A Rather Incomplete 'Summary' of the Cisco-Ericsson SRTP Paper
Secure Real-time Transport Protocol
- high throughput, low packet expansion
- encryption (cryptographic transforms)
- authentication (key-based)
- a profile of RTP (extension of the RTp Audio/Video Profile)
RTP <----> SRTP <----------> SRTP <----> RTP
<----> denotes "intercept" (different from <---------->)
If AUTHENTICATION FAILURE occurs:
- packet is discarded
- log the event
REPLAY protection:
- packet is replayed when it is stored by an adversary, and then reinjected into the network
- implement a Replay List
Replay List:
- continuously updated with each authenticated packet
- implement using a bitmap
- if a packet is checked to be already in the replay list, discard the packet and log the event
REMINDERS:
*No meeting on Saturday (Wednesday na lang ulit).
*Task 1 -- Create lightweight versions of Encryption (highest priority), Authentication, and Replay Protection for the Java RTP (if possible, use existing security classes); Encryption can be shared key (symmetric), public key based (asymmetric), or hybrid (BEST CHOICE)
*Task 2 -- UIs for Admin (server side) and WAP client
- high throughput, low packet expansion
- encryption (cryptographic transforms)
- authentication (key-based)
- a profile of RTP (extension of the RTp Audio/Video Profile)
RTP <----> SRTP <----------> SRTP <----> RTP
<----> denotes "intercept" (different from <---------->)
If AUTHENTICATION FAILURE occurs:
- packet is discarded
- log the event
REPLAY protection:
- packet is replayed when it is stored by an adversary, and then reinjected into the network
- implement a Replay List
Replay List:
- continuously updated with each authenticated packet
- implement using a bitmap
- if a packet is checked to be already in the replay list, discard the packet and log the event
REMINDERS:
*No meeting on Saturday (Wednesday na lang ulit).
*Task 1 -- Create lightweight versions of Encryption (highest priority), Authentication, and Replay Protection for the Java RTP (if possible, use existing security classes); Encryption can be shared key (symmetric), public key based (asymmetric), or hybrid (BEST CHOICE)
*Task 2 -- UIs for Admin (server side) and WAP client
0 Comments:
Post a Comment
<< Home