Generalize into a core framework and an SRTP- specific part: –High-level Operation and parameter definition –Use with Offer/Answer –Use outside Offer/Answer –Grammar Numerous editorial changes throughout

3 More Detailed Changes Offer/Answer highlights differences between unicast/multicast, and initial/subsequent offer. Rekeying addressed via offer/answer; everything can be changed (not just keys) Additional rules and considerations for communicating the SRTP SRC parameter (SSRC, SEQ, ROC). Removed SRTP “use” parameter (decryption, encryption or both) - now inferred from context Added Window-Size Hint and to SRTP profile

4 More Detailed Changes, cont. Extension rules: –Key methods (general) –SRTP crypto-suites –SRTP session parameters IANA considerations and registration procedures Updated grammar

5 Open Issues Multicast streams SRC Parameter (SSRC, ROC, SEQ) Hierarchical/layered encoding schemes “Use” parameter to specify encryption, decryption or both

6 Issue #1 - Multicast Streams Several problems: –Shared key versus per-participant specific key. –When key is shared we must ensure unique SSRCs: problematic unless we have other means available to ensure this (cf. issue #2 which has more multicast problems) –If per-participant specific key, then sdescriptions will need each participant to convey its key separately –Support for hierarchical/layered encoding schemes Unclear there is a single good solution for all of these that would work well across all multicast usage scenarios. Proposal:Leave multicast streams for further study.

7 Issue #2 - SRC Parameter Unique SSRC needed when master key is shared to prevent two-time pad issue ROC and SEQ needed for successful authentication and decryption but can in general not be derived algorithmically from the SRTP stream alone: –Consider a participant joining an existing session –Consider what happens when initial sequence number is close to wrapping and first few packets are lost SRC Parameter contains one or more of: –SSRC:Identifies the crypto context –Roll Over Counter (ROC) and Sequence Number (SEQ): Signals the current ROC and SEQ for a crypto context

8 Issue #2 - SRC parameter, cont. What does it mean to signal an SRC parameter ? –Meaning of SRC parameter is to instantiate a crypto context –In the multicast case, should we allow this as a way of instantiating crypto contexts for all the participants: Scaling issues - where do we draw the line ? Only works when key is shared between participants –Alternatively, should sdescriptions only be allowed to instantiate a single crypto context: Each participant will then have to send its own sdescription (which may or may not use a unique key) Should suffice for unicast (unless you want to have multiple SSRCs for a unicast session) For unicast, use of different encryption and decryption keys negates need for the SSRC part of the parameter.

9 Issue #2 - SRC parameter, cont. Handling “SRC collisions”, i.e. signaled SSRC collides with existing SSRC: –Currently, we simply reject such offers. –Would be nice if offerer understood why offer was rejected (especially in the multicast case) –Quickly end up duplicating normal RTP SSRC collision detection and resolution –Again, this is mostly an issue for multicast streams with many participants –For unicast, collision is easily resolved by simply picking another SSRC Proposal: Support unicast and singly single crypto context only. Consider removing SSRC part.

10 Issue #3: Hierarchical Streams Current draft does not consider hierarchical/layered encoding schemes Only an issue for multicast streams Proposal: Leave for further study for multicast.

11 Issue #4: “Use” Parameter “Use” parameter was removed: –Allowed a key to be specified as “encryption”, “decryption”, or “both” –Lead to more complicated offer/answer rules with additional room for errors. New rule is to infer usage from context: –Unicast offer contains offerer's encryption key –Unicast answer contains answerer's encryption key –Multicast offer and answer must use the same key (encryption and decryption) –Advertising just advertises the key Is there a need for the “use” parameter ? Proposal: Not needed for unicast.

12 Next Steps Propose to issue update without multicast No other known issues then Ready for WGLC ?

13 Security Preconditions for SDP Media Stream draft-andreasen-mmusic-securityprecondition-00.txt November 14, 2003 Flemming Andreasen (fandreas@cisco.com) Mark Baugher (mbaugher@cisco.com) Dan Wing (dwing@cisco.com)

14 Overview Problem –Offerer suggests more than one security description. –Answerer picks one and starts sending secure media accordingly. –Offerer receives secure media before answer and cannot determine which security description to use (crypto-suite, key, etc.) Solution –Define a security precondition (RFC 3312)

15 Next Steps Adopt as WG item ?

Download ppt "SDP Security Descriptions for Media Streams draft-ietf-mmusic-sdescriptions-02.txt November 14, 2003 Flemming Andreasen Mark Baugher."

Similar presentations

Re-INVITE Handling draft-camarillo-sipping-reinvite-00.txt

Re-INVITE Handling draft-camarillo-sipping-reinvite-00.txt
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
RTP Payload Format for Multiple Flows FEC draft-peck-fecframe-rtp-mf-00 Orly Peck, RADVISION IETF 76 – November 2009.

RTP Payload Format for Multiple Flows FEC draft-peck-fecframe-rtp-mf-00 Orly Peck, RADVISION IETF 76 – November 2009.
Mobility Solutions BCMCS Key Derivation Procedure Harmonization with IETF SRTP.

Mobility Solutions BCMCS Key Derivation Procedure Harmonization with IETF SRTP.
RTP: A Transport Protocol for Real-Time Applications Provides end-to-end delivery services for data with real-time characteristics, such as interactive.

RTP: A Transport Protocol for Real-Time Applications Provides end-to-end delivery services for data with real-time characteristics, such as interactive.
1 SIPREC Protocol (draft-ietf-siprec-protocol-06) August 3, 2012 IETF 84 Authors: L. Portman, H. Lum, A. Johnston, A. Hutton, C. Eckel.

1 SIPREC Protocol (draft-ietf-siprec-protocol-06) August 3, 2012 IETF 84 Authors: L. Portman, H. Lum, A. Johnston, A. Hutton, C. Eckel.
Session Announcement Protocol Colin Perkins University College London.

Session Announcement Protocol Colin Perkins University College London.
Real-time Transport Protocol (RTP) Recommendations for SIPREC (draft-eckel-siprec-rtp-rec-01) Charles Eckel IETF-81, Quebec City, July.

Real-time Transport Protocol (RTP) Recommendations for SIPREC (draft-eckel-siprec-rtp-rec-01) Charles Eckel IETF-81, Quebec City, July.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
RTP: A Transport Protocol for Real-Time Applications

RTP: A Transport Protocol for Real-Time Applications
Introduction to SDP Issues. Content Background Goals SDP Primer RTP Primer Use cases “New” Functionalities in SDP Multiple RTP Streams in SDP Decision.

Introduction to SDP Issues. Content Background Goals SDP Primer RTP Primer Use cases “New” Functionalities in SDP Multiple RTP Streams in SDP Decision.
1 SIPREC Recording Metadata format (draft-ram-siprec-metadata-format- 01) IETF-80 SIPREC MEETING R Parthasarathi On behalf of the team Team: Paul Kyzivat,

1 SIPREC Recording Metadata format (draft-ram-siprec-metadata-format- 01) IETF-80 SIPREC MEETING R Parthasarathi On behalf of the team Team: Paul Kyzivat,
ECE 424 Embedded Systems Design Networking Connectivity Chapter 12 Ning Weng.

ECE 424 Embedded Systems Design Networking Connectivity Chapter 12 Ning Weng.
July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston.

July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston.
1 Accounting, Authentication and Authorization Issues in “Well Managed” IP Multicasting Services November 9, 2005 Tsunemasa Hayashi

1 Accounting, Authentication and Authorization Issues in “Well Managed” IP Multicasting Services November 9, 2005 Tsunemasa Hayashi
Audio/Video Transport Working Group 44th IETF, Minneapolis 17-18 March 1999 Stephen Casner -- Cisco Systems Colin Perkins -- UCL Mailing list:

Audio/Video Transport Working Group 44th IETF, Minneapolis March 1999 Stephen Casner -- Cisco Systems Colin Perkins -- UCL Mailing list:
EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.
SIPREC Conference Recording (draft-kyzivat-siprec-conference-use-cases-01) IETF 89, March 7, 2014 Authors: Michael Yan, Paul Kyzivat, Simon Romano.

SIPREC Conference Recording (draft-kyzivat-siprec-conference-use-cases-01) IETF 89, March 7, 2014 Authors: Michael Yan, Paul Kyzivat, Simon Romano.
Roni Even Jonathan Lennox Mapping RTP streams to CLUE media captures draft-even-clue-rtp-mapping-03 IETF-84.

Roni Even Jonathan Lennox Mapping RTP streams to CLUE media captures draft-even-clue-rtp-mapping-03 IETF-84.
Real Time Protocol (RTP) 2006. 5. 16 김 준

Real Time Protocol (RTP) 김 준

Similar presentations

Ads by Google