[VOIPSEC] Thoughts on VoIP security for Groups

[Dan Wing]

> I'm curious how much thought the industry has given to the idea of
> establishing group keys for VoIP.  This could be done with
> MIKEY/SRTP (MIKEY supports establishment of a group encryption key,
> and this is the path being taken by the 3GPP standards/secure MBMS)

Depends on which MIKEY 'mode', of course.  MIKEY-DHSIGN, for example, 
cannot be used to establish group keys.  I guess you are referring 
to MIKEY-RSA (which would be 'difficult' to deploy on the Internet 
because there isn't a mechanism to obtain the remote party's key 
prior to the call) or perhaps to MIKEY-RSA-R.  But there are almost
a dozen other MIKEY 'modes', too.

> or could be done with GDOI and IPsec

There is draft-ietf-msec-gdoi-srtp but it's expired.

> (though I question the maturity of GDOI). 
>
> This could be used in a conference bridge type scenario,
> where all participating members would receive the same group
> encryption key; hence allowing VoIP endpoints to encrypt the packet
> a single time, rather than having to learn keys of each group
> member.  This would of course also support the multicasting of the
> media stream as well.

There are some other ideas as well, including my idea 
DTLS-SRTP-Key-Transport which provides a small extension
to DTLS-SRTP [1] and Dave McGrew's EKT which provides an extension
to RTP and to RTCP [2].  Dave and I are working to synchronize our
drafts based on feedback at the AVT meeting at IETF74 in San 
Francisco.  Our presentation slides from the meeting are at [3].

[1] http://tools.ietf.org/html/draft-wing-avt-dtls-srtp-key-transport-03
[2] http://tools.ietf.org/html/draft-mcgrew-srtp-ekt-04
[3] https://datatracker.ietf.org/meeting/74/materials.html#wg-avt

-d