{"title":"Using SIP identity to prevent man-in-the-middle attacks on ZRTP","authors":"O. Jung, M. Petraschek, T. Hoeher, I. Gojmerac","doi":"10.1109/WD.2008.4812920","DOIUrl":null,"url":null,"abstract":"In this paper we present an architecture and associated protocol extensions for securing the media stream of a VoIP session. We make use of ZRTP which is a key agreement protocol that allows two parties to agree upon a secret session key over the media path. Because ZRTP is based on the popular Diffie-Hellmann key exchange mechanism it is inherently vulnerable to man-in-the-middle (MITM) attacks. Although ZRTP offers a mechanism for the prevention of MITM attacks, a sophisticated attacker might be able to launch a successful attack in certain scenarios. We describe an approach that provides authentic cryptographic parameters for ZRTP without sacrificing the independence from a user-level Public Key Infrastructure (PKI). We propose to use the mechanisms provided by RFC 4474 (SIP Identity) to ensure the identity of the parties involved in an ZRTP key exchange.","PeriodicalId":247938,"journal":{"name":"2008 1st IFIP Wireless Days","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 1st IFIP Wireless Days","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WD.2008.4812920","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
In this paper we present an architecture and associated protocol extensions for securing the media stream of a VoIP session. We make use of ZRTP which is a key agreement protocol that allows two parties to agree upon a secret session key over the media path. Because ZRTP is based on the popular Diffie-Hellmann key exchange mechanism it is inherently vulnerable to man-in-the-middle (MITM) attacks. Although ZRTP offers a mechanism for the prevention of MITM attacks, a sophisticated attacker might be able to launch a successful attack in certain scenarios. We describe an approach that provides authentic cryptographic parameters for ZRTP without sacrificing the independence from a user-level Public Key Infrastructure (PKI). We propose to use the mechanisms provided by RFC 4474 (SIP Identity) to ensure the identity of the parties involved in an ZRTP key exchange.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
