sdp security descriptions for media streams
play

SDP Security Descriptions for Media Streams < - PowerPoint PPT Presentation

Aug 09, 2023 •253 likes •414 views

SDP Security Descriptions for Media Streams < draft-ietf-mmusic-sdescriptions-00.txt> Mark Baugher Dan Wing - Cisco Systems - Overview Brief overview of Session Description Protocol Rationale & Requirements End-to-end vs

  1. SDP Security Descriptions for Media Streams < draft-ietf-mmusic-sdescriptions-00.txt> Mark Baugher Dan Wing - Cisco Systems -

  2. Overview • Brief overview of Session Description Protocol • Rationale & Requirements – End-to-end vs Hop-by-hop uses – Comparison with existing and nascent standards • Security descriptions – Session descriptors vs. media descriptors – Syntax • Next steps This is an mmusic work item that we want evaluated in both transport and security areas. SDP Security Descriptions 2

  3. Session Description Protocol v=0 • Describes o=mhandley 2890844526 2890842807 IN IP4 126.16.64.4 multimedia sessions s=SDP Seminar i=A Seminar on the session • Uses textual description protocol descriptions u=http://www.cs.ucl.ac.uk/sdp.03.ps e=mjh@isi.edu (Mark Handley) • Two “ parts ” c=IN IP4 224.2.17.12/127 t=2873397496 2873404696 – Session-level a=recvonly m=audio 49170 RTP/AVP 0 description m=video 51372 RTP/AVP 31 – Media-entry level m=application 32416 udp wb a=orient:portrait description SDP Security Descriptions 3

  4. SDP Session-level descriptions v=0 Apply to all media entries • o=mhandley 2890844526 2890842807 – Version (v) IN IP4 126.16.64.4 – Origin (o) s=SDP Seminar – Session name (s) i=A Seminar on the session description protocol – URI content (u) u=http://www.cs.ucl.ac.uk/sdp.03.ps – Contact info (e) (p) e=mjh@isi.edu (Mark Handley) – Session times (t) c=IN IP4 224.2.17.12/127 Apply to session or media • t=2873397496 2873404696 levels a=recvonly m=audio 49170 RTP/AVP 0 – Connection (c) m=video 51372 RTP/AVP 31 – Bandwidth (b) m=application 32416 udp wb – Attribute (a) a=orient:portrait – Keys (k) – And others … SDP Security Descriptions 4

  5. SDP Media Entries v=0 Session level starts at • o=mhandley 2890844526 2890842807 v= and ends at m= IN IP4 126.16.64.4 s=SDP Seminar • Media level begins at i=A Seminar on the session first m= description protocol u=http://www.cs.ucl.ac.uk/sdp.03.ps Each m= starts a new • e=mjh@isi.edu (Mark Handley) media entry c=IN IP4 224.2.17.12/127 m= < media> t=2873397496 2873404696 a=recvonly < port> m=audio 49170 RTP/AVP 0 < transport> m=video 51372 RTP/AVP 31 m=application 32416 udp wb < fmt list> a=orient:portrait SDP Security Descriptions 5

  6. SDP Encryption Keys (k= ) v=0 • At session or media level o=mbaugher 12 12 IN IP4 12.224.88.17 k= < method> s=SDP Descriptions for SRTP i=Talk about using SDP for SRTP keys k= < method> < encryption key> u=http://people.cisco.com/mbaugher • Method can be e=mbaugher@cisco.com (Mark Baugher) – clear c=IN IP4 224.2.17.12/127/3 t=2873397496 2873404696 – base64 k=(base64)vg&T+)xG7@fb5j/,jaA}\|p0%* – uri m=audio 49170 RTP/SAVP 0 – Prompt m=video 51372 RTP/SAVP 31 m=application 32416 udp/ipsec-esp wb • Not suitable for SRTP k=(base64)gAe>=?#fQzo4jeI.:](:-)97kV – SRTP key is unique a=orient:portrait Probably for others, too • SDP Security Descriptions 6

  7. Rationale for this Work 1. Overcomes limitations of k= Enables SRTP, TLS, … signaling in SDP • 2. Leverages “ existing ” infrastructure SDP used to signal media sessions • TLS or IPsec offers signaling protection • Absence of a global PKI • Security descriptions complements the keymgt-extensions for environments where SDP message is secure (e.g. TLS, IPsec). SDP Security Descriptions 7

  8. Comparison with SDP k= Line A cryptographic key 1. Has descriptors … Parameters describing the key • Parameters describing the crypto session • 2. And structure SRTP master salt and master key • 3. And session or media-level parameters k= defines only structure, not parameters k= can be extended with a method but no provision is made for descriptors and complicated session and media-level semantics. SDP Security Descriptions 8

  9. SDP Signaling: Secure End-End Channel Signaling IPsec/TLS Sender Receiver SRTP bearer SDP Security Descriptions 9

  10. SDP Signaling: Hop-by-Hop Channels Signaling IPsec/TLS Signaling Controller Controller Network B IPsec/TLS IPsec/TLS Network C Network A SRTP bearer Receiver Sender SDP message (e.g. SIP/SDP) travels multiple hops e.g. networks a, b, and c encrypted/authenticated Not end-end, security as good as weakest link MMUSIC key-mgt approach does not suffer from this SDP Security Descriptions 10

  11. Comparison with key-mgt Line • Key mgt extensions • Security descriptions – Supports AKE – No AKE – Uses encrypted blob – Textual SDP parms • New key-mgt stmt • Extends k= statement • Conveys a key mgt • SDP secured with TLS, protocol message IPsec, … – Provides end-to-end – May not provide end-to- security end security – As secure as the key – As secure as hop-by-hop management protocol data security protocol – Additional latency – No additional latency SDP Security Descriptions 11

  12. Transport-Specific vs. Generic • K= & key-mgt are transport-generic • Sdescriptions seeks to be as generic – A framework for security transports – Parameters are generic to the transports – Parameter values are transport specific • But do not operate at SDP session level – Complicated interactions with transport- session parameters SDP Security Descriptions 12

  13. SDP Security Descriptions a=crypto:<crypto-suite> <application> <key> [<session>] An SDP attribute with 4 parameters – Crypto-suite = value (e.g. SRTP: AES-CTR-HMAC-SHA1-80) – application = sub-protocol (e.g. SRTP or SRTCP) – Key has two incarnations uri: absolute-uri inline: transport-specific-key-descriptor – Session is transport-specific session parameters (e.g. SRTP: unencrypted srtp, FEC order, etc. ) SDP Security Descriptions 13

  14. An SRTP Example v=0 o=jdoe 2890844526 2890842807 IN IP4 10.47.16.5 s=SDP Seminar i=A Seminar on the session description protocol u=http://www.example.com/seminars/sdp.pdf e=j.doe@example.com (Jane Doe) c=IN IP4 224.2.17.12/127 t=2873397496 2873404696 a=recvonly m=video 51372 RTP/SAVP 31 a=crypto:AES_CM_128_HMAC_SHA1_80 both inline:16/14/d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj/2^20/1:32 m=audio 49170 RTP/SAVP 0 a=crypto:AES_CM_128_HMAC_SHA1_32 srtp inline:16/14/NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj/2^20/1:32 a=crypto:AES_CM_128_HMAC_SHA1_80 srtcp inline:16/14/eZkBkQythOTg3NjU0MSEzMDMyMT01NDg5N2RlRkF/2^20/1:32 m=application 32416 udp wb SDP Security Descriptions 14 a=orient:portrait

  15. Next Steps • Fix known errors – SDP direction attribute ambiguities • Add missing pieces – Generalize Offer/Answer – Generalize to transports beyond RTP/SAVP • Get implementation experience • Report back to next mmusic meeting SDP Security Descriptions 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

H.245 Control Signaling Used between session participants to establish and control media

H.245 Control Signaling Used between session participants to establish and control media

H.245 Control Signaling Used between session participants to establish and control media streams Agree on the media formats and bandwidth Multiplexing multiple media streams No actual media A generic protocol for the control of

516 views • 28 slides
Imagine: Media Processing with Streams Brucek Khailany et al. and a little bit of Evaluating

Imagine: Media Processing with Streams Brucek Khailany et al. and a little bit of Evaluating

Imagine: Media Processing with Streams Brucek Khailany et al. and a little bit of Evaluating the Imagine Stream Architecture Jung Ho Ahn et al. Presented by Dan Amelang Background Digital media processing has become pervasive

177 views • 14 slides
Scalable Scheduling Support for Loss and Delay Constrained Media Streams Richard West, Karsten

Scalable Scheduling Support for Loss and Delay Constrained Media Streams Richard West, Karsten

Scalable Scheduling Support for Loss and Delay Constrained Media Streams Richard West, Karsten Schwan &amp; Christian Poellabauer Georgia Institute of Technology Rich West (1999) Introduction Real-Time media servers need to support 100s

440 views • 28 slides
crafting effective descriptions for print , social media , and the web Tracy McPeck Prince William

crafting effective descriptions for print , social media , and the web Tracy McPeck Prince William

crafting effective descriptions for print , social media , and the web Tracy McPeck Prince William Public Library System why be concise ? The internet has changed our reading habits . We skim instead of reading . Our attention spans have shortened

416 views • 14 slides
A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic

A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic

A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic Tejmani Sinam, Irengbam Tilokchan Singh, Sukumar Nandi Pradeep Lamabam, Ngasham Nandarani Devi Department of Computer Science and Engineering,

231 views • 6 slides
CSE 143 Streams as C++ Classes Streams are C++ classes Streams have lots of built-in

CSE 143 Streams as C++ Classes Streams are C++ classes Streams have lots of built-in

CSE 143 Streams as C++ Classes Streams are C++ classes Streams have lots of built-in methods We use the . syntax to access member More Stream I/O functions, as usual. inFile.get(ch); // get a character outFile.put(ch); //

209 views • 3 slides
Security in the age of social media Exploring the benefits and security risks Please note the

Security in the age of social media Exploring the benefits and security risks Please note the

Sponsored by Security in the age of social media Exploring the benefits and security risks Please note the audio line will remain silent until 5 minutes before the webcast commences. Join our expert panel to discuss your security issues

481 views • 24 slides
Spec status W3C IETF WebRTC 1.0 CR JSEP RFC Media Capture and Streams CR Data Channel

Spec status W3C IETF WebRTC 1.0 CR JSEP RFC Media Capture and Streams CR Data Channel

Spec status W3C IETF WebRTC 1.0 CR JSEP RFC Media Capture and Streams CR Data Channel ~RFC Identifiers for WebRTC's Statistics WD RTP Usage ~RFC Transports ~RFC Audio/Video codecs RFC Requirements RFC JavaScript APIs - 2

280 views • 11 slides
- http://pothosware.com/ Interesting features Feedback loops Polymorphic streams

- http://pothosware.com/ Interesting features Feedback loops Polymorphic streams

- http://pothosware.com/ Interesting features Feedback loops Polymorphic streams Signals slots Remote topologies Live reconfiguration Object introspection Block registration Block descriptions

240 views • 10 slides
Adaptive Routing of QoS-Constrained Media Streams over Scalable Overlay Topologies Gerald Fry

Adaptive Routing of QoS-Constrained Media Streams over Scalable Overlay Topologies Gerald Fry

Adaptive Routing of QoS-Constrained Media Streams over Scalable Overlay Topologies Gerald Fry and Richard West Boston University Boston, MA 02215 {gfry,richwest}@cs.bu.edu Computer Science Introduction Computer Science Internet growth

407 views • 28 slides
The SDP Content Attribute draft-ietf-mmusic-sdp-media-content-02.txt Jani.Hautakorpi@ericsson.com

The SDP Content Attribute draft-ietf-mmusic-sdp-media-content-02.txt Jani.Hautakorpi@ericsson.com

The SDP Content Attribute draft-ietf-mmusic-sdp-media-content-02.txt Jani.Hautakorpi@ericsson.com The Idea Screen Speakers image Presentation slides Sign Similar language media streams Media Client Server Application Status of

616 views • 3 slides
Stream Bank Stabilization in Open Space Streams in open space There are approximately 35

Stream Bank Stabilization in Open Space Streams in open space There are approximately 35

Stream Bank Stabilization in Open Space Streams in open space There are approximately 35 miles of streams that flow through Open Space. The streams range in size from small head water streams to the Middle Patuxent River. Streams

349 views • 30 slides
Data Streams Many large sources of data are generated as streams of updates: IP Network

Data Streams Many large sources of data are generated as streams of updates: IP Network

Summarizing and Mining Skewed Data Streams Graham Cormode cormode@bell-labs.com Flip Korn, S. Muthukrishnan, Divesh Srivastava Data Streams Many large sources of data are generated as streams of updates: IP Network traffic data Text:

485 views • 44 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Data Streams Many large sources of data are generated as streams of updates: IP Network

Data Streams Many large sources of data are generated as streams of updates: IP Network

Summarizing and Mining Skewed Data Streams Graham Cormode cormode@bell-labs.com S. Muthukrishnan muthu@cs.rutgers.edu Data Streams Many large sources of data are generated as streams of updates: IP Network traffic data Text: email/

535 views • 20 slides
Chapter 8 Dataflow Descriptions in VHDL 1 benyamin@mehr.sharif.edu Dataflow Description

Chapter 8 Dataflow Descriptions in VHDL 1 benyamin@mehr.sharif.edu Dataflow Description

Chapter 8 Dataflow Descriptions in VHDL 1 benyamin@mehr.sharif.edu Dataflow Description Its between structural and behavioral descriptions Descriptions at this level specify the flow of data through the registers and busses of a

753 views • 51 slides
3D Rotation-Invariant Description from Tensor Operation on Spherical HOG Field Kun Liu 1 , 3

3D Rotation-Invariant Description from Tensor Operation on Spherical HOG Field Kun Liu 1 , 3

Motivations and Proposal Spherical HOG Regional Description Experiment and Application Conclusion 3D Rotation-Invariant Description from Tensor Operation on Spherical HOG Field Kun Liu 1 , 3 Henrik Skibbe 1 , 3 Thorsten Schmidt 1 , 3 Thomas

562 views • 32 slides
Descriptors Unix processes use descriptors to reference I/O Local File Systems in UNIX

Descriptors Unix processes use descriptors to reference I/O Local File Systems in UNIX

Operating Systems, fall 2002 Descriptors Unix processes use descriptors to reference I/O Local File Systems in UNIX streams; Descriptors are small unsigned integers; Lior Amar, Descriptors are obtained from system calls open(),

753 views • 7 slides
Trinity College London Operations Team - Webinar Guidance for ESOL tutors giving Centre

Trinity College London Operations Team - Webinar Guidance for ESOL tutors giving Centre

Trinity College London Operations Team - Webinar Guidance for ESOL tutors giving Centre Assessment Grades for Speaking and Listening. Welcome the webinar will start at 16:00 You will not hear or see the presenter until 16:00 A

255 views • 22 slides
6.869 Advances in Computer Vision Prof. Bill Freeman March 3, 2005 Image and shape descriptors

6.869 Advances in Computer Vision Prof. Bill Freeman March 3, 2005 Image and shape descriptors

6.869 Advances in Computer Vision Prof. Bill Freeman March 3, 2005 Image and shape descriptors Affine invariant features Comparison of feature descriptors Shape context Readings: Mikolajczyk and Schmid; Belongie et al Matching

1.18k views • 90 slides
Model reduction for port-Hamiltonian differential-algebraic systems Volker Mehrmann Institut

Model reduction for port-Hamiltonian differential-algebraic systems Volker Mehrmann Institut

Model reduction for port-Hamiltonian differential-algebraic systems Volker Mehrmann Institut fr Mathematik Technische Universitt Berlin Research Center M ATHEON Mathematics for key technologies ICERM 20.02.2020 Theses Key

981 views • 69 slides
Kernel Pool Exploitation on Windows 7 Tarjei Mandt | Black Hat DC 2011 About Me Security

Kernel Pool Exploitation on Windows 7 Tarjei Mandt | Black Hat DC 2011 About Me Security

Kernel Pool Exploitation on Windows 7 Tarjei Mandt | Black Hat DC 2011 About Me Security Researcher at Norman Malware Detection Team (MDT) Interests Vulnerability research Operating systems internals Exploit mitigations

2.17k views • 100 slides
TCP Client/Server Example CSCE 515: Computer Network Programming fgets writen read stdin

TCP Client/Server Example CSCE 515: Computer Network Programming fgets writen read stdin

TCP Client/Server Example CSCE 515: Computer Network Programming fgets writen read stdin TCP TCP ------ Select stdout client server fputs readline writen Wenyuan Xu Department of Computer Science and Engineering University of

397 views • 5 slides
Elites Tweet? Characterizing Verified Twitter Users Indraneil Paul (IIIT Hyderabad), Abhinav

Elites Tweet? Characterizing Verified Twitter Users Indraneil Paul (IIIT Hyderabad), Abhinav

Elites Tweet? Characterizing Verified Twitter Users Indraneil Paul (IIIT Hyderabad), Abhinav Khattar (IIIT Delhi), Shaan Chopra (IIIT Delhi), Ponnurangam Kumaraguru (IIIT Delhi), Manish Gupta (Microsoft India) Outline A: PROBLEM AND MOTIVATION

525 views • 33 slides

More recommend