[VOIPSEC] SRTP and ZRTP protocol measurements
Ari Takanen
voipsa at codenomicon.com
Fri Apr 23 01:21:30 CDT 2010
Werner already provided extensive answers to your questions, so I will
just add a few practical cases you can potentially add in your study.
Just like the original topic discussed (government MITM), if you
create your keys so that you have a master key (escrow key), you can
then decrypt each packet with it off-line. I believe Wireshak can do
this automatically, but you can also do it for the raw packets
themselves.
Otherwise you could look for a SRTP/ZRTP tunnel-mode like this:
Secure Phone <- SRTP/ZRTP -> Proxy <- Unsecure RTP -> Unsecure Phone
This way you can easily compare the streams (packet sizes, delays,
etc). Just make sure there are no codec transitions at the proxy
(B2BUA).
ZRTP as far as I know (I've never looked) does not use SRTP as the
media transfer protocol but mangles (encrypts) the regular payload of
RTP, i.e. it will look like regular unencrypted audio. Imagine a
goverment phone with a voice scrambler... the Telco will not see that
the audio streams are encrypted unless they actually go into the phone
trunk and try to listen to them.
Best regards,
/Ari
More information about the Voipsec
mailing list