[VOIPSEC] Secure Real-time Transport Protocol (SRTP)

Robert Moskowitz rgm at icsalabs.com
Thu Mar 24 08:54:02 CST 2005 

At 06:02 PM 3/23/2005, Pbt wrote:



> > Sometimes there can be an overlap between layers in the nature of security
> > offered.  But, for example, if you look at my tunneling methods, layer 3
> > security of IPsec would not protect likely the RTP connection
>So, what kind of tunneling do you use ?

I use so many different tunneling technologies  It is part of my job.  Part 
of my CV is that I co-chaired teh IPsec workgroup.  I started the first 
work on CTR mode for IPsec and SRTP, and when I was ill, others filled in 
the gap (Steve Kent and I and a few others really debated formats; fun had 
all around kind of thing).

>IPSec can easily protect RTP (and other flows you want : by example
>defining them properly in your racoon conf or other implementations
>allowing port/proto/host selection). Its main lack is its bandwidth
>consumption.

Problem is that IPsec has no API.  We had one from NRL, but it went 
nowhere.  So how does the app know there is protection?  Also there are too 
many network architectures where IPsec will let you down.  So I still favor 
SRTP for VoIP.  If you are running a soft phone this could be very 
important.  And even a hard phone does not know what the communicating 
party's situation is.

I was once in the camp of IPsec for everything.  I left that long ago.  I 
am rather upset that Better than Nothing Security got ran over by the IPsec 
bullies.  But in MAY just give us that API I mentioned early.  Joe Touch is 
not such a pushover.

>In fact, you can choose BETWEEN an IPSec solution, or in another one
>(often more complex to deploy).

Part of the reason I would go wiht SRTP.  It is reality ease to set policy 
for SRTP.  To set the PDB of IPsec is a real challenge; particularly with 
no way for the app to learn the policy or influence it.

>If you choose a solution based on SRTP (cyphered payload, algorithm &
>MKI), you'll have to find a good key exchange protocol (as MiKEY :
>Multimedia Internet Keyring) replacing IKE by example for IPSec.
>Used with SIP (which encapsulates MiKEY), you will need to use TLS then.
>DNS transactions (SRV & A requests) should also be secured with DNSSEC..

I really need to go back and look at MiKEY.

For all that I have implied about IPsec, IKEv2 is a powerful protocol and 
is self protecting.  It follows the SIGMA provably secure protocol.  You 
would only need encapsulation, not protoection.  Of course this practically 
imposes x.509 certs for the clients.


Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W:      248-968-9809
F:      248-968-2824
E:      rgm at icsalabs.com

There's no limit to what can be accomplished
if it doesn't matter who gets the credit

More information about the Voipsec mailing list