skip to main content
10.1145/1595637.1595640acmconferencesArticle/Chapter ViewAbstractPublication PagesiptcommConference Proceedingsconference-collections
research-article

A comparative analysis of the security aspects of the multimedia key exchange protocols

Published: 07 July 2009 Publication History

Abstract

An IP-based multimedia communication system can be roughly divided into two planes: a signaling plane and a media plane. The signaling plane provides the necessary functions for setting up, controlling and terminating the multimedia sessions. The media plane provides the support for transporting the media content (audio, video, text or applications).
Security mechanisms in the signaling planes address aspects related to user authentication, authorization or annonymization as well as the protection of the signaling messages against eavesdropping, interception and manipulation. The security aspects relevant to the media plane concern the encrypting of the media traffic as well as the efficient and secure exchange of the necessary keying material.
This paper provides a comparative analysis of the security aspects of the most representative key exchange protocols designed for VoIP communication, namely DTLS, ZRTP, MIKEY and SDES. In this context, the key exchange protocols are described in relation to various authentication mechanisms and signaling plane security. Further, a number of possible attacks against these protocols are investigated and, where applicable, mitigation measures are proposed.

References

[1]
J. Rosenberg et al., SIP: Session Initiation Protocol, RFC3261, June 2002
[2]
H. Schulzrinne et al., RTP: A Transport Protocol for Real-Time Applications, RFC3550, July 2003
[3]
M. Handley, V. Jacobson, C. Perkins, SDP: Session Description Protocol, RFC4566, July 2006
[4]
C. Bormann, Ed., Robust Header Compression (ROHC): Framework and four profiles: RTP, UDP, ESP and uncompressed, RFC3095, July 2001
[5]
T. Koren et al., Enhanced Compressed RTP (CRTP) for Links with High Delay, Packet Loss and Reordering, RFC3545, July 2003
[6]
J. Rosenberg, H. Schulzrinne, An Offer/Answer Model with the Session Description Protocol (SDP), RFC3264, June 2002
[7]
M. Baugher et al., The Secure Real-time Transport Protocol (SRTP), RFC3711, March 2004
[8]
D. McGrew, S. Fluhrer, Attacks on Additive Encryption of Redundant Plaintext and Implications on Internet Security, Selected Areas in Cryptography: 7th Annual International Workshop, SAC 2000. Waterloo, Ontario, Canada, August 2000. Proceedings, pg. 14--28
[9]
F. Andreasen, M. Baugher, D. Wing, Session Description Protocol (SDP) Security Descriptions for Media Streams, RFC4568 July 2006
[10]
J. Arkko, et al., MIKEY: Multimedia Internet KEYing, RFC3830 August 2004
[11]
J. Arkko, et al., Key Management Extensions for Session Description Protocol (SDP) and Real Time Streaming Protocol (RTSP), RFC4567, July 2006
[12]
D. Ignjatic, MIKEY-RSA-R: An Additional Mode of Key Distribution in Multimedia Internet KEYing (MIKEY), RFC4738, November 2006
[13]
M. Euchner, HMAC-Authenticated Diffie-Hellman for Multimedia Internet KEYing (MIKEY), RFC4650 September 2006
[14]
P. Zimmermann, A. Johnston, J. Callas, ZRTP: Media Path Key Agreement for Secure RTP, draft-zimmermann-avt-zrtp-06, March 2009
[15]
D. McGrew, E. Rescola, Datagram Transport Layer Security (DTLS) Extension to Establish Keys for Secure Real-time Transport Protocol (SRTP), draft-ietf-avt-dtls-srtp-07, February 2009
[16]
D. McGrew, E. Rescola, Short Authentication String Extension for DTLS, draft-mcgrew-tls-sas-00, March 2007 (expired)
[17]
D. Wing, Ed., et al., Requirements and analysis of Media Security Management Protocols, RFC5479, April 2009
[18]
T. Ylonen, C. Lonvick, Ed., The Secure Shell (SSH) Authentication Protocol, RFC4252, January 2006
[19]
D. Wing, DTLS-SRTP Key Transport (KTR), draft-wing-avt-dtls-srtp-key-transport-03, March 2009
[20]
J. Peterson, C. Jennings, Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP), RFC4474, August 2006
[21]
J. Elwell, Connected Identity in the Session Initiation Protocol (SIP), RFC4916, June 2007
[22]
T. Dierks, E. Rescola, The Transport Layer Security (TLS) Protocol, RFC5246, August 2008
[23]
J. Hautakorpi, Requirements from SIP (Session Initiation Protocol) Session Border Control Deployments, draft-ietf-sipping-sbc-funcs-08, January 2009
[24]
D. Wing, et al., Secure Media Recording and Transcoding with the Session Initiation Protocol, draft-wing-sipping-srtp-key-04, October 2008
[25]
3GPP Technical Specification Group services and System Aspects, IMS media plane security (Release 8), 3GPP TR 33.828 v1.0.0, March 2009

Cited By

View all

Index Terms

  1. A comparative analysis of the security aspects of the multimedia key exchange protocols

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      IPTComm '09: Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications
      July 2009
      140 pages
      ISBN:9781605587677
      DOI:10.1145/1595637
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      In-Cooperation

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 07 July 2009

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. DoS attack
      2. key exchange protocol
      3. media plane security
      4. real-time IP multimedia communications
      5. signaling plane security

      Qualifiers

      • Research-article

      Conference

      IPTComm '09
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 18 of 62 submissions, 29%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)1
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 19 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2019)End-to-middle-to-end solution for IMS media plane securityElectronic Commerce Research10.1007/s10660-019-09367-219:3(719-746)Online publication date: 1-Sep-2019
      • (2012)A Comprehensive Survey of Voice over IP Security ResearchIEEE Communications Surveys & Tutorials10.1109/SURV.2011.031611.0011214:2(514-537)Online publication date: Oct-2013
      • (2012)Transaction-based authentication and key agreement protocol for inter-domain VoIPJournal of Network and Computer Applications10.1016/j.jnca.2012.02.01035:5(1579-1597)Online publication date: 1-Sep-2012
      • (2011)A Survey and Analysis of Media Keying Techniques in the Session Initiation Protocol (SIP)IEEE Communications Surveys & Tutorials10.1109/SURV.2011.041010.0006413:2(183-198)Online publication date: 2011
      • (2010)A secure and lightweight scheme for media keying in the session initiation protocol (SIP)Principles, Systems and Applications of IP Telecommunications10.1145/1941530.1941535(32-41)Online publication date: 2-Aug-2010
      • (2010)Inter-domain and DoS-resistant call establishment protocol (IDDR-CEP)Principles, Systems and Applications of IP Telecommunications10.1145/1941530.1941534(22-31)Online publication date: 2-Aug-2010
      • (2010)Approach to Identity Card-Based Voice-over-IP AuthenticationProceedings of the 2010 Second International Conferences on Advances in Multimedia10.1109/MMEDIA.2010.30(61-66)Online publication date: 13-Jun-2010
      • (2010)Analysis of token and ticket based mechanisms for current VoIP security issues and enhancement proposalProceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security10.1007/978-3-642-13241-4_15(154-165)Online publication date: 31-May-2010

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media