Using SIP identity to prevent man-in-the-middle attacks on ZRTP

2008 1st IFIP Wireless Days, WD 2008

Volumn , Issue , 2008, Pages

  Jung, Oliver ^a   Petraschek, Martin ^a   Hoeher, Thomas ^a   Gojmerac, Ivan ^a  

^a TELECOMMUNICATIONS RESEARCH CENTER VIENNA FTW   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

KEY AGREEMENT PROTOCOL; KEY EXCHANGE; KEY EXCHANGE MECHANISM; MAN IN THE MIDDLE ATTACKS; MEDIA STREAMS; PUBLIC-KEY INFRASTRUCTURE; SESSION KEY;

INTERNET PROTOCOLS; INTERNET TELEPHONY; NETWORK ARCHITECTURE; NETWORK SECURITY; PUBLIC KEY CRYPTOGRAPHY; TELECOMMUNICATION NETWORKS;

WIRELESS NETWORKS;

EID: 67649817560     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/WD.2008.4812920     Document Type: Conference Paper

References (13)

1. P. Zimmermann, A. Johnston, and J. Callas, "ZRTP: Media Path Key Agreement for Secure RTP," draft-zimmermann-avt-zrtp-09 (Internet-Draft), Internet Engineering Task Force, September 2008.
2. W. Diffie and M. E. Hellman, "New directions in cryptography," IEEE Transactions on Information Theory, vol. IT-22, no. 6, pp. 644-654, Nov. 1976.
3. J. Peterson and C. Jennings, "Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)," RFC 4474 (Proposed Standard), Aug. 2006. [Online]. Available: http://www.ietf.org/rfc/ rfc4474.txt
4. M. Baugher, D. McGrew, M. Naslund, E. Carrara, and K. Norrman, "The Secure Real-time Transport Protocol (SRTP)," RFC 3711 (Proposed Standard), Mar. 2004. [Online]. Available: http://www.ietf.org/rfc/rfc3711.txt
5. C. Ellison and B. Schneier, "Ten risks of PKI: What you're not being told about public-key infrastructure," Computer Security Journal, vol. 16, no. 1, pp. 1-7, 2000.
6. IETF, RTPSEC Minutes, Proceedings of the 68th Internet Engineering Task Force, Prague, Czech Republic, 2007. [Online]. Available: http://www.ietf.org/proceedings/07mar/minutes/rtpsec.txt
7. F. Andreasen, M. Baugher, and D. Wing, "Session Description Protocol (SDP) Security Descriptions for Media Streams," RFC 4568 (Proposed Standard), Jul. 2006. [Online]. Available: http://www.ietf.org/rfc/rfc4568.txt
8. J. Arkko, E. Carrara, F. Lindholm, M. Naslund, and K. Norrman, "MIKEY: Multimedia Internet KEYing," RFC 3830 (Proposed Standard), Aug. 2004, updated by RFC 4738. [Online]. Available: http://www.ietf.org/rfc/ rfc3830.txt
9. D. McGrew and E. Rescorla, "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for Secure Real-time Transport Protocol (SRTP)," draft-ietf-avt-dtls-srtp-05 (Internet-Draft), Internet Engineering Task Force, September 2008.
10. E. Rescorla and N. Modadugu, "Datagram Transport Layer Security," RFC 4347 (Proposed Standard), Apr. 2006. [Online]. Available: http://www.ietf.org/rfc/rfc4347.txt
11. T. Kivinen and M. Kojo, "More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)," RFC 3526 (Proposed Standard), May 2003. [Online]. Available: http://www.ietf.org/rfc/rfc3526.txt
12. M. Petraschek, T. Hoeher, O. Jung, H. Hlavacs, and W. Gansterer, "A man-in-the-middle attack on ZRTP," in Workshop on Socio-Economic Issues of NGI, Santander, Spain, 2007.
13. ISO/IEC 11770-3, Information Technology Security Techniques Key Management - Part 3: Mechanisms Using Asymmetric Techniques, International Organization for Standardization, Geneva, Switzerland, 1999.