[VOIPSEC] Using SRTP for University project
M Rizal B Azmi
leadxr at yahoo.com
Thu Mar 23 10:16:59 CST 2006
Does anyone know the inner-workings of a Snom 360 softphone? Such as the type of key exchange used, etc. The configuration menu only contains the ON or OFF option for SRTP. Thanks.
Regards,
Rizal
Voipsec-request at voipsa.org wrote: Send Voipsec mailing list submissions to
Voipsec at voipsa.org
To subscribe or unsubscribe via the World Wide Web, visit
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
or, via email, send a message with subject or body 'help' to
Voipsec-request at voipsa.org
You can reach the person managing the list at
Voipsec-owner at voipsa.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Voipsec digest..."
Today's Topics:
1. Siemens offers cordless encryption phone Re: Voipsec Digest,
Vol 15, Issue 27 (Albert)
2. Re: I am a freshman in this forum:) (gary madsen)
3. Re: SRTP (Weidong Shao)
----------------------------------------------------------------------
Message: 1
Date: Wed, 22 Mar 2006 13:55:15 +0100
From: Albert
Subject: [VOIPSEC] Siemens offers cordless encryption phone Re:
Voipsec Digest, Vol 15, Issue 27
To: Voipsec at voipsa.org
Message-ID: <5b1697e10603220455o3bea119l at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
- sorry for the plug but, while the discussion rages on, the rss feed reported:
a) Mobile VOIP needs high-speed uplink
Commercial offerings not likely until operators perpare their networks
By John Blau, IDG News Service
March 13, 2006
http://www.infoworld.com/article/06/03/13/76374_HNmobilevoip_1.html?source=rss&url=http://www.infoworld.com/article/06/03/13/76374_HNmobilevoip_1.html
b) Siemens offers cordless encryption phone
Siemens phone ensures maximum security and accelerated encryption process
By John Blau, IDG News Service
March 09, 2006
http://www.infoworld.com/article/06/03/09/76269_HNencryptionphone_1.html?source=rss&url=http://www.infoworld.com/article/06/03/09/76269_HNencryptionphone_1.html
c) Siemens unit seeks growth beyond phones
Siemens teams with Yahoo to let users make/receive VoIP calls through
Yahoo Messenger with Voice
By John Blau, IDG News Service
March 09, 2006
http://www.infoworld.com/article/06/03/09/76271_HNsiemensbeyondphones_1.html?source=rss&url=http://www.infoworld.
(and the article reminds us that there is already a dongle for skype
which was released last year)
------------------------------
Message: 2
Date: Wed, 22 Mar 2006 08:46:36 -0600
From: "gary madsen"
Subject: Re: [VOIPSEC] I am a freshman in this forum:)
To: "Julian Minard"
Cc: Voipsec at voipsa.org, Eliot Liu
Message-ID:
<84789390603220646t446de476y40baf5a4f56bdf7d at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
You may want to look at some of the other VoIP security whitepapers
collected here for a decent foundation:
http://www.voipsa.org/Resources/whitepapers.php
Cheers,
Gary
On 3/21/06, Julian Minard wrote:
> I'm a novice, too.
> Interesting paper. I was struck by the fact that the writer never referred to any security problems in the H.323 Recommendations. If, by implication, there are no security problems with 323 why arent we pressing to continue with the old 323 and ignore SIP, rather than the other way round?
> Maybe the writer just ignored security problems in 323...
> Julian Minard
>
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On Behalf Of Jerome Athias
> Sent: Tuesday, March 21, 2006 3:31 PM
> To: Eliot Liu
> Cc: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] I am a freshman in this forum:)
>
>
> Maybe this one could interest you:
>
> http://www.xmcopartners.com/whitepapers/voip-security-layered-approach.pdf
>
> Regards
> /JA
> https://www.securinfos.info
>
> Eliot Liu a ?crit :
> > Hello, everyone! I am a graduate student in China. And I am very
> > interested in SIP-based VoIP System. I know that there are many
> > threats in VoIP, and some of the threats are difficult to tackle.
> >
> > These days, my boss told me to use the PKI to help improve the
> > security of the SIP-based VoIP System. I found some paper from the
> > Internet, and read them. However, I am confused very much. Could
> > someone here give me some advice?
> >
> > Thanks!
> >
> > Bill
> >
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
------------------------------
Message: 3
Date: Wed, 22 Mar 2006 16:41:10 -0800
From: "Weidong Shao"
Subject: Re: [VOIPSEC] SRTP
To: Voipsec at voipsa.org
Message-ID:
Content-Type: text/plain; charset=ISO-8859-1
I have some comments inline,
Weidong Shao
Geoff Devine gdevine at cedarpointcom.com wrote:
A few comments on this thread:
My perspective is dealing with these issues for a huge carrier-class
media gateway and soft switch. Whenever I look at a protocol, I always
ask, "How do I scale it?" and "How do I make it redundant?"
SRTP is "cheap" until you're trying to terminate tens of thousands of
streams at a big media gateway. Depending on DSP architecture (memory
is often the limitation), security in the DSP ends up costing you at
least 10% in codec density. You can buy a very nice yacht for the price
of the DSP cards necessary to terminate 10,000 compressed voice calls.
Power and heat dissipation also become a big issue. We ended up putting
media security in an FPGA so it wouldn't impact our channel density.
Making SRTP redundant is a little bit painful. A wrap count of the
16-bit RTP sequence number is used to prevent replay attacks. You use
this wrap count to derive the keying information and you fail
authentication if both ends don't have the same RTP sequence number wrap
count. At the packet inter-arrival rates typical for RTP voice, the
sequence number wraps every 5 or 10 minutes.
>>> what do you mean for " making SRTP redundant? ".
>>> what has it to do with seq number wrapping?
>>> Do you mean a solution where media path or media gateway can be
load balanced?
I'm quite comfortable with sdescriptions since it looks very much like
what we use in the PacketCable VoIP over Cable standards. When you're
trying to implement features like Lawful Intercept and Busy Line Verify,
life is much easier when core elements inside the walled garden can see
the keying material in the clear. You have to pick a key exchange
mechanism appropriate to your architecture. Sdescriptions is fine for a
walled garden architecture. Something like MIKEY is more appropriate
for a peer to peer architecture.
>>> MIKEY is end-to-end, so how can you do LI ? how do you get the key?
>>> sdescriptions allows the call control to have access to the keying
materials so call monitoring or key access is possible. It is also
easier to implement.
We're off building a redundant TCP/TLS solution at the moment. TCP/TLS
is extremely painful to make redundant and TCP poses significant memory
consumption scaling issues when you have tens of thousands of TCP
connections. UDP/IPSec is much easier to scale and make redundant. In
IPSec, you have a 32-bit sequence number as state. To make it
redundant, all you have to do is checkpoint the Tx sequence number state
from time. When you fail over to the redundant instance, you take a
"giant step" (add a big number like 64K) to the Tx sequence number.
It's little surprise that the two mass market commercial VoIP solutions
that have security, PacketCable & 3GPP, both use UDP/IPSec.
>>> for the redundancy concern, are you referring the voice signaling path?
or RTP(SRTP) path?
>>> hop-by-hop security through IPSEC has its own problems in
network configuration
and scalability.
Geoff Devine
Chief Architect
Cedar Point Communications
------------------------------
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
End of Voipsec Digest, Vol 15, Issue 28
***************************************
---------------------------------
.: Beta :.
www.myspace.com/BetaRawks
www.i-bands.net/audiovault/Beta
---------------------------------
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.
More information about the Voipsec
mailing list