skip to main content
10.1145/1941530.1941535acmotherconferencesArticle/Chapter ViewAbstractPublication PagesiptcommConference Proceedingsconference-collections
research-article

A secure and lightweight scheme for media keying in the session initiation protocol (SIP): work in progress

Published: 02 August 2010 Publication History

Abstract

Exchanging keys to encrypt media streams in the Session Initiation Protocol (SIP) has proved challenging. The challenge has been to devise a key transmission protocol that preserves the features of SIP while minimizing key exposure to unintended parties and eliminating voice clipping. We first briefly survey the two IETF SIP media keying protocols -- SDES and DTLS-SRTP -- and evaluate them against a core feature set. We then introduce a novel simple and lightweight scheme to significantly increase the security of SDES SIP keying with minimal overhead costs. Our proposed key exchange involves only one symmetric key operation by sender and receiver and is secure against the Man-in-the-middle attack unless the attacker is able to intercept both the SIP signaling and media plane traffic. Our key exchange scheme is much simpler than DTLS-SRTP; in fact, compared to SDES, it includes only one additional simple step. At the same time, it provides significantly better security than SDES and is only slightly weaker than the non-PKI version of DTLS-SRTP.

References

[1]
F. Andreasen, M. Baugher, and D. Wing. Session Description Protocol (SDP) Security Descriptions for Media Streams. RFC 4568 (Proposed Standard), July 2006.
[2]
J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K. Norrman. MIKEY: Multimedia Internet KEYing. Internet Draft, Aug. 2004.
[3]
N. Asokan, V. Niemi, and K. Nyberg. Man-in-the-middle in tunnelled authentication protocols. In Security Protocols Workshop, pages 28--41, 2003.
[4]
M. Baugher, D. McGrew, M. Naslund, E. Carrara, and K. Norrman. The Secure Real-time Transport Protocol (SRTP). RFC 3711 (Proposed Standard), Mar. 2004. Updated by RFC 5506.
[5]
M. Bellare and P. Rogaway. Entity authentication and key distribution. In Advances in Cryptology -- CRYPTO 93, volume 773 of LNCS, pages 232--249, New York, NY, USA, 1994. Springer-Verlag.
[6]
T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), Aug. 2008. Updated by RFCs 5746, 5878.
[7]
J. Fischl, H. Tschofenig, and E. Rescorla. Framework for Establishing an SRTP Security Context using DTLS, IETF Internet-Draft, Work in Progress, Mar 2009.
[8]
J. Floroiu and D. Sisalem. A Comparitive Analysis of the Security Aspects of the Multimedia Key Exchange Protocols. In Proceedings of the 3rd international conference on Principles, systems and applications of IP telecommunications (IPTComm). ACM, July 2009.
[9]
D. Geneiatakis, A. Dagiouklas, S. Ehlert, G. Kambourakis, C. Lambrinoudakis, D. Sisalem, and S. Gritzalis. Survey of Security Vulnerabilities in SIP. IEEE Communications Tutorials and Surveys, 8(3), October 2006.
[10]
V. Gurbani, S. Lawrence, and A. Jeffrey. Domain Certificates in the Session Initiation Protocol (SIP). RFC 5922 (Proposed Standard), June 2010.
[11]
M. Handley, V. Jacobson, and C. Perkins. SDP: Session Description Protocol. RFC 4566 (Proposed Standard), July 2006.
[12]
V. Kolesnikov and C. Rackoff. Key exchange using passwords and long keys. In Theory of Cryptography, TCC 2006, volume 3876 of LNCS, pages 100--119. Springer, 2006.
[13]
V. Kolesnikov and C. Rackoff. Password mistyping in two-factor-authenticated key exchange. In ICALP (2), pages 702--714, 2008.
[14]
D. McGrew and E. Rescorla. Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP). RFC 5764 (Proposed Standard), May 2010.
[15]
N. Modadugu and E. Rescorla. The Design and Implementation of Datagram TLS. In The 11th Annual Network and Distributed System Security Symposium (NDSS). ISOC, February 2004.
[16]
P. Morrissey, N. P. Smart, and B. Warinschi. A modular security analysis of the tls handshake protocol. In Advances in Cryptology -- ASIACRYPT 2008, volume 5350, pages 55--73, Berlin, Heidelberg, 2008. Springer-Verlag.
[17]
J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler. SIP: Session Initiation Protocol. RFC 3261 (Proposed Standard), June 2002. Updated by RFCs 3265, 3853, 4320, 4916, 5393, 5621, 5626, 5630, 5922, 5954, 6026.
[18]
H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson. RTP: A Transport Protocol for Real-Time Applications. RFC 3550 (Standard), July 2003. Updated by RFCs 5506, 5761, 6051.
[19]
A. Shamir. Identity-based cryptosystems and signature schemes. In CRYPTO, pages 47--53, 1984.
[20]
V. Shoup. On formal models for secure key exchange. Technical Report RZ 3120 (#93166), IBM, 1999.
[21]
F. Wang and Y. Zhang. A new provably secure authentication and key agreement for sip using certificateless public-key cryptography. Computer Communications, 31(10):2142--2149, June 2008.
[22]
D. Wing, F. Audet, S. Fries, H. Tschofenig, and A. Johnston. Secure media recording and transcoding with the session initiation protocol, IETF Internet-Draft, Work in Progress, draft-wing-sipping-srtp-key-04, October 2008.
[23]
D. Wing, S. Fries, H. Tschofenig, and F. Audet. Requirements and Analysis of Media Security Management Protocols. RFC 5479 (Informational), Apr. 2009.
[24]
P. Zimmermann, A. Johnston, and J. Callas. ZRTP media path key agreement for secure RTP, IETF Internet-Draft, Work in Progress, draft-zimmermann-avt-zrtp-17, January 2010.

Cited By

View all
  • (2017)Securing SIP infrastructures with PKI — The analysis2017 15th International Conference on Emerging eLearning Technologies and Applications (ICETA)10.1109/ICETA.2017.8102525(1-8)Online publication date: Oct-2017
  • (2016)Secure proximity-based identity pairing using an untrusted signalling service2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC)10.1109/CCNC.2016.7444914(942-947)Online publication date: Jan-2016
  • (2012)A Comprehensive Survey of Voice over IP Security ResearchIEEE Communications Surveys & Tutorials10.1109/SURV.2011.031611.0011214:2(514-537)Online publication date: Oct-2013

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
IPTComm '10: Principles, Systems and Applications of IP Telecommunications
August 2010
170 pages
ISBN:9781450306317
DOI:10.1145/1941530
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • Technische Universitat Munchen: Technische Universitat Munchen
  • IFIP

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 August 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. DTLS
  2. SDES
  3. SIP
  4. key exchange
  5. media
  6. security

Qualifiers

  • Research-article

Conference

IPTComm '10
Sponsor:
  • Technische Universitat Munchen

Acceptance Rates

IPTComm '10 Paper Acceptance Rate 12 of 50 submissions, 24%;
Overall Acceptance Rate 18 of 62 submissions, 29%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2017)Securing SIP infrastructures with PKI — The analysis2017 15th International Conference on Emerging eLearning Technologies and Applications (ICETA)10.1109/ICETA.2017.8102525(1-8)Online publication date: Oct-2017
  • (2016)Secure proximity-based identity pairing using an untrusted signalling service2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC)10.1109/CCNC.2016.7444914(942-947)Online publication date: Jan-2016
  • (2012)A Comprehensive Survey of Voice over IP Security ResearchIEEE Communications Surveys & Tutorials10.1109/SURV.2011.031611.0011214:2(514-537)Online publication date: Oct-2013

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media