[Serusers] SIP encrypted calls

Cesc Santasusana cesc.santasusana at nl.thalesgroup.com
Mon Feb 28 13:37:19 CET 2005 

Hi,

Full security for SIP calls is well defined, though there are several
ways to go. 

IPSec is always there, though is not very flexible. You can encrypt and
authenticate the signalling and the media. Keys can be either manually
distributed or dinamycally created using a IKE (defined in the IPSec
RFCs).

I would not recommend the use of IPSec in a SIP environment, specially
for the media. For the media (RTP), the Secure RTP (SRTP) protocol is
way better. The overhead added is way smaller than that added to obtain
equivalent protection using IPSec (authenticated ESP). Also, it is
transparent to media proxies: the SRTP headers are only authenticated,
not encrypted; only the body (data) of RTP packet is encrypted; the rest
(UDP headers, RTP headers) are left plain.

The SRTP keys can be obtained in several ways. The old manual keying
method is always there, but there are several other more dynamic. 
* The k= SDP parameter, which sends a key in plain. This means that SDP
needs to be encrypted (S/MIME for end-to-end, or at least TLS on every
hop). BTW, i dont like S/MIME :)
* The newer k-mgmt= SDP parameter. In this parameter, a full protocol
(with embedded authentication and encryption) can be attached as the
value, where the keys and SRTP parameters can be securely exchanged. See
MIKEY (rfc 3830) and the draft on how to transport it over SDP
(draft-ietf-mmusic-kmgmt-ext-xxx, on IETF last call). This provides for
end-to-end negotiation of SRTP keys, and i think it is the best way to
go. MIKEY is very flexible, suitable for several scenarios. 
           In this scenario, using MIKEY over SDP, where MIKEY is
self-protected, it is only left to protect against manipulation of the
SIP message: an attacker removing the MIKEY sdp, thus removing security.
This can be prevented using TLS on a hop-by-hop basis, if all proxies
can be trusted. Again, S/MIME is another option, but i think TLS is
better. S/MIME may prevent proxies of inspecting all headers needed
during the exchange, whereas TLS would not. 

As for support of these features ... i know of one softphone supporting
the SRTP/MIKEY/TLS approach ... minisip (www.minisip.org). It even has
some IPSec support. I've tried, and it works beautifully. The beauty of
MIKEY is that it is end-to-end and transparent to proxies, and the
negotiation is done in just one round-trip, following the offer-answer
SIP model. Very appropriate.

Hope it helps,

Cesc


>>> Nils Ohlmeier <lists at ohlmeier.org> 02/28/05 12:44PM >>>
Hi Klaus,

On Monday 28 February 2005 11:31, Klaus Darilion wrote:
> Nils Ohlmeier wrote:
> > There are clients. See my previous mail. SRTP is completely
transparent
> > for SIP proxies.
>
> How will the clients exchange the key for the RTP encryption? Will it
be
> sent in the SDP? If yes, wouldn't I also need encrypted SIP to hide
the
> RTP key?

Yes the keys will be exchanged within the SDP. So indeed you should
crypt the 
SDP in signaling either by using TLS or S/MIME. Otherwise someone could
read 
the keys from the signaling and decrypt the RTP streams.

Greetings
  Nils

Unclassified
_______________________________________________
Serusers mailing list
serusers at lists.iptel.org 
http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list