Request for reviewing audio, vidoe, text/rtp-enc-aescm128

Magnus Westerlund magnus.westerlund at ericsson.com
Tue May 16 17:13:54 CEST 2006 

Russ Housley wrote:
> Magnus:
> 
> The security considerations clearly indicate the problems with AES 
> Counter Mode.  There are alternatives that provide efficient integrity 
> protection.  Why would we want to permit this fragile encryption mode 
> when robut alternatives are available?  At a minimum, the registration 
> should tell us.
> 
> Russ
>>
>> Security considerations:
>>
>> See considerations raised in RTP RFC 3550 [9] and any applicable 
>> profile like RFC 3551 [10] or RFC 3711 [72]. Further see 3GPP TS 
>> 26.234, Release 6, Annex K for comments on security issues. The main 
>> issues that exists are:
>>
>> - This RTP payload format only confidentiality protects the RTP 
>> payload, thus header information is leaked, similarly to SRTP.
>>
>> - The use of stream ciphers as AES CM and no integrity protection 
>> allows an attacker to purposefully attack the content of the encrypted 
>> RTP payload by switching individual bits.
>>
>> - The usage of selective encryption without integrity protection 
>> allows for an attacker to perform any replacements of complete RTP 
>> payloads and packets it desires.
>>
>> - The payload format makes the receiver vulnerable to denial of 
>> service attacks that inserts RTP packets into the stream, that the 
>> receiver then interprets as being encrypted thus wasting computational 
>> resources. To prevent this attack, authentication needs to be used.
>>

Okay, there is a integrity and authentication available for the 
transport using SRTP as part of the solution described in section K of 
TS 26.234. I can't remember why counter mode was chosen, I will try to 
refresh my mind by talking to some people.

Cheers

Magnus Westerlund

Multimedia Technologies, Ericsson Research EAB/TVA/A
----------------------------------------------------------------------
Ericsson AB                | Phone +46 8 4048287
Torshamsgatan 23           | Fax   +46 8 7575550
S-164 80 Stockholm, Sweden | mailto: magnus.westerlund at ericsson.com

More information about the Ietf-types mailing list