Author Topic: SRTP rekeying (Read 6115 times)

genesysguru · « **on:** March 28, 2013, 03:46:53 PM »

Anybody care to offer a perspective on this one ....

Is it a valid thing to change the SRTP media encryption keys during a session and signal this using a re-INVITE? In RFC4568 (SDES) there is no exact statement regarding this. In fact section 5.1.4. “Modifying the Session” suggests that this should work: “Once a media stream has been established, it MAY be modified at any time, as described in RFC 3264, Section 8. Such a modification MAY be triggered by the security service, e.g., in order to perform a re-keying or change the crypto-suite. If media stream security using the general security descriptions defined here is still desired, the crypto attribute MUST be included in these new offer/answer exchanges.”

Of course standards and implementation are two different things!

To give this some context, lets assume I have an architecture with SRTP end to end (but no TLS for now). The Customer call comes in and goes to GMS for in queue treatment. An agent comes available and is routed to their IP Phone. GMS is used to play a whisper. The call is put on hold (GMS) and later the call is then transferred to another agent / IP Phone.

In this scenario the SDES keys (crypto=) keeps changing as the SIP endpoint keeps changing. The Customer leg via a SBC also needs to know. Therefore the SBC needs to be re-INVITED with the new keys.

In my mind this is no different to mid call renegotiation if the codec on the Customer end changed for some reason.

Views?

genesysguru · « **Reply #1 on:** March 30, 2013, 10:23:04 AM »

21 views and 0 replies ... this must be difficult!

cavagnaro · « **Reply #2 on:** March 30, 2013, 06:19:45 PM »

I'm curious...I like to read all posts and learn waiting for answers too

genesysguru · « **Reply #3 on:** March 31, 2013, 12:22:45 PM »

I currently have the same question with ACME and also two IP Phone vendors .... will let you know!

bublepaw · « **Reply #4 on:** April 02, 2013, 11:20:07 AM »

One of main features of SRTP protocol based on original RFC is

"In addition, the key derivation can be configured to periodically refresh the session keys, which limits the amount of ciphertext produced by a fixed key, available for an adversary to cryptanalyze."

so SRTP implementation should support it. If this is reINVITE or UPDATE it is different story.

genesysguru · « **Reply #5 on:** April 02, 2013, 02:14:49 PM »

Pawel,

I was waiting for your input. Unfortuately this is a re-INVITE back to the SBC since UA-A has change to UA-B ....

smile · « **Reply #6 on:** April 02, 2013, 03:40:28 PM »

[quote author=genesysguru link=topic=7739.msg33514#msg33514 date=1364912089]
Pawel,

I was waiting for your input. Unfortuately this is a re-INVITE back to the SBC since UA-A has change to UA-B ....
[/quote]

genesysguru, what if set call recording on MCP? it may be not suitable for production, but just for testing purpose...

genesysguru · « **Reply #7 on:** April 02, 2013, 09:11:40 PM »

Smile,

Thanks for the suggestion. At the end of the day this *should* be a simple SRTP scenario where the endpoints and hence SRTP crypto keys change as UA B changes. I suspect in reality this is a bit more complex!

We have the opportunity to effectively configure a B2BUA between the Customer (UA A) and IP Phone / Genesys endpoints (UA B) to mask these changes. This might be the only solution.

Regards

Genesys CTI User Forum

News:

Author Topic: SRTP rekeying (Read 6115 times)

genesysguru

SRTP rekeying

genesysguru

Re: SRTP rekeying

cavagnaro

Re: SRTP rekeying

genesysguru

Re: SRTP rekeying

bublepaw

Re: SRTP rekeying

genesysguru

Re: SRTP rekeying

smile

Re: SRTP rekeying

genesysguru

Re: SRTP rekeying