issuhub.com

Internet Communications Using SIP : Delivering VoIP and Multimedia Services With Session Initiation Protocol {2Nd Ed.}

(Steven Felgate) #1

optional feature with SRTP and is provided with an authenticated hash or
HMAC. The use of authentication adds an additional 32 or 80 bits to each
SRTP packet. Because of the design of SRTP, the same SRTP master key can be
used to secure both directions of a media session. The same key can also secure
multiple media streams (such as an audio and video stream or two audio
streams).


MIKEY


SRTP keys can be exchanged out of band (for example, shared in a conference
invitation). Or, within a small group, a single key could be shared and used for
calls within the group. For general SIP use, the SRTP key is exchanged via the
SIP signaling. The SDP specification [13] has a k=attribute for transporting a
media key. However, other information must be exchanged with SRTP (such
as the key length, whether an authentication tag is in use, and so on). The Mul-
timedia Internet Keying (MIKEY) protocol [14] has been defined with a profile
for SRTP. It operates in a number of modes. MIKEY messages can be carried in
SDP in a a=key-mgtattribute [15]. MIKEY provides its own integrity and
authentication mechanisms. As a result, MIKEY can be used even if the SDP
does not have confidentiality. However, MIKEY has a number of possible
modes of operation, and the only mandatory mode is the preshared keys
mode—the least useful mode of operation. Additional MIKEY modes have
also been proposed. The result of this is that the complexity and interoperabil-
ity of MIKEY has been a problem. If two UAs both support MIKEY but do not
support the same mode, a secure session will not be established. An example
SIP message is as follows:


v=0

o=alice 2891092738 2891092738 IN IP4 lost.example.com

s=Secret discussion

t=0 0

c=IN IP4 lost.example.com

a=key-mgmt:mikey AQAFgM0XflABAAAAAAAAAAAAAAsAyO...

m=audio 39000 RTP/SAVP 98

a=rtpmap:98 AMR/8000

m=video 42000 RTP/SAVP 31

a=rtpmap:31 H261/90000

In this example, the same key is used for both audio and video sessions. The
use of SRTP is indicated by the use of the Secure Audio Video Profile (SAVP).


SDP Security Descriptions


To overcome some of the complexity issues of MIKEY, the SDP Security
Descriptions have been developed [16]. An a=cryptoSDP attribute carries


SIP Security 167
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.