[VOIPSEC] SRTP

Geoff Devine gdevine at cedarpointcom.com
Wed Mar 22 05:51:00 CST 2006 

A few comments on this thread:

My perspective is dealing with these issues for a huge carrier-class
media gateway and soft switch.  Whenever I look at a protocol, I always
ask, "How do I scale it?" and "How do I make it redundant?"

SRTP is "cheap" until you're trying to terminate tens of thousands of
streams at a big media gateway.  Depending on DSP architecture (memory
is often the limitation), security in the DSP ends up costing you at
least 10% in codec density.  You can buy a very nice yacht for the price
of the DSP cards necessary to terminate 10,000 compressed voice calls.
Power and heat dissipation also become a big issue.  We ended up putting
media security in an FPGA so it wouldn't impact our channel density.

Making SRTP redundant is a little bit painful.  A wrap count of the
16-bit RTP sequence number is used to prevent replay attacks.  You use
this wrap count to derive the keying information and you fail
authentication if both ends don't have the same RTP sequence number wrap
count.  At the packet inter-arrival rates typical for RTP voice, the
sequence number wraps every 5 or 10 minutes.

I'm quite comfortable with sdescriptions since it looks very much like
what we use in the PacketCable VoIP over Cable standards.  When you're
trying to implement features like Lawful Intercept and Busy Line Verify,
life is much easier when core elements inside the walled garden can see
the keying material in the clear.  You have to pick a key exchange
mechanism appropriate to your architecture.  Sdescriptions is fine for a
walled garden architecture.  Something like MIKEY is more appropriate
for a peer to peer architecture.

We're off building a redundant TCP/TLS solution at the moment.  TCP/TLS
is extremely painful to make redundant and TCP poses significant memory
consumption scaling issues when you have tens of thousands of TCP
connections.  UDP/IPSec is much easier to scale and make redundant. In
IPSec, you have a 32-bit sequence number as state.  To make it
redundant, all you have to do is checkpoint the Tx sequence number state
from time.  When you fail over to the redundant instance, you take a
"giant step" (add a big number like 64K) to the Tx sequence number.
It's little surprise that the two mass market commercial VoIP solutions
that have security, PacketCable & 3GPP, both use UDP/IPSec.

Geoff Devine
Chief Architect
Cedar Point Communications

More information about the Voipsec mailing list