[VOIPSEC] RTP or SRTP inside UDP - how understand?

[Geoff Devine]

From: "Hadriel Kaplan" <HKaplan at acmepacket.com>
>> -----Original Message-----
>> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]
On
>> Behalf Of Simon Horne
>> Sent: Monday, March 27, 2006 3:32 PM
>> To: Sergey Vointsev; voipsec at voipsa.org
>> Subject: Re: [VOIPSEC] RTP or SRTP inside UDP - how understand?
>> 
>> You can tell (and it is not definitive) if the payload is encrypted
by
>> examining the payload length and seeing if it is not exactly the same
as
>> what would be expected for that particular codec.. Usually the output
>> length from the cipher (due to the cipher key length) does not match
>> exactly the normal unencrypted payload size. It may only be a couple
of
>> bytes but it is detectable. 
>
> I don't think so - at least not for the default AES cipher in the
spec.
> It's in counter mode.  

[geoff]  Agreed.  The payload is the same size after you encrypt it with
AES.  The header in SRTP is 4 bytes bigger because it contains the
authentication hash.

I'd also point out in the SDESCRIPTIONS debate that there are other
things in telephony signaling which are also important to keep private
beyond just the media keying material.  

Example: 
There are regulatory requirements that mandate that you keep CallerID
private if the user requests it.  

If somebody can hack your signaling security, you have other gigantic
problems beyond just exposing your media stream keys.  You have to trust
your proxy network.

In my strange and wonderful world of PacketCable voice over cable, the
CMSS SIP spec (SIP trunking between two soft switches) originally
required transport mode IPSec and then double-encrypted the media keying
information using a Kerberos mechanism.  We came to our senses and got
rid of it since Kerberos key management across multiple cable operator
realms was very painful. The spec today requires something that looks
very similar to SDESCRIPTIONS.

Geoff Devine
Chief Architect
Cedar Point Communications