Presentation is loading. Please wait.

Presentation is loading. Please wait.

SDP Security Descriptions for Media Streams Mark Baugher Dan Wing - Cisco Systems -

Published byHerbert Andrews Modified over 8 years ago

Similar presentations

Presentation on theme: "SDP Security Descriptions for Media Streams Mark Baugher Dan Wing - Cisco Systems -"— Presentation transcript:

1 SDP Security Descriptions for Media Streams Mark Baugher Dan Wing - Cisco Systems -

2 SDP Security Descriptions2 Overview Rationale & Requirements for replacing k= –End-to-end vs Hop-by-hop uses –Comparison with existing and nascent standards Security descriptions –Session descriptors vs. media descriptors –Changes from previous, private submission –Syntax Next steps

3 SDP Security Descriptions3 Rationale for this Work 1.Overcomes limitations of k= Enables SRTP, TLS, … signaling in SDP 2.Leverages “ existing ” infrastructure SDP used to signal media sessions TLS or IPsec offers signaling protection Absence of a global PKI Security descriptions complements the keymgt-extensions for environments where SDP message is secure (e.g. TLS, IPsec).

4 SDP Security Descriptions4 Comparison with SDP k= Line A cryptographic key 1.Has descriptors … Parameters describing the key Parameters describing the crypto session 2.And structure SRTP master salt and master key 3.And session or media-level parameters k= defines only structure, not parameters k= can be extended with a method but no provision is made for descriptors and complicated session and media-level semantics.

5 SDP Security Descriptions5 SDP Signaling: Secure End-End Channel SenderReceiver SRTP bearer Signaling IPsec/TLS

6 SDP Security Descriptions6 SDP Signaling: Hop-by-Hop Channels SDP message (e.g. SIP/SDP) travels multiple hops e.g. networks a, b, and c encrypted/authenticated Not end-end, security as good as weakest link MMUSIC key-mgt approach does not suffer from this Signaling Controller Sender Receiver SRTP bearer IPsec/TLS Network A Network B Network C IPsec/TLS

7 SDP Security Descriptions7 Comparison with key-mgt Line Key mgt extensions –Supports AKE –Uses encrypted blob New key-mgt stmt Conveys a key mgt protocol message –Provides end-to-end security –As secure as the key management protocol –Additional latency Security descriptions –No AKE –Textual SDP parms Extends k= statement SDP secured with TLS, IPsec, … –May not provide end-to- end security –As secure as hop-by-hop security –No additional latency

8 SDP Security Descriptions8 Transport-Specific vs. Generic “ K= ” & key-mgt are transport-generic sdescriptions seeks to be as generic –A framework for security transports –Parameters are generic to the transports –Parameter values are transport specific But do not operate at SDP session level –There are omplicated interactions with transport-session parameters

9 SDP Security Descriptions9 a=crypto: [ ] An SDP attribute with 4 parameters –Crypto-suite=value (e.g. SRTP: AES-CTR-HMAC-SHA1-80) –application=sub-protocol (e.g. SRTP or SRTCP) –Key has two incarnations uri: absolute-uri inline: transport-specific-key-descriptor –Session is transport-specific session parameters (e.g. SRTP: unencrypted srtp, FEC order, etc. )

10 SDP Security Descriptions10 Changes from Previous Draft Applies to media streams not codecs –Led to substantial change in the syntax Applies to SDP media level only –As a result of improving Offer/Answer Added “ Application ” Parameter –Allows separate descriptions for SRTP and SRTCP Defines sdescriptions Offer/Answer –Not yet generalized beyond SRTP Added Augmented BNF Grammar

11 SDP Security Descriptions11 An SRTP Example v=0 o=jdoe 2890844526 2890842807 IN IP4 10.47.16.5 s=SDP Seminar i=A Seminar on the session description protocol u=http://www.example.com/seminars/sdp.pdf e=j.doe@example.com (Jane Doe) c=IN IP4 224.2.17.12/127 t=2873397496 2873404696 a=recvonly m=video 51372 RTP/SAVP 31 a=crypto:AES_CM_128_HMAC_SHA1_80 both inline:16/14/d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj/2^20/1:32 m=audio 49170 RTP/SAVP 0 a=crypto:AES_CM_128_HMAC_SHA1_32 srtp inline:16/14/NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj/2^20/1:32 a=crypto:AES_CM_128_HMAC_SHA1_80 srtcp inline:16/14/eZkBkQythOTg3NjU0MSEzMDMyMT01NDg5N2RlRkF/2^20/1:32 m=application 32416 udp wb a=orient:portrait

12 SDP Security Descriptions12 Next Steps Fix known errors –SDP direction attribute ambiguities Add missing pieces –Generalize Offer/Answer –Generalize to transports beyond RTP/SAVP Get implementation experience Report back to next mmusic meeting

Download ppt "SDP Security Descriptions for Media Streams Mark Baugher Dan Wing - Cisco Systems -"

Similar presentations

What’s New? What’s Different?

What’s New? What’s Different?
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Overview of SIP Media Security Options

Overview of SIP Media Security Options
RTP Payload Format for Multiple Flows FEC draft-peck-fecframe-rtp-mf-01 Orly Peck, RADVISION IETF 77 – March 2010.

RTP Payload Format for Multiple Flows FEC draft-peck-fecframe-rtp-mf-01 Orly Peck, RADVISION IETF 77 – March 2010.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
Real-Time Collaborative Environments Colin Perkins

Real-Time Collaborative Environments Colin Perkins
1 The Critical Role of Sip&H.323 Internetworking in Next- Generation Telephony Dr. Samir Chatterjee Associate Professor School of Information Science 909-607-4651;

1 The Critical Role of Sip&H.323 Internetworking in Next- Generation Telephony Dr. Samir Chatterjee Associate Professor School of Information Science ;
SIP Chapter 5. SIP History 1980s – first packet multimedia experiments 1992 – first IETF audio-cast 1996 – first SIP related IETF drafts Session Invitation.

SIP Chapter 5. SIP History 1980s – first packet multimedia experiments 1992 – first IETF audio-cast 1996 – first SIP related IETF drafts Session Invitation.
SDP.  Session Description Protocol (SDP) an application-layer protocol intended to describe multimedia sessions a text-based protocol when describing.

SDP.  Session Description Protocol (SDP) an application-layer protocol intended to describe multimedia sessions a text-based protocol when describing.
Lecture 5 and 6 notes: Reji Mathew & Jian Zhang NICTA & CSE UNSW COMP9519 Multimedia Systems S2 2009.

Lecture 5 and 6 notes: Reji Mathew & Jian Zhang NICTA & CSE UNSW COMP9519 Multimedia Systems S
Alternate Offers / Capabilities in SIP/SDP Alternate Offers / Capabilities in SIP/SDP draft-bhatia-mmusic-sdp-altcap-01.txt Authors: Medhavi Bhatia John.

Alternate Offers / Capabilities in SIP/SDP Alternate Offers / Capabilities in SIP/SDP draft-bhatia-mmusic-sdp-altcap-01.txt Authors: Medhavi Bhatia John.
8/2/200048. IETF, Pittsburgh Kutscher/Ott/Bormann SDPng Requirements draft-kutscher-mmusic-sdpng-req-00.txt Dirk Jörg

8/2/ IETF, Pittsburgh Kutscher/Ott/Bormann SDPng Requirements draft-kutscher-mmusic-sdpng-req-00.txt Dirk Jörg
Fredrik Lindholm 52st IETF Meeting 1Key management extensions Key Management Extensions for SDP and RTSP.

Fredrik Lindholm 52st IETF Meeting 1Key management extensions Key Management Extensions for SDP and RTSP.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
AARNet Copyright 2011 Network Operations SDP Deep Dive Bill Efthimiou APAN33 SIP workshop February 2012.

AARNet Copyright 2011 Network Operations SDP Deep Dive Bill Efthimiou APAN33 SIP workshop February 2012.
Streaming Media Protocols Jani Hautakorpi Henry Pohan.

Streaming Media Protocols Jani Hautakorpi Henry Pohan.

Similar presentations

Ads by Google