h.235 authentication, integrity and encryption adi regev sr. director sales engineering &...
TRANSCRIPT
H.235Authentication, Integrity and Encryption
Adi RegevSr. DirectorSales Engineering &Customer Support
2
OverviewOverviewH.235H.235
3
H.235 Annex DH.235 Annex D
Baseline Security Profile (H.323V4 Scope)
Provides Authentication or/and Integrity
Hop-by-hop processing
Password based security
Shared Secret-Key
Digest (Hashing) Algorithm - HMAC-SHA1-96
4
(Voice) Encryption Security Profile (Voice) Encryption Security Profile
Applicable for any RTP Stream
Depends on (part of) H.235 Annex D
Uses DH (Diffie-Hellman) secret key for session keys distribution
Mechanism for Session-Key update and synchronization
Encryption Algorithms - DES, Triple DES, RC2
Anti-Spamming protection
5
H.235 Annex EH.235 Annex E
Provides Authentication or/and Integrity
Signature Profile – Public Key Infrastructure (PKI)
Certificate Based Security
Scalable - applicable for “Global” IP Telephony
Hop-by-Hop and End-to-End security
Digest Algorithms - MD5 or SHA1 signatures
6
H.235v3 Annex FH.235v3 Annex F
Hybrid Security Profile
Uses Annex E signatures (when required)
Uses Annex D otherwise
More secure than Annex D
More lightweight than Annex E
Scalable - Applicable for “Global” IP telephony
7
StatusStatusH.235H.235
8
H.235 StatusH.235 Status
The Good News…
RADVISION ECS supports H.235 Annex D (Basic Profile) Authentication and Integrity
On the roadmap - Encryption and Annex E
The Bad News…
No Multimedia Endpoints (to date) support H.235
Some are working on it or provide proprietary authentication
Workarounds exists – Pre-Defining EP’s, Using LDAP for authentication, etc.
www.radvision.com