srtp replay protection
DESCRIPTION
SRTP Replay Protection. A Technical Review of ROC, Cryptographic Context, Indices, and Sliding Windows. Security Measure for SIP. SIPS (or SIP over TLS) Per Hop Encryption of Transport SRTP SRTP End-to-End Protection of M edia Content - PowerPoint PPT PresentationTRANSCRIPT
SRTP Replay ProtectionA Technical Review
of ROC, Cryptographic
Context, Indices, and Sliding
Windows
Security Measure for SIPSIPS (or SIP over TLS) Per Hop Encryption of Transport SRTPSRTP End-to-End Protection of Media
Content Provides Confidentiality, Message
Authentication, and Replay Protection Encryption for Confidentiality Keyed Hash Function for Message
Authentication Counters for Replay Protection
What is a Replay Attack? Packet stored by an adversary,
and then injected back into the network.
Example - storing video of a surveillance camera and injecting it to the monitoring station to avoid surveillance
Message authentication provides integrity but is not enough
Replay Protection Definitions
Sequence Number ROC (Rollover Counter) Cryptographic Context Implicit Index Replay List Sliding Window Algorithm
Sequence Number Sequence Number (SEQNUM) =
16-bits Incremented up to 65,535 (64-
bits) Defined in the SRTP header
SEQNUM in the SRTP Header
ROC (Rollover Counter) 32-Bit Unsigned Counter Number of Times Sequence
Number Reset to Zero (After Passing Through 65,535)
Incremented By “1” When Wrapped
Maintained By SRTP (Not in the Header)
Cryptographic Context SRTP Creates Implicit Index from
Values in the Cryptographic Context
Includes State Information to Define Proper Security Measures
16-bit Sequence Number Also the Highest Received SRTP
Sequence Number
Implicit Index Implicit (Not Carried in the
Packet) ROC + Sequence Number 48-bit (SEQNUM 16 + ROC 32) Per Packet Basis Also Used to Create Session Key
for Encryption and Authentication Index = 2^16 * ROC + SEQNUM
Implicit Index (cont.) Receiver Calculates Implicit Index Determines if Unique Before
Accepting the Packet Only Accepts if Within Sliding
Window Compares Index and Last Index
(contained in Cryptographic Context)
Replay List Maintained Only by Receiver SRTP Has to Provide
Authentication and Replay Protection
Contains Indices of Recently Received and Authenticated SRTP Packets
Sliding WindowDefault Window Size is 64 - If the attacker chooses a sequence number at random, and the window size is 64, there is a 99.9-percent likelihood (1–64/216) that the packet will be discarded
Sliding Window Only packets with index ahead of the
window, or, inside the window but not already received, SHALL be accepted.
Packets with sequence numbers < 64 packets behind the highest-numbered packet will be discarded
Packets > 64 packets ahead of the window are discarded
Discarded if “RECEIVED?” Bit = Set Packets Within the Window Accepted Packets Higher Than the Window Causes It
to Advanced
Sliding Window
Challenges for the Receiver
Receiver’s Window Size (RWS) Packets Arrive Out of Order Sequence Number May Have
Wrapped 32,768 (half of 16 bit) Also Packet Loss and Bit Errors
,
Karen LugoApril 8, 2013CSCI e 139