{"title":"A formal security proof for the ZRTP Protocol","authors":"Riccardo Bresciani, A. Butterfield","doi":"10.1109/ICITST.2009.5402595","DOIUrl":null,"url":null,"abstract":"When some agents want to communicate through a media stream (for example voice or video), the Real Time Protocol (RTP) is used. This protocol does not provide encryption, so it is necessary to use Secure RTP (SRTP) to secure the communication. In order for this to work, the agents need to agree on key material and ZRTP provides them with a procedure to perform this task: it is a key agreement protocol, which relies on a Diffie-Hellman exchange to generate SRTP session parameters, providing confidentiality and protecting against Man-in-the-Middle attacks even without a public key infrastructure or endpoint certificates. This is an analysis of the protocol performed with ProVerif, which tests security properties of ZRTP; in order to perform the analysis, the protocol has been modeled in the applied π-calculus.","PeriodicalId":251169,"journal":{"name":"2009 International Conference for Internet Technology and Secured Transactions, (ICITST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference for Internet Technology and Secured Transactions, (ICITST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICITST.2009.5402595","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 12
Abstract
When some agents want to communicate through a media stream (for example voice or video), the Real Time Protocol (RTP) is used. This protocol does not provide encryption, so it is necessary to use Secure RTP (SRTP) to secure the communication. In order for this to work, the agents need to agree on key material and ZRTP provides them with a procedure to perform this task: it is a key agreement protocol, which relies on a Diffie-Hellman exchange to generate SRTP session parameters, providing confidentiality and protecting against Man-in-the-Middle attacks even without a public key infrastructure or endpoint certificates. This is an analysis of the protocol performed with ProVerif, which tests security properties of ZRTP; in order to perform the analysis, the protocol has been modeled in the applied π-calculus.
当某些业务代表希望通过媒体流(例如语音或视频)进行通信时,使用RTP (Real Time Protocol)。该协议不提供加密,因此有必要使用安全RTP (SRTP)来保护通信。为了使其工作,代理需要就密钥材料达成一致,ZRTP为它们提供了执行此任务的过程:这是一个密钥协议协议,它依赖于Diffie-Hellman交换来生成SRTP会话参数,即使没有公钥基础设施或端点证书,也可以提供机密性并防止中间人攻击。这是对使用ProVerif执行的协议的分析,ProVerif测试ZRTP的安全属性;为了进行分析,在应用π微积分中对该协议进行了建模。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
