[VOIPSEC] Using SRTP for University project

Randell Jesup rjesup at wgate.com
Mon Apr 3 15:16:56 BST 2006 

"Hadriel Kaplan" <HKaplan at acmepacket.com> writes:
>Fortunately your email below was filtered by my email client as spam.  I say
>fortunately, because it shows to anyone that even over a TLS-secured
>connection (which I have), a man-in-the-middle was able to see and perform
>intercepting action for your email.  It just so happens that the middle-man
>is my email program.  For a TLS-secured connection of the whole chain from
>end2end, or even a S/MIME secured one or ZRTP, there will always be the
>ability for 2 middle-men (the caller and called apps) to do nefarious
>things.  Of course you and I and most technical people already know that -
>this is nothing new in the security world.  And it's certainly the case that
>adding the probability of compromised additional chain-links of trust makes
>it worse, since it is simply the sum of all of them.  I'm just noting it, as
>it seemed ironic to me in this discussion of "end-to-end" security...

Quite. :-)

"end-to-end" security has an implicit assumption that the endpoints
themselves are secure.  If it's a PC app, even if the app is secure the OS,
hardware drivers, etc may not be.  And physical security is rarely
as good as people assume.  For hardphones, you have to trust the
manufacturer (no backdoors) and their implementation as well.

>> Decryption becomes the problem of the FBI/NSA/etc.  They also have to
>> provide the tap in a non-detectable way I understand, which is a big
>> problem technically unless everything (media) is routed through a proxy.

>Yes that's what I've heard as well.  There is a debate going on right now
>about whether "non-detectable" includes media addressing or not.  For some
>providers we'd rather not relay media if we don't have to, but as it stands
>right now we've been told we have to.

People used to detect analog-line taps by odd clicks and other affects; to
detect a media relay-tap you'd have to use a packet sniffer.  You could
make it harder to detect by using relays at least occasionally for all
calls, so that someone with a sniffer has trouble knowing why it's relaying
- though the amount/pattern of relaying might still be detectable.  Also,
someone who sits on the access line (cable co., DSL/fiber provider) can do
a transparent relay/tap without modifying the media addresses - or they'll
just relay everything all the time, in the clear.

>> And that's where ZRTP's ability to work within an AVT/RTP stream is good -
>> if it could do so without needing things like header-extensions.  A
>> provider could block header extensions, or ones that look like ZRTP.

>A provider can block most anything if they had to, if the signaling goes
>through their equipment.  For example they could transcode each call to make
>sure it's really 711 (emulating a pstn hop).  It would be insanely expensive
>to do so, of course.  The only real way would be to secure at a layer above
>the codec or replace it I think (which is what I think you were talking
>about?), so it looks like 711 bytes, but white noise.  

Yes - though with ridiculous overhead you could detect/block that too, and
there are ways to work around those blocks, ad nauseum.  The point was that
currently it's trivial to detect and block ZRTP in a media relay (if you're
relaying).  If ZRTP didn't have to (always) rely on header extensions (can
"hide" in the media bitstream), it would be dramatically harder to detect
or block.

>But I'm not sure they'd need to be that tricky - if all/most providers
>around the world wouldn't have to care about decrypting encrypted media,
>they'd be fine to let it through.  It would have to take the same bandwidth,
>though.  
>
>There's still going to have to be SRTP though.  The PSTN is far too
>pervasive to be easily dismissed, and it will take eons for the entire
>planet to go to voip.  There is also the issue of transcoding even in ip-ip
>which people often overlook.  In the meantime, providers want to let people
>call the pstn and vice versa, and secure it on the IP side, and the
>simplicity/lower-cost of SRTP in media gateway hardware will not overcome
>any benefits of zrtp in my opinion, for calls to/from the pstn.

Sure.  And PSTN is inherently tappable anyways (though more secure against
remote hacking).

-- 
Randell Jesup, Worldgate (developers of the Ojo videophone), ex-Amiga OS team
rjesup at wgate.com
"The fetters imposed on liberty at home have ever been forged out of the weapons
provided for defence against real, pretended, or imaginary dangers from abroad."
		- James Madison, 4th US president (1751-1836)

More information about the Voipsec mailing list