Hi,
Full security for SIP calls is well defined, though there are several ways to go.
IPSec is always there, though is not very flexible. You can encrypt and authenticate the signalling and the media. Keys can be either manually distributed or dinamycally created using a IKE (defined in the IPSec RFCs).
I would not recommend the use of IPSec in a SIP environment, specially for the media. For the media (RTP), the Secure RTP (SRTP) protocol is way better. The overhead added is way smaller than that added to obtain equivalent protection using IPSec (authenticated ESP). Also, it is transparent to media proxies: the SRTP headers are only authenticated, not encrypted; only the body (data) of RTP packet is encrypted; the rest (UDP headers, RTP headers) are left plain.
The SRTP keys can be obtained in several ways. The old manual keying method is always there, but there are several other more dynamic. * The k= SDP parameter, which sends a key in plain. This means that SDP needs to be encrypted (S/MIME for end-to-end, or at least TLS on every hop). BTW, i dont like S/MIME :) * The newer k-mgmt= SDP parameter. In this parameter, a full protocol (with embedded authentication and encryption) can be attached as the value, where the keys and SRTP parameters can be securely exchanged. See MIKEY (rfc 3830) and the draft on how to transport it over SDP (draft-ietf-mmusic-kmgmt-ext-xxx, on IETF last call). This provides for end-to-end negotiation of SRTP keys, and i think it is the best way to go. MIKEY is very flexible, suitable for several scenarios. In this scenario, using MIKEY over SDP, where MIKEY is self-protected, it is only left to protect against manipulation of the SIP message: an attacker removing the MIKEY sdp, thus removing security. This can be prevented using TLS on a hop-by-hop basis, if all proxies can be trusted. Again, S/MIME is another option, but i think TLS is better. S/MIME may prevent proxies of inspecting all headers needed during the exchange, whereas TLS would not.
As for support of these features ... i know of one softphone supporting the SRTP/MIKEY/TLS approach ... minisip (www.minisip.org). It even has some IPSec support. I've tried, and it works beautifully. The beauty of MIKEY is that it is end-to-end and transparent to proxies, and the negotiation is done in just one round-trip, following the offer-answer SIP model. Very appropriate.
Hope it helps,
Cesc
Nils Ohlmeier lists@ohlmeier.org 02/28/05 12:44PM >>>
Hi Klaus,
On Monday 28 February 2005 11:31, Klaus Darilion wrote:
Nils Ohlmeier wrote:
There are clients. See my previous mail. SRTP is completely
transparent
for SIP proxies.
How will the clients exchange the key for the RTP encryption? Will it
be
sent in the SDP? If yes, wouldn't I also need encrypted SIP to hide
the
RTP key?
Yes the keys will be exchanged within the SDP. So indeed you should crypt the SDP in signaling either by using TLS or S/MIME. Otherwise someone could read the keys from the signaling and decrypt the RTP streams.
Greetings Nils
Unclassified _______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers