DTLS
The Datagram TLS(DTLS) [17] transport protocol has been recently standard-
ized in the IETF. DTLS adapts the TLS protocol to work over a datagram trans-
port such as UDP (User Datagram Protocol). As such, it offers many of the
advantages of TLS (such as confidentiality, hop-by-hop encryption, and
mutual authentication using certificates but without requiring TCP transport).
For many communications systems, it is desirable to continue to use UDP
transport instead of TCP.
Extensions to SIP to allow the use of DTLS transport will likely be standard-
ized. Also, the use of DTLS transport for RTP has been proposed [18]. If RTP
over DTLS is combined with a way to use certificates in UAs, this could pro-
vide good authentication for media and signaling sessions, even in peer-to-
peer modes.
ZRTP
ZRTP [19] is a new extension to RTP to add integrated key management and
SRTP, making it a stand-alone protocol. No longer is there a need to exchange
an SRTP master secret out-of-band or in the signaling path. ZRTP does this by
performing a Diffie-Hellman key agreement in RTP packets, using RTP’s
header extension mechanism. To avoid having to utilize certificates for
authentication and to prevent man-in-the-middle (MitM) attacks, ZRTP uses a
retained shared secret from previous calls. This is similar to the way that the
SSH protocol [20] allows a “leap of faith” mode in which the host key is
accepted on the first session, then cached for future sessions. In ZRTP, end-
points authenticate each other by retaining and using a secret from a previous
ZRTP session. In addition, it is possible to use a spoken voice authentication
digest string to prevent a Diffie-Hellman MitM attack.
ZRTP provides better confidentiality than SRTP and SDP Session Descrip-
tions, in which the SRTP master key is available to proxy servers in the path. It
provides better interoperability than MIKEY with its many modes and reliance
on certificates. It is also simpler to implement in a backward-compatible way
than the other approaches. ZRTP simply falls back to RTP when Hello ZRTP
messages do not receive a response.
Summary
The mechanisms in this chapter describe how to secure SIP. However, the ulti-
mate security of a device or service is not achieved by securing a single proto-
col. Rather, it involves a complete system.
SIP Security 169