[VOIPSEC] Incorrect decryption monitoring feature
Hank Cohen
hcohen at hifn.com
Mon Sep 25 15:10:42 CDT 2006
SRTP packets are authenticated with an HMAC computation.
The HMAC key is also derived from the master key that is used to derive
the session keys. If you have the wrong session key you will almost
certainly
have the wrong HMAC key and authentication will fail.
The question of whether to fill in with something other than white noise
in this
case is implementation dependent. The most likely case for
authentication failure
is that a packet was corrupted by line noise in transit. If it is only
one or two packets
that fail this way it probably doesn't matter what you do with them.
Dropping them
is probably the right choice. If you have more than a small number of
corrupted
packets failing authentication then you have a much more serious problem
and
the call should probably be dropped.
Hank Cohen
Hifn
> -----Original Message-----
> From: voipsec-bounces at voipsa.org
> [mailto:voipsec-bounces at voipsa.org] On Behalf Of
> laurent.pilati at mindspeed.com
> Sent: Monday, September 25, 2006 2:10 AM
> To: Voipsec
> Subject: [VOIPSEC] Incorrect decryption monitoring feature
>
> Hi Gents,
>
> Is anyone aware of a feature on Secure IP phones which checks the
> decryption payload ?
>
> In case of incorrect decryption (Master keys are not correct
> for example),
> this feature would replace the "white noise" due to bad
> decryption by a
> more pleasant sample pattern.
>
> Thanks for your answers.
>
> Regards/Salutations,
>
> Laurent PILATI
> Tel. + 33 (0) 4 93 00 69 34
> Design Center
> Mindspeed Technologies France
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
More information about the Voipsec
mailing list