Media Security at Hochschule der Medien Stuttgart

– delivering media content after session has been negotiated by SIP

– Marking and Synchronising of sent and received
packets by timestamping

– Unique Sequence Numbers in RTP to ensure correct
packet order

– Identification of packet initiator

– Adaption to variable quality of service and bandwiths. Feedback comes via RTCP
– Support Multicast-Sessions

• SIP Digest:
Authentication analogous to HTTP Digest Authentication Method

• SIPS (SIP over TLS): can be deployed if TCP is transport protocol for SIP

– Confidentiality
– Integrity Protection
– Replay Protection
– High Throughput, Low Packet Expansion
– High tolerance against packet loss / packet reorder

• Master Keys are agreed upon independently

• A Master Key Index in the packets points to the Master Key currently in use

• After r packets, new session keys for authentication, and encryption are derived from MK

• The same Master Key is used for max. 248 RTP-packets per session

• Different Streams (Audio/Video) of one session may use the same Master Key

• Different Sessions must use different Master Keys

• MIKEY_PS
– Password based
– Password has to be securely exchanged in beforehand
• MIKEY_PK
– Based on RSA-Public Keys and certificates
• MIKEY_DHSIGN
– signed Diffie-Hellmann-Key Exchange
• MIKEY_DHHMAC
– DH-key exchange authenticated with HMAC

• Advantages
– fast
– computationally lightweight
– short messages
=>Suitable for wireless scenarios and thin devices
• Disadvantages
– Need to exchange secret K in beforehand
– Bob must use Alice‘s choice of TGK

• Advantages
– No secret exchange in beforehand needed
– Envelope key may be used for further key updates
• Disadvantages
– PKI necessary
– verification of certificates may make further messages necessary
– Expensive Message Generation for Initiator
– Bob must use Alice‘s choice of TGK

• Advantages
– No secret exchange in beforehand needed
– Both parties take part in generating TGK
• Disadvantages
– PKI needed
– verification of certificates may make further messages necessary
– Expensive Message Generation for both
– pure P2P protocol, no way to generate a group key

• Advantages
– Both parties take part in generating TGK
– No signatures needed
– No PKI needed
• Disadvantages
– Need to exchange secret K in beforehand
– pure P2P protocol, no way to generate a group key

Data Confidentiality

Group Key Management

Data Source Authentication

Security Policies

– Policies concerning group membership
– Policies concerning security enforcement

• Requirements
– Security
– Efficiency
– Scalability
– Support removing/adding members
• Forward Secrecy
• Backward Secrecy