[VOIPSEC] RTP packet signature

Cesc Santasusana cesc.santasusana at nl.thalesgroup.com
Wed Oct 12 04:55:13 CDT 2005 

I don't know about concrete numbers, but definitely with AES-128 it would take far more than an hour :)
You may be able to guess the keystream for a few starting packets, which may give you the rtp sequence index and ssrc (both used to generate the keystream.
But there is a lot more stuff involved when generating the keystream to be XORd with the rtp packet:
- key (128 bits)
- salt key
- srtp index (keeps count of the number of times the rtp sequence overflows)

I would say using srtp the audio sent is safe for the next few years ... as long as the key management (exchange, storage and so on) is done properly.

Regards,

Cesc

>>> "Hadriel Kaplan" <HKaplan at acmepacket.com> 10/10/05 04:54PM >>>
True enough of snooping the srtp stream looking for repetition, but I'm more
worried about pre-knowing what the first packets contain.  By that I mean at
the beginning of a g711 call there is frequently a multi-second period of
silence, so the plaintext can be reasonably guessed.  So since AES is in
counter mode with a reset of the IV each packet using some values sent in
the clear (ssrc + sequence num), can the salt and key be determined by a
snooper? (not in real-time, but in an hour?)  Or is it still too complex?

-hadriel


-----Original Message-----
From: Cesc Santasusana [mailto:cesc.santasusana at nl.thalesgroup.com] 
Sent: Monday, October 10, 2005 6:03 AM
To: HKaplan at acmepacket.com 
Subject: Re: [VOIPSEC] RTP packet signature



>>> "Hadriel Kaplan" <HKaplan at acmepacket.com> 10/06/05 11:30PM >>>
>Obviously it would be very difficult to decode the codec for playback
>though. (although I wonder how difficult for g711, given all the redundant
>bytes in the codec payload during silence)
>
I would say just as difficult as any other packet (silence or not) 
AES is a good algorithm and the srtp provides for enough variable input to
not
be dependant on the rtp payload only, thus you won't know if it is silence
or not (it will look
random anyway). In any case, the amount of data you'd need to perform any
kind of
analysis would be just too big ... 

Cesc

>-hadriel
Unclassified

More information about the Voipsec mailing list