RTCWEB Working Group. Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past and the future

Similar documents
A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing (draft-jones-perc-private-media-framework-00)

WebRTC: IETF Standards Update September Colin Perkins

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Become a WebRTC School Qualified Integrator (WSQI ) supported by the Telecommunications Industry Association (TIA)

This is a sample chapter of WebRTC: APIs and RTCWEB Protocols of the HTML5 Real-Time Web by Alan B. Johnston and Daniel C. Burnett.

ETSI TS V ( )

P2PSIP, ICE, and RTCWeb

Internet Engineering Task Force (IETF) Request for Comments: E. Rescorla RTFM, Inc. May 2010

Network Working Group. BCP: 131 July 2007 Category: Best Current Practice

Configuration Guide. for. Sipera IPCS 210/310/410/510 Version: 3.6. with. Nortel Communication Server 1000 Release 5.5

Secure Communications on VoIP Networks

Session initiation protocol & TLS

Secure RTP Library API Documentation. David A. McGrew Cisco Systems, Inc.

DTLS-SRTP. Eric Rescorla David McGrew Jason Fischl Hannes Tschofenig. Eric Rescorla IETF 68 1

Talkative Engage Mitel Architecture Guide. Version 1.0

On the Internet, nobody knows you re a dog.

12/12/2012 Cisco TIP Endpoint Profile TX 6 Page 1 Doc version: 1.0

PERC and WebRTC. draft- roach- perc- webrtc- 00 IETF 98 Chicago, Illinois, USA PERC Working Group Adam Roach

Voice over IP. What You Don t Know Can Hurt You. by Darren Bilby

Teams Direct Routing. Configuration Checklists for BTIP and Business Talk SIP services. 28 january Teams Direct Routing AudioCodes Checklist 0.

Media Path. Feature Information for Media Path

Configuring SSL Security

Encryption setup for gateways and trunks

SBC Site Survey Questionnaire Forms

Configuring Encryption for Gateways and Trunks

Overview of SIP. Information About SIP. SIP Capabilities. This chapter provides an overview of the Session Initiation Protocol (SIP).

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Overview of the Session Initiation Protocol

Configuring Sonus SBC 1000/2000 with Microsoft Office 365. Application Notes Last Updated April 16, 2013

Overview. SSL Cryptography Overview CHAPTER 1

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

NAT Tutorial. Dan Wing, IETF77, Anaheim March 21, 2010 V2.1

FreeSWITCH as a Kickass SBC. Moises Silva Manager, Software Engineering

Introduction to Computer Networks. CS 166: Introduction to Computer Systems Security

0x1A Great Papers in Computer Security

A. On the VCS, navigate to Configuration, Protocols, H.323, and set Auto Discover to off.

Reflections on Security Options for the Real-time Transport Protocol Framework. Colin Perkins

Polycom RealPresence Access Director System

Real-Time Communications for the Web. Presentation of paper by:cullen Jennings,Ted Hardie,Magnus Westerlund

Configuring Internet Key Exchange Security Protocol

About FIPS, NGE, and AnyConnect

CPSC 467: Cryptography and Computer Security

Secure Telephony Enabled Middle-box (STEM)

RTP model.txt 5/8/2011

Internet Engineering Task Force (IETF) Request for Comments: R. Jain IPC Systems K. Rehor Cisco Systems, Inc. May 2014

Firewalls for Secure Unified Communications

ABC SBC: Secure Peering. FRAFOS GmbH

Oracle Communications WebRTC Session Controller

VoIP Basics. 2005, NETSETRA Corporation Ltd. All rights reserved.

become a SIP School Certified Associate endorsed by the Telecommunications Industry Association (TIA)

Deploying OAuth with Cisco Collaboration Solution Release 12.0

Services Extended Media Forking

Encryption Everywhere

AAC-LD MP4A-LATM Codec Support on Cisco UBE

WebRTC standards update (September 2014) Victor Pascual

TLS 1.1 Security fixes and TLS extensions RFC4346

Transport Level Security

SDP Capability Negotiation

Using EAP-TLS with TLS 1.3 draft-mattsson-eap-tls IETF 101, EMU, MAR John Mattsson, MOHIT sethi

Unified Communication:

Encrypted Phone Configuration File Setup

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

A SIMPLE INTRODUCTION TO TOR

EVALUATION COPY ONLY NOT FOR IMPLEMENTATION. USE SUBJECT TO EVALUATION LICENSE AGREEMENT

Intended status: Informational Expires: June 6, 2019 A. Hutton Atos R. Jesske Deutsche Telekom T. Stach Unaffiliated December 3, 2018

Session Abstract 11/25/2013

Microsoft Lync Server 2013 and Twilio SIP Trunk using AudioCodes Mediant E-SBC

Interoperability & Global PoC Standards

Transport Layer Security

A New Internet? Introduction to HTTP/2, QUIC and DOH

Hit the Ground Running. VoIP. Robert Sparks

Network Working Group Request for Comments: 4573 Category: Standard Track July MIME Type Registration for RTP Payload Format for H.

Cisco ATA 191 Analog Telephone Adapter Overview

Request for Comments: 3959 Category: Standards Track December 2004

The Dynamic Payload Type Interworking for DTMF and Codec Packets for SIP-to-SIP Calls feature provides

HTTPS is Fast and Hassle-free with Cloudflare

Internet Protocol Version 6 (IPv6)

Internet Engineering Task Force (IETF) Category: Standards Track March 2011 ISSN:

A New Internet? RIPE76 - Marseille May Jordi Palet

Dynamic Payload Type Interworking for DTMF

Polycom RealPresence Access Director System

Common Components. Cisco Unified Border Element (SP Edition) Configuration Profile Examples 5 OL

Acano solution. Third Party Call Control Guide. 07 June G

Virtual Private Network

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

MTAT Applied Cryptography

Network Encryption 3 4/20/17

Installation & Configuration Guide Version 4.0

Abstract. Avaya Solution & Interoperability Test Lab

CS 356 Internet Security Protocols. Fall 2013

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Implementing Cisco Voice Communications & QoS (CVOICE) 8.0 COURSE OVERVIEW: WHO SHOULD ATTEND: PREREQUISITES: Running on UC 9.

Application Note 3Com VCX Connect with SIP Trunking - Configuration Guide

Acano solution. Third Party Call Control Guide. December F

Department of Computer Science. Burapha University 6 SIP (I)

Network Working Group. Intended status: Standards Track Columbia U. Expires: March 5, 2009 September 1, 2008

MEDIA PROTECTION MECHANISMS

CPSC 467b: Cryptography and Computer Security

Multicast Music-on-Hold Support on Cisco UBE

Configuration Note for Rauland Responder 5 and Avaya Session Manager

Transcription:

RTCWEB Working Group Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past and the future Dan Wing dwing@cisco.com IETF83 - March 2012 v2 1

Agenda Scope Upcoming Questions for Working Group RTP versus SRTP RTP, Recording, RTP versus SRTP Keying Intro to Security Descriptions & DTLS-SRTP Interworking SDESC and DTLS-SRTP using EKT Working Group Discussion 2

Purpose of This Presentation DTLS-SRTP is best path forward DTLS-SRTP meets RTCWEB s technical requirements Interoperation with existing SIP endpoints Best security we know how to build Allows adding identity 3

Reading List: Keying Mechanisms (1/3) Security Descriptions, RFC4568 Sends SRTP session key over SIP signaling Also called SDES or SDESC DTLS-SRTP, RFC5763 and RFC5764 DTLS on media path establishes SRTP session key EKT, Encrypted Key Transport, draft-ietf-avtsrtp-ekt Group keying (and interoperation!) 4

Reading List: Analysis of Keying Mechanisms (2/3) Requirements and Analysis of Media Security Management Protocols, RFC5479 Analyzed 15 SRTP keying mechanisms Many criteria: SIP forking, retargeting, call signaling versus media path, group keying Conclusion: best keying mechanism: DTLS- SRTP (Most deployed is Security Descriptions) more on that later 5

Reading List: Identity (3/3) SIP Identity, RFC4474 Signs certain SIP headers and entire SDP SIP Identity using Media Path, draft-wing-rtcwebidentity-media/draft-wing-rtcweb-identity-media (2007) Signs certain SIP headers and a=fingerprint DTLS handshake and identity signature proves identity Cisco IPR statement, https:// datatracker.ietf.org/ipr/1709 6

Model Provides ICE connectivity checks Web Server JSEP SIP Media gateway signaling Call Controller (SIP or proprietary) media media signaling Browser Often private address space SIP system IP phone 7

QUESTIONS FOR WORKING GROUP 8

Questions for Working Group At end of meeting, chairs will ask questions similar to: Should we allow RTP? For SRTP keying: Do we need Security Descriptions? 9

RTP VERSUS SRTP 10

Pros Interoperability Listening by good actors Debugging during development and deployment Listen for faults (e.g., echo) Modification by good actors Remove echo Transcoding RTP Cons Listening by attackers Modification by attackers Identity is difficult-toimpossible 11

RTP Interoperability Web Server SIP SIP Proxy JSEP SIP Browser RTP IP phone But IP phone probably doesn t do ICE. So this slide is missing a media gateway 12

Debugging RTP is easier to debug But still needs a decoder (RTP is not ASCII) SRTP supports NULL ciphers Allows un-encrypted data on the wire Now looks like RTP on the wire 13

Protocol Complexity Allowing both RTP and SRTP increases complexity More code, more test cases 14

RTP Risks RTP for interoperability runs risks of RTP everywhere RTCWEB will be deployed everywhere Not solely on managed networks Coffee shop, attacker upstairs collecting traffic 15

Pros Passive listeners need SRTP session keys Modification needs SRTP session keys Identity is possible depending on keying mechanism SRTP Cons We have to choose keying mechanism(s) (more on that later) 16

SRTP Interoperability This device is already present Session Border Controller Web Server SIP Media gateway SIP Proxy JSEP SIP SRTP (S)RTP Browser IP phone Enterprise network 17

RECORDING 18

Recording Some environments REQUIRE recording jails, stock broker, bank, travel agency Yet need to encrypt the audio and video attorney/client privilege, account number, credit card number, mother s maiden name Attackers on internal network (ethernet sniffer, WiFi) Attackers on the Internet SIPREC allows recording SRTP-encrypted flows SRTP session keys are given to recorder

Independent Sessions CS = Content Session = Existing session to be recorded RS = Recording Session = Session established with the recorder Security requirements of CS!= those of RS When SRTP used in CS, decryption/re-encryption may occur in RS

SBC Recording Model SBC, acting as the forking point for the media to the recorder, MUST OWN the identity of UA-A, i.e., be IdP for UA-A RS +-----------+ +-------- SIP -------> Session +----- [S]RTP ----> Recording Server +-- Metadata --> +-----------+ v v +---------+ ADMINISTRATIVE DOMAIN Session Recording +---------+ Client +---------+ <---- SIP ----> <---- SIP ----> UA-A SBC UA-B <---- SRTP ---> <---- SRTP ---> +---------+ +---------+ +---------+ CS

UA Recording Model UA-A, acting as the forking point for the media to the recorder, MUST BE TRUSTED by the recorder to faithfully deliver the media. ADMINISTRATIVE DOMAIN RS +-----------+ +-------- SIP -------> Session +----- [S]RTP ----> Recording Server +-- Metadata --> +-----------+ v v +---------+ Session Recording Client +---------+ <---- SIP ----> UA-A UA-B <---- SRTP ---> +---------+ +---------+ CS

Question for Working Group 15 minutes Is unsecured RTP necessary? 23

SECURITY DESCRIPTIONS VERSUS DTLS-SRTP 24

The Need for Identity Confidentiality is good (SDESC) But not good enough What if you re talking to an attacker? Secure communications requires peer authentication (DTLS-SRTP) See EKR s plenary presentation User authentication comes from IdP s Facebook Connect, Twitter, Google+, etc. Increasingly used 25

Why Consider Security Descriptions at all? Backwards compatibility 26

Security Descriptions Interop Web Server SIP SIP Proxy JSEP + SDESC keys Browser SRTP IP phone SIP + SDESC keys But IP phone probably doesn t do ICE. So this slide is missing a media gateway 27

DTLS-SRTP and Security Descriptions Interop Web Server SIP Media gateway SIP Proxy JSEP + a=fingerprint Browser DTLS handshake, SRTP SRTP IP phone SIP + SDESC keys Media Gateway decrypts and reencrypts SRTP going from Security Descriptions to DTLS-SRTP. Ouch!! 28

Crypto Burden on Media Gateway Interworking DTLS-SRTP to Security Descriptions is CPU intensive SRTP from DTLS-SRTP end flows easily SRTP from SDESC end requires auth+decrypt, and encrypt+auth Reason: DTLS-SRTP handshake has both ends choose half of the SRTP key Solution: Allow each end can choose its own SRTP key, using EKT 29

Encrypted Key Transport (EKT) draft-ietf-avt-srtp-ekt-03 Benefits: Key changes share fate w/ SRTP packet itself Immediate key changes (no signaling delay) Useful for group keying Operation: Encrypts the new SRTP key using another key Sends this key in SRTP (or SRTCP) packet 30

Using EKT for Interop Use EKT s functionality to ease interop between DTLS-SRTP and Security Descriptions Mechanism: Send the Security Descriptions key using EKT Eliminates per-packet crypto for media gateway! Hurray! 31

Enhancement to EKT for Interop Proposed by David McGrew on AVTCORE Current EKT specification replaces SRTP authentication tag with EKT tag Change: Retain SRTP authentication tag Benefit: Easy for media gateway DTLS-SRTP-EKT leg RTP header SRTP payload SRTP authentication tag EKT tag Media gateway Security Descriptions leg RTP header SRTP payload SRTP authentication tag 32

DTLS-SRTP-EKT and Security Descriptions Interop DTLS-SRTP-EKT Security Descriptions Web Server SIP Media gateway SIP Proxy JSEP + a=fingerprint Browser DTLS SRTP-EKT, SRTP SRTP IP phone SIP + SDESC keys 33

SRTP Key Changes DTLS-SRTP-EKT Web Server SIP Security Descriptions Media gateway Re-INVITE, a=crypto SIP Proxy JSEP + a=fingerprint EKT Key SRTP Re-INVITE, a=crypto Browser IP phone 34

SRTP Key Changes DTLS-SRTP-EKT Web Server SIP Security Descriptions Media gateway Re-INVITE, a=crypto SIP Proxy JSEP + a=fingerprint EKT Key SRTP Re-INVITE, a=crypto Browser IP phone 35

Keying Comparison: DTLS-SRTP and SDESC Two RTPSEC BoFs Analyzed 15 keying mechanisms IETF66, July 2006 IETF68, March 2007 Result was for DTLS-SRTP Documented in RFC5479 36

Security Descriptions Pros Widely deployed No additional round trips Cons Trust every signaling hop with SRTP keys Log files Compromised host Perhaps this was acceptable within one administrative domain No forward secrecy Cannot add identity Insecure forking and retargeting 37

DTLS-SRTP-EKT Pros Best security (RFC5479) Foundation for identity Using fingerprints Using IdP Group keying Fate sharing of SRTP key changes Cons Additional round trips Little deployment of DTLS-SRTP(-EKT) Change to improve EKT interoperability is new 38

Removing Barriers to DTLS Make the DTLS handshake shorter Use public keys instead of certificates DTLS-SRTP doesn t use certs, anyway draft-ietf-tls-oob-pubkey Do part of DTLS handshake in ICE connectivity checks draft-thomson-rtcweb-ice-dtls DTLS session resumption? 39

Summary of DTLS-SRTP-EKT Strongest security Allows building identity on top Interworks with Security Descriptions 40

Choices 1. DTLS-SRTP-EKT only 2. DTLS-SRTP-EKT and Security Descriptions 3. DTLS-SRTP-EKT and Security Descriptions and RTP 41

Discussion Diagram DTLS-SRTP-EKT Security Descriptions Web Server SIP Media gateway SIP Proxy JSEP + a=fingerprint Browser DTLS SRTP-EKT, SRTP SRTP IP phone SIP + SDESC keys 42

The End 43

JUNK SLIDES 44

RTCWEB Model Web Server SIP JSEP Session Border Controller SIP Browser media media IP phone 45

Questions for Working Group 15 minutes RTP or SRTP SRTP SDESC or DTLS- SRTP STOP STOP 46

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback