Pre review of 3GPP MIME type for RTP payload format

Thu Aug 12 14:45:30 CEST 2004

Hi,

I would like to have a pre registration request review of the below 
propsed MIME type for a RTP payload format. This registration request is 
intended to use the updated registration procedure based on 
specification available from other standards body.

The specification that the registration belongs to can be found in the 
following 3GPP contribution:

http://www.3gpp.org/ftp/tsg_sa/WG4_CODEC/TSGS4_32/Docs/S4-040460.zip
Which is the specification delta that included the RTP payload format 
defined within to the following specification:

http://www.3gpp.org/ftp/Specs/latest/Rel-6/26_series/26234-600.zip

The registration template for this looks like the following:
------------------------------------------------------------

MIME media type name: audio, video, text, application, image

MIME subtype name: rtp.enc.aescm128

Required parameters:

opt: 	The payload type number of the payload type contained in the
         encrypted payload. An integer value between 0-127.

rate: 	The timestamp rate of this payload type, which shall be the same
         as that of the original payload type. This is an integer value
         between 1 and 2^32.

ContentID: The OMA DRM content ID [75] used to identify the content when
         establishing a crypto context. The value is an RFC 2396 [60]
         URI, which shall be quoted using <">.

RightsIssuerURL: The right issuer URL as defined by OMA DRM [75]. The
         value is an URI in accordance with RFC 2396 [60], which shall be
         quoted using <">.

IVnonce: The value of this parameter is the nonce that forms the IV as
         specified by the crypto transform, encoded using Base 64 [69].

Optional parameters:

SelectiveEncryption: 	Indicates if this stream is selectively
         encrypted. Allowed values are 0 (false) and 1 (true). If not
         present, selective encryption shall not be used. Please note
         that unless this indicator is integrity protected, it fulfils no
         purpose.

Encoding considerations:
         This type is only defined for transfer via RTP (RFC 3550).

Security considerations:

See considerations raised in RTP RFC 3550 [9] and any applicable
profile like RFC 3551 [10] or RFC 3711 [72]. Further see 3GPP TS
26.234, Release 6, Annex K for comments on security issues. The main
issues that exists are:

- This RTP payload format only confidentiality protects the RTP payload, 
thus header information is leaked, similarly to SRTP.

- The use of stream ciphers as AES CM and no integrity protection allows 
an attacker to purposefully attack the content of the encrypted RTP 
payload by switching individual bits.

- The usage of selective encryption without integrity protection allows 
for an attacker to perform any replacements of complete RTP payloads and 
packets it desires.

- The payload format makes the receiver vulnerable to denial of service 
attacks that inserts RTP packets into the stream, that the receiver then 
interprets as being encrypted thus wasting computational resources. To 
prevent this attack, authentication needs to be used.
Interoperability considerations:

Published specification:
3GPP TS 26.234, Release 6.
Open Mobile Alliance DRM Content Format V2.0

Applications which use this media type:
	Third Generation Partnership Project (3GPP) Packet-switched
         Streaming Service (PSS) clients and servers, which supports the
         Open Mobile Alliance's specification of Digital Rights
         Management version 2.0.

Additional information:

Magic number(s): N/A
File extension(s): N/A
Macintosh File Type Code(s): N/A

Person & email address to contact for further information:
	magnus.westerlund at ericsson.com

Intended usage:
Common

Author/Change controller:

3GPP TSG SA

---- End of template ---

Hope for comments within a week. Otherwise any changes within 3GPP will 
be more difficult.

Thanks

Magnus Westerlund

Multimedia Technologies, Ericsson Research EAB/TVA/A
----------------------------------------------------------------------
Ericsson AB                | Phone +46 8 4048287
Torshamsgatan 23           | Fax   +46 8 7575550
S-164 80 Stockholm, Sweden | mailto: magnus.westerlund at ericsson.com