Request for reviewing audio, vidoe, text/rtp-enc-aescm128
Magnus Westerlund
magnus.westerlund at ericsson.com
Tue May 16 17:13:54 CEST 2006
Russ Housley wrote:
> Magnus:
>
> The security considerations clearly indicate the problems with AES
> Counter Mode. There are alternatives that provide efficient integrity
> protection. Why would we want to permit this fragile encryption mode
> when robut alternatives are available? At a minimum, the registration
> should tell us.
>
> Russ
>>
>> Security considerations:
>>
>> See considerations raised in RTP RFC 3550 [9] and any applicable
>> profile like RFC 3551 [10] or RFC 3711 [72]. Further see 3GPP TS
>> 26.234, Release 6, Annex K for comments on security issues. The main
>> issues that exists are:
>>
>> - This RTP payload format only confidentiality protects the RTP
>> payload, thus header information is leaked, similarly to SRTP.
>>
>> - The use of stream ciphers as AES CM and no integrity protection
>> allows an attacker to purposefully attack the content of the encrypted
>> RTP payload by switching individual bits.
>>
>> - The usage of selective encryption without integrity protection
>> allows for an attacker to perform any replacements of complete RTP
>> payloads and packets it desires.
>>
>> - The payload format makes the receiver vulnerable to denial of
>> service attacks that inserts RTP packets into the stream, that the
>> receiver then interprets as being encrypted thus wasting computational
>> resources. To prevent this attack, authentication needs to be used.
>>
Okay, there is a integrity and authentication available for the
transport using SRTP as part of the solution described in section K of
TS 26.234. I can't remember why counter mode was chosen, I will try to
refresh my mind by talking to some people.
Cheers
Magnus Westerlund
Multimedia Technologies, Ericsson Research EAB/TVA/A
----------------------------------------------------------------------
Ericsson AB | Phone +46 8 4048287
Torshamsgatan 23 | Fax +46 8 7575550
S-164 80 Stockholm, Sweden | mailto: magnus.westerlund at ericsson.com
More information about the Ietf-types
mailing list