DTLS-SRTP Key Transport (KTR) AVT Working Group - - PowerPoint PPT Presentation

dtls srtp key transport ktr
SMART_READER_LITE
LIVE PREVIEW

DTLS-SRTP Key Transport (KTR) AVT Working Group - - PowerPoint PPT Presentation

Mar 17, 2024 358 likes •480 views

DTLS-SRTP Key Transport (KTR) AVT Working Group draft-wing-avt-dtls-srtp-key-transport-03 Dan Wing, dwing@cisco.com IETF74, San Francisco, March 2009 draft-wing-avt-dtls-srtp-key-transport-03 1 Status Third presentation to AVT

slide-1
SLIDE 1

IETF74, San Francisco, March 2009 draft-wing-avt-dtls-srtp-key-transport-03 1

AVT Working Group draft-wing-avt-dtls-srtp-key-transport-03

Dan Wing, dwing@cisco.com

DTLS-SRTP Key Transport (“KTR”)

slide-2
SLIDE 2

IETF74, San Francisco, March 2009 draft-wing-avt-dtls-srtp-key-transport-03 2

Status

  • Third presentation to AVT
  • Changes since -02 (presented in Dublin)

– Added EKT support

  • To transport EKT_KEY and related information

– Removed Logical Key Hierarchy (LKH) per WG feedback

slide-3
SLIDE 3

IETF74, San Francisco, March 2009 draft-wing-avt-dtls-srtp-key-transport-03 3

Key Transport Overview (1/3)

  • Efficient SRTP operation for unicast audio
  • r video conferencing

– Avoids re-keying SRTP packets for each listener

  • and multicasted SRTP

Speaker 1 Speaker 2 mixer Listener 1 Listener 2 Listener 3 Key=B Key=A Key=C Speaker 1 Speaker 2

slide-4
SLIDE 4

IETF74, San Francisco, March 2009 draft-wing-avt-dtls-srtp-key-transport-03 4

Without Key-Transport: CPU intensive in one direction (2/3)

Security Descriptions endpoint SBC DTLS-SRTP endpoint a=crypto=AAA DTLS-SRTP handshake a=crypto=BBB SRTP packet, key=AAA (Authenticate, Decrypt, Encrypt, HMAC) SRTP packet, key=CCC SRTP packet, key=BBB SRTP packet, key=BBB (do nothing) Key=BBB, CCC

slide-5
SLIDE 5

IETF74, San Francisco, March 2009 draft-wing-avt-dtls-srtp-key-transport-03 5

With Key-Transport: CPU efficient (3/3)

Security Descriptions endpoint SBC DTLS-SRTP-KTR endpoint a=crypto=AAA DTLS-SRTP-KTR handshake a=crypto=BBB SRTP packet, key=AAA SRTP packet, key=AAA SRTP packet, key=BBB SRTP packet, key=BBB (do nothing) new_srtp_key=AAA (do nothing) Key=BBB, CCC

slide-6
SLIDE 6

IETF74, San Francisco, March 2009 draft-wing-avt-dtls-srtp-key-transport-03 6

Relationship to EKT

  • DTLS-SRTP-Key-Transport can send

EKT_Key (and related information)

  • EKT can then perform SRTP re-keying
  • EKT is even more efficient than DTLS-

SRTP-Key-Transport for group keying

– EKT are sent as RT(C)P packets – Arrive at same hosts running RT(C)P

  • … But, EKT is additional engineering effort

draft-mcgrew-srtp-ekt-04

slide-7
SLIDE 7

IETF74, San Francisco, March 2009 draft-wing-avt-dtls-srtp-key-transport-03 7

Backup Slides

slide-8
SLIDE 8

IETF74, San Francisco, March 2009 draft-wing-avt-dtls-srtp-key-transport-03 8

Point to Multipoint using RFC3550 Mixer Model

  • Transport one SRTP key, inside of the

per-listener DTLS session, to legitimate listeners

Speaker 1 Speaker 2 mixer Listener 1 Listener 2 Listener 3 Key=B Key=A Key=C Speaker 1 Speaker 2

slide-9
SLIDE 9

IETF74, San Francisco, March 2009 draft-wing-avt-dtls-srtp-key-transport-03 9

Point to Multipoint using Video Switching MCUs

  • Transport speaker’s keys to listeners
  • SRTP packets not encrypted/decrypted by

switcher

Speaker 1 (active speaker) Speaker 2 Switcher Listener 1 Listener 2 Listener 3 Key=B Key=A Key=A Speaker 1 Key=B Speaker 2

slide-10
SLIDE 10

IETF74, San Francisco, March 2009 draft-wing-avt-dtls-srtp-key-transport-03 10

Point to Multipoint using Multicast

1. Each listener establishes unicast DTLS-SRTP session with speaker 2. Speaker uses DTLS-SRTP Key Transport to tell every listener the same SRTP key 3. (not shown) SRTP packets multicasted

speaker Listener 1 Listener 2 Listener 3 DTLS-SRTP, transport speaker’s SRTP key=A