Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dan Wing dwing@cisco.com IETF83 - March 2012 RTCWEB Working Group Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past.

Published byBerenice McBride Modified over 6 years ago

Similar presentations

Presentation on theme: "Dan Wing dwing@cisco.com IETF83 - March 2012 RTCWEB Working Group Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past."— Presentation transcript:

1 Dan Wing dwing@cisco.com IETF83 - March 2012
RTCWEB Working Group Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past and the future Dan Wing IETF83 - March 2012 v2

2 IETF83 – RTCWEB – Media Security
Agenda Scope Upcoming Questions for Working Group RTP versus SRTP RTP, Recording, RTP versus SRTP Keying Intro to Security Descriptions & DTLS-SRTP Interworking SDESC and DTLS-SRTP using EKT Working Group Discussion IETF83 – RTCWEB – Media Security

3 Purpose of This Presentation
DTLS-SRTP is best path forward DTLS-SRTP meets RTCWEB’s technical requirements Interoperation with existing SIP endpoints Best security we know how to build Allows adding identity IETF83 – RTCWEB – Media Security

4 Reading List: Keying Mechanisms (1/3)
Security Descriptions, RFC4568 Sends SRTP session key over SIP signaling Also called SDES or SDESC DTLS-SRTP, RFC5763 and RFC5764 DTLS on media path establishes SRTP session key EKT, Encrypted Key Transport, draft-ietf-avt-srtp-ekt Group keying (and interoperation!) IETF83 – RTCWEB – Media Security

5 Reading List: Analysis of Keying Mechanisms (2/3)
Requirements and Analysis of Media Security Management Protocols, RFC5479 Analyzed 15 SRTP keying mechanisms Many criteria: SIP forking, retargeting, call signaling versus media path, group keying Conclusion: best keying mechanism: DTLS-SRTP (Most deployed is Security Descriptions) more on that later IETF83 – RTCWEB – Media Security

6 Reading List: Identity (3/3)
SIP Identity, RFC4474 Signs certain SIP headers and entire SDP SIP Identity using Media Path, draft-wing-rtcweb-identity-media/draft-wing-rtcweb-identity-media (2007) Signs certain SIP headers and a=fingerprint DTLS handshake and identity signature proves identity Cisco IPR statement, IETF83 – RTCWEB – Media Security

7 Model Provides ICE connectivity checks Media gateway
Call Controller (SIP or proprietary) Web Server SIP signaling JSEP signaling media media Browser IP phone Often private address space SIP system IETF83 – RTCWEB – Media Security

8 Questions for working group
IETF83 – RTCWEB – Media Security

9 Questions for Working Group
At end of meeting, chairs will ask questions similar to: Should we allow RTP? For SRTP keying: Do we need Security Descriptions? IETF83 – RTCWEB – Media Security

10 IETF83 – RTCWEB – Media Security
RTP versus srtp IETF83 – RTCWEB – Media Security

11 IETF83 – RTCWEB – Media Security
RTP Pros Cons Interoperability Listening by good actors Debugging during development and deployment Listen for faults (e.g., echo) Modification by good actors Remove echo Transcoding Listening by attackers Modification by attackers Identity is difficult-to-impossible IETF83 – RTCWEB – Media Security

12 IETF83 – RTCWEB – Media Security
RTP Interoperability Web Server SIP Proxy SIP JSEP SIP Browser IP phone RTP But IP phone probably doesn’t do ICE. So this slide is missing a media gateway IETF83 – RTCWEB – Media Security

13 IETF83 – RTCWEB – Media Security
Debugging RTP is easier to debug But still needs a decoder (RTP is not ASCII) SRTP supports NULL ciphers Allows un-encrypted data on the wire Now looks like RTP on the wire IETF83 – RTCWEB – Media Security

14 IETF83 – RTCWEB – Media Security
Protocol Complexity Allowing both RTP and SRTP increases complexity More code, more test cases IETF83 – RTCWEB – Media Security

15 IETF83 – RTCWEB – Media Security
RTP Risks RTP for interoperability runs risks of RTP everywhere RTCWEB will be deployed everywhere Not solely on managed networks Coffee shop, attacker upstairs collecting traffic IETF83 – RTCWEB – Media Security

16 IETF83 – RTCWEB – Media Security
SRTP Pros Cons Passive listeners need SRTP session keys Modification needs SRTP session keys Identity is possible depending on keying mechanism We have to choose keying mechanism(s) (more on that later) IETF83 – RTCWEB – Media Security

17 SRTP Interoperability
This device is already present – Session Border Controller Web Server Media gateway SIP Proxy SIP JSEP SIP (S)RTP SRTP Browser IP phone Enterprise network IETF83 – RTCWEB – Media Security

18 IETF83 – RTCWEB – Media Security
RECORDING IETF83 – RTCWEB – Media Security

19 Recording Some environments REQUIRE recording
jails, stock broker, bank, travel agency Yet need to encrypt the audio and video attorney/client privilege, account number, credit card number, mother’s maiden name Attackers on internal network (ethernet sniffer, WiFi) Attackers on the Internet SIPREC allows recording SRTP-encrypted flows SRTP session keys are given to recorder

20 Independent Sessions CS = Content Session = Existing session to be recorded RS = Recording Session = Session established with the recorder Security requirements of CS != those of RS When SRTP used in CS, decryption/re-encryption may occur in RS

21 SBC Recording Model RS SIP >| | | | Session | | [S]RTP ---->| Recording | | | | Server | | | +-- Metadata -->| | | | | | | | v v | ADMINISTRATIVE DOMAIN | Session | |Recording| | Client | | |<---- SIP ---->| |<---- SIP ---->| | | UA-A | | SBC | | UA-B | | |<---- SRTP --->| |<---- SRTP --->| | |_____________________________________________________________| CS SBC, acting as the forking point for the media to the recorder, MUST OWN the identity of UA-A, i.e., be IdP for UA-A

22 UA Recording Model ADMINISTRATIVE DOMAIN RS SIP >| | | | Session | | [S]RTP ---->| Recording | | | | Server | | | +-- Metadata -->| | | | | v v | | Session | |Recording| | Client | | |<---- SIP ---->| | | UA-A | | UA-B | | |<---- SRTP --->| | |___________________________________| CS UA-A, acting as the forking point for the media to the recorder, MUST BE TRUSTED by the recorder to faithfully deliver the media.

23 Question for Working Group
15 minutes Is unsecured RTP necessary? IETF83 – RTCWEB – Media Security

24 Security Descriptions versus DTLS-SRTP
IETF83 – RTCWEB – Media Security

25 IETF83 – RTCWEB – Media Security
The Need for Identity Confidentiality is good (SDESC) But not good enough What if you’re talking to an attacker? Secure communications requires peer authentication (DTLS-SRTP) See EKR’s plenary presentation User authentication comes from IdP’s Facebook Connect, Twitter, Google+, etc. Increasingly used IETF83 – RTCWEB – Media Security

26 Why Consider Security Descriptions at all?
Backwards compatibility IETF83 – RTCWEB – Media Security

27 Security Descriptions Interop
Web Server SIP Proxy SIP JSEP + SDESC keys SIP + SDESC keys Browser IP phone SRTP But IP phone probably doesn’t do ICE. So this slide is missing a media gateway IETF83 – RTCWEB – Media Security

28 DTLS-SRTP and Security Descriptions Interop
Web Server Media gateway SIP Proxy SIP JSEP + a=fingerprint SIP + SDESC keys SRTP DTLS handshake, SRTP Browser IP phone Media Gateway decrypts and re-encrypts SRTP going from Security Descriptions to DTLS-SRTP. Ouch!! IETF83 – RTCWEB – Media Security

29 Crypto Burden on Media Gateway
Interworking DTLS-SRTP to Security Descriptions is CPU intensive SRTP from DTLS-SRTP end flows easily SRTP from SDESC end requires auth+decrypt, and encrypt+auth Reason: DTLS-SRTP handshake has both ends choose “half” of the SRTP key Solution: Allow each end can choose its own SRTP key, using EKT IETF83 – RTCWEB – Media Security

30 Encrypted Key Transport (EKT)
draft-ietf-avt-srtp-ekt-03 Benefits: Key changes share fate w/ SRTP packet itself Immediate key changes (no signaling delay) Useful for group keying Operation: Encrypts the new SRTP key using another key Sends this key in SRTP (or SRTCP) packet IETF83 – RTCWEB – Media Security

31 IETF83 – RTCWEB – Media Security
Using EKT for Interop Use EKT’s functionality to ease interop between DTLS-SRTP and Security Descriptions Mechanism: Send the Security Descriptions key using EKT Eliminates per-packet crypto for media gateway! Hurray! IETF83 – RTCWEB – Media Security

32 Enhancement to EKT for Interop
Proposed by David McGrew on AVTCORE Current EKT specification replaces SRTP authentication tag with EKT tag Change: Retain SRTP authentication tag Benefit: Easy for media gateway DTLS-SRTP-EKT leg Security Descriptions leg Media gateway RTP header RTP header SRTP payload SRTP payload SRTP authentication tag SRTP authentication tag EKT tag IETF83 – RTCWEB – Media Security

33 DTLS-SRTP-EKT and Security Descriptions Interop
Web Server Media gateway SIP Proxy SIP JSEP + a=fingerprint SIP + SDESC keys SRTP DTLS –SRTP-EKT, SRTP Browser IP phone IETF83 – RTCWEB – Media Security

34 SRTP Key Changes DTLS-SRTP-EKT Security Descriptions
Re-INVITE, a=crypto Web Server Media gateway SIP Proxy SIP Re-INVITE, a=crypto JSEP + a=fingerprint SRTP EKT Key Browser IP phone IETF83 – RTCWEB – Media Security

35 SRTP Key Changes DTLS-SRTP-EKT Security Descriptions
Re-INVITE, a=crypto Web Server Media gateway SIP Proxy SIP Re-INVITE, a=crypto JSEP + a=fingerprint SRTP EKT Key Browser IP phone IETF83 – RTCWEB – Media Security

36 Keying Comparison: DTLS-SRTP and SDESC
Two RTPSEC BoFs Analyzed 15 keying mechanisms IETF66, July 2006 IETF68, March 2007 Result was for DTLS-SRTP Documented in RFC5479 IETF83 – RTCWEB – Media Security

37 Security Descriptions
Pros Cons Widely deployed No additional round trips Trust every signaling hop with SRTP keys Log files Compromised host Perhaps this was acceptable within one administrative domain No forward secrecy Cannot add identity Insecure forking and retargeting IETF83 – RTCWEB – Media Security

38 IETF83 – RTCWEB – Media Security
DTLS-SRTP-EKT Pros Cons Best security (RFC5479) Foundation for identity Using fingerprints Using IdP Group keying Fate sharing of SRTP key changes Additional round trips Little deployment of DTLS-SRTP(-EKT) Change to improve EKT interoperability is new IETF83 – RTCWEB – Media Security

39 Removing Barriers to DTLS
Make the DTLS handshake shorter Use public keys instead of certificates DTLS-SRTP doesn’t use certs, anyway draft-ietf-tls-oob-pubkey Do part of DTLS handshake in ICE connectivity checks draft-thomson-rtcweb-ice-dtls DTLS session resumption? IETF83 – RTCWEB – Media Security

40 Summary of DTLS-SRTP-EKT
Strongest security Allows building identity on top Interworks with Security Descriptions IETF83 – RTCWEB – Media Security

41 IETF83 – RTCWEB – Media Security
Choices DTLS-SRTP-EKT only DTLS-SRTP-EKT and Security Descriptions DTLS-SRTP-EKT and Security Descriptions and RTP IETF83 – RTCWEB – Media Security

42 Discussion Diagram DTLS-SRTP-EKT Security Descriptions Web Server
Media gateway SIP Proxy SIP JSEP + a=fingerprint SIP + SDESC keys SRTP DTLS –SRTP-EKT, SRTP Browser IP phone IETF83 – RTCWEB – Media Security

43 The End

44 IETF83 – RTCWEB – Media Security
JUNK SLIDES IETF83 – RTCWEB – Media Security

45 RTCWEB Model Web Server SIP Session Border Controller SIP JSEP Browser
IP phone media media IETF83 – RTCWEB – Media Security

46 Questions for Working Group
15 minutes SDESC or DTLS-SRTP RTP or SRTP SRTP STOP STOP IETF83 – RTCWEB – Media Security

Download ppt "Dan Wing dwing@cisco.com IETF83 - March 2012 RTCWEB Working Group Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past."

Similar presentations

www.dynamicsoft.com IM 2000 -- May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.

IM May 24, 2000 Introduction to SIP Jonathan Rosenberg Chief Scientist.
SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.

H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
© 2006 Solegy LLC Internal Use Only Getting Connected with SIP Encryption _______________________________ By Eric Hernaez Solegy LLC May 16, 2007.

© 2006 Solegy LLC Internal Use Only Getting Connected with SIP Encryption _______________________________ By Eric Hernaez Solegy LLC May 16, 2007.
SSH: An Internet Protocol By Anja Kastl IS 373 - World Wide Web Standards.

SSH: An Internet Protocol By Anja Kastl IS World Wide Web Standards.
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
RTP Multiplexing draft-rosenberg-rtcweb-rtpmux Jonathan + {Rosenberg, Lennox}

RTP Multiplexing draft-rosenberg-rtcweb-rtpmux Jonathan + {Rosenberg, Lennox}
Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.

Session-ID Requirements for IETF84 draft-ietf-insipid-session-id-reqts-00 1 August 2012 Paul Jones, Gonzalo Salgueiro, James Polk, Laura Liess, Hadriel.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
1 RTCWEB interim 2011-09-08 Remote recording use case / requirements John Elwell.

1 RTCWEB interim Remote recording use case / requirements John Elwell.
DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-91 Hawaii, Nov 12, 2014 Presenter: Tirumaleswar Reddy Authors: Ram Mohan, Tirumaleswar.

DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-91 Hawaii, Nov 12, 2014 Presenter: Tirumaleswar Reddy Authors: Ram Mohan, Tirumaleswar.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston.

July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston.
RTCWEB Signaling Matthew Kaufman. Scope Web Server Browser.

RTCWEB Signaling Matthew Kaufman. Scope Web Server Browser.
Chapter 13 – Network Security

Chapter 13 – Network Security
SIPREC Conference Recording (draft-kyzivat-siprec-conference-use-cases-01) IETF 89, March 7, 2014 Authors: Michael Yan, Paul Kyzivat, Simon Romano.

SIPREC Conference Recording (draft-kyzivat-siprec-conference-use-cases-01) IETF 89, March 7, 2014 Authors: Michael Yan, Paul Kyzivat, Simon Romano.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Similar presentations

Ads by Google