[VOIPSEC] Actual Attacks
Johan Bilien
bilien at imit.kth.se
Mon Feb 28 10:48:40 CST 2005
Le samedi 26 février 2005 à 16:31 +0800, Simon Horne a écrit :
> With reference to the above product, more than ever vendors have to
> seriously consider Media Encryption with a Handshake technique which foils
> these types of "wire taps". Methods such as Single Use Diffie Hellman
> generated half key pairs (with 1 half encrypted) as used in TLS on a
> seperate secure channel is an excellent method to stop the "Man in the
> Middle" from being able to decrypt the voice traffic. They may be able to
> capture to .wav the contents of the conversation but it would be complete
> garbage. Each conversation or part of conversations are encrypted
> differently so the 'tapper' has to use repeated blunt force attacks to
> access the entire conversation. If a large Diffie Hellman "Prime" length is
> used (> 1536bits) and a high quality cipher (say AES256), makes it almost
> impossible for all but the the most serious 'tapper' to access.
This is pretty much what the duet MIKEY (RFC3830) / SRTP (RFC3711) tries
to provide. This is implemented in minisip (www.minisip.org), hopefully
other implementations will follow. MIKEY provides a signed D-H exchange
during the call setup (included in the SDP offer/answer), and SRTP uses
the resulting key to encrypt the RTP payload.
Regards,
Johan.
More information about the Voipsec
mailing list