1 / 10

August 2, 2012 IETF-84, Vancouver

RTCWEB Encrypted Key Transport draft- ietf - avtcore -srtp- ekt -00 (previously draft- ietf - avt -srtp- ekt -03). August 2, 2012 IETF-84, Vancouver. Authors: David McGrew, Flemming Andreasen, Dan Wing, Kai Fischer. EKT for Interop.

donat
Télécharger la présentation

August 2, 2012 IETF-84, Vancouver

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RTCWEBEncrypted Key Transportdraft-ietf-avtcore-srtp-ekt-00(previously draft-ietf-avt-srtp-ekt-03) August 2, 2012 IETF-84, Vancouver Authors: David McGrew, Flemming Andreasen, Dan Wing, Kai Fischer draft-ietf-avtcore-srtp-ekt

  2. EKT for Interop • Interoperate between Security Descriptions and EKT (e.g., DTLS-SRTP-EKT) • Avoids per-packet SRTP cryptographic operations on gateway • EKT tag now independent of SRTP packet • Media gateway can add/remove EKT tag to/from SRTP packet, resulting in normal SRTP packet • Implementation and security analysis simpler draft-ietf-avtcore-srtp-ekt

  3. Previous situation Web Server Media gateway SIP Proxy SIP JSEP + a=fingerprint SIP + SDESC keys SRTP DTLS handshake, SRTP Browser IP phone Media Gateway decrypts and re-encrypts SRTP going from Security Descriptions to DTLS-SRTP. Ouch!! draft-ietf-avtcore-srtp-ekt

  4. How SRTP decryption works SRTP Payload RTP Payload Check Authentication,Decrypt SRTP master key SRTP authentication tag draft-ietf-avtcore-srtp-ekt

  5. How EKT decryption works SRTP Payload RTP Payload Check Authentication,Decrypt SRTP master key SRTP authentication tag Check Authentication,Decrypt EKT tag EKT key draft-ietf-avtcore-srtp-ekt

  6. Enhancement to EKT for Interop • Adds to SRTP without changing SRTP format or processing rules • EKT tag is now removable • Benefit: Easy for media gateway interoperation DTLS-SRTP-EKT leg Security Descriptions leg Media gateway SRTP payload SRTP payload SRTP authentication tag SRTP authentication tag EKT tag draft-ietf-avtcore-srtp-ekt

  7. DTLS-SRTP-EKT and Security Descriptions Interop DTLS-SRTP-EKT Security Descriptions Web Server Media gateway SIP Proxy SIP JSEP + a=fingerprint SIP + SDESC keys SRTP DTLS –SRTP-EKT, SRTP Browser IP phone draft-ietf-avtcore-srtp-ekt

  8. Key Changes from EKT DTLS-SRTP-EKT Security Descriptions Re-INVITE, a=crypto Web Server Media gateway SIP Proxy SIP Re-INVITE, a=crypto JSEP + a=fingerprint SRTP EKT Key Browser IP phone draft-ietf-avtcore-srtp-ekt

  9. Key Change from SDES DTLS-SRTP-EKT Security Descriptions Re-INVITE, a=crypto Web Server Media gateway SIP Proxy SIP Re-INVITE, a=crypto JSEP + a=fingerprint SRTP EKT Key Browser IP phone draft-ietf-avtcore-srtp-ekt

  10. End draft-ietf-avtcore-srtp-ekt

More Related