[VOIPSEC] Incorrect decryption monitoring feature
Geoff Devine
gdevine at cedarpointcom.com
Mon Sep 25 07:41:30 CDT 2006
Hello Laurent,
Typically, the media stream would be running both encryption and
authentication. If the master key is not correct or, in the case of
SRTP, if you somehow lose count of the number of times the RTP sequence
number has wrapped, you will get an authentication failure and discard
the RTP packet before you ever decrypt it.
If you are not running authentication on the media stream, I do not
believe you can tell that you are decrypting improperly and you'll blast
white noise at your user. Moral of the story: "If you encrypt, you must
also authenticate."
Best,
Geoff Devine
Chief Architect
Cedar Point Communications
----------------------------------------------------------------------
Hi Gents,
Is anyone aware of a feature on Secure IP phones which checks the
decryption payload ?
In case of incorrect decryption (Master keys are not correct for
example),
this feature would replace the ?white noise? due to bad decryption by a
more pleasant sample pattern.
Thanks for your answers.
Regards/Salutations,
Laurent PILATI
Tel. + 33 (0) 4 93 00 69 34
Design Center
Mindspeed Technologies France
------------------------------
More information about the Voipsec
mailing list