| draft-ietf-mmusic-kmgmt-ext-01.txt | draft-ietf-mmusic-kmgmt-ext-02.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force J. Arkko | Internet Engineering Task Force J. Arkko | |||
| MMUSIC Working Group E. Carrara | MMUSIC Working Group E. Carrara | |||
| INTERNET-DRAFT F. Lindholm | INTERNET-DRAFT F. Lindholm | |||
| Expires: July 2002 M. Naslund | Expires: August 2002 M. Naslund | |||
| K. Norrman | K. Norrman | |||
| Ericsson | Ericsson | |||
| January, 2002 | February, 2002 | |||
| Key Management Extensions for SDP and RTSP | Key Management Extensions for SDP and RTSP | |||
| <draft-ietf-mmusic-kmgmt-ext-01.txt> | <draft-ietf-mmusic-kmgmt-ext-02.txt> | |||
| Status of this memo | Status of this memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
| all provisions of Section 10 of RFC2026. | all provisions of Section 10 of RFC2026. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that other | Task Force (IETF), its areas, and its working groups. Note that other | |||
| groups may also distribute working documents as Internet-Drafts. | groups may also distribute working documents as Internet-Drafts. | |||
| skipping to change at page 1, line 36 | skipping to change at page 1, line 36 | |||
| material or cite them other than as "work in progress". | material or cite them other than as "work in progress". | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/lid-abstracts.txt | http://www.ietf.org/ietf/lid-abstracts.txt | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html | http://www.ietf.org/shadow.html | |||
| Abstract | Abstract | |||
| This document defines extensions for SDP and RTSP to carry the | This document defines general extensions for SDP and RTSP to carry | |||
| security information needed by a key management protocol, in order to | the security information needed by a key management protocol, in | |||
| secure the media stream. Indications are also given on how it should | order to secure the media. These extensions are presented as a | |||
| be used together with SIP and RTSP. | framework, to be used by one or more key management protocols. As | |||
| such, its use is meaningful only when it is completed by the key | ||||
| management protocol in use. | ||||
| TABLE OF CONTENTS | General guidelines are also given on how the framework should be used | |||
| together with SIP and RTSP. | ||||
| TABLE OF CONTENTS | ||||
| 1. Introduction.................................................. 2 | 1. Introduction.................................................. 2 | |||
| 1.1. Notational Conventions...................................... 3 | 1.1. Notational Conventions...................................... 3 | |||
| 2. Extensions to SDP and RTSP.................................... 3 | 2. Extensions to SDP and RTSP.................................... 3 | |||
| 2.1. SDP Extensions.............................................. 3 | 2.1. SDP Extensions.............................................. 4 | |||
| 2.2. RTSP Extensions............................................. 4 | 2.2. RTSP Extensions............................................. 4 | |||
| 3. Usage with SIP and RTSP....................................... 5 | 3. Usage with SIP and RTSP....................................... 5 | |||
| 3.1. SIP usage................................................... 5 | 3.1. General SDP processing...................................... 5 | |||
| 3.2. RTSP usage.................................................. 5 | 3.2. SIP usage................................................... 6 | |||
| 3.3. Example scenarios........................................... 6 | 3.3. RTSP usage.................................................. 6 | |||
| 4. Security Considerations....................................... 8 | 3.4. Example scenarios........................................... 7 | |||
| 5. IANA Considerations........................................... 9 | 4. Security Considerations....................................... 9 | |||
| 6. Conclusions................................................... 9 | 5. IANA Considerations...........................................10 | |||
| 7. Acknowledgments............................................... 9 | 6. Conclusions...................................................10 | |||
| 8. Author's Addresses............................................ 9 | 7. Acknowledgments...............................................10 | |||
| 9. References....................................................10 | 8. Author's Addresses............................................10 | |||
| 9. References....................................................11 | ||||
| 1. Introduction | 1. Introduction | |||
| There has recently been work to define a security framework for the | There has recently been work to define a security framework for the | |||
| protection of real-time applications running over RTP, [SRTP]. | protection of real-time applications running over RTP, [SRTP]. | |||
| However, a security protocol needs a key management infrastructure to | However, a security protocol needs a key management infrastructure to | |||
| exchange keys and security parameters, managing and refreshing keys, | exchange keys and security parameters, managing and refreshing keys, | |||
| etc. | etc. | |||
| The focus in the following sections is to describe SDP attribute | The focus in the following sections is to describe SDP attribute | |||
| extensions and RTSP header extensions to support key management, and | extensions and RTSP header extensions to support key management, and | |||
| a possible integration within SIP and RTSP. | a possible integration within SIP and RTSP. A framework is therefore | |||
| described in the following, that will need to be accompanied by one | ||||
| or more key management protocols. | ||||
| Some of the motivations to include the key management in the session | Some of the motivations to create a framework with the possibility to | |||
| establishment are: | include the key management in the session establishment are: | |||
| * Just as the codec information is a description of how to encode | * Just as the codec information is a description of how to encode | |||
| and decode the audio (or video) stream, the key management data | and decode the audio (or video) stream, the key management data | |||
| is a description of how to encrypt and decrypt the data. | is a description of how to encrypt and decrypt the data. | |||
| * The possibility to negotiate the security for the entire | * The possibility to negotiate the security for the entire | |||
| multimedia session at the same time. | multimedia session at the same time. | |||
| * The knowledge of the media at the session establishment makes it | * The knowledge of the media at the session establishment makes it | |||
| easy to tie the key management to the multimedia sessions. | easy to tie the key management to the multimedia sessions. | |||
| skipping to change at page 3, line 40 | skipping to change at page 3, line 48 | |||
| order to support the key management. | order to support the key management. | |||
| * make it easy to use another key management protocol, or a new | * make it easy to use another key management protocol, or a new | |||
| version, without having to redefine the attributes or add new | version, without having to redefine the attributes or add new | |||
| ones. | ones. | |||
| The following set of attributes have been identified as necessary to | The following set of attributes have been identified as necessary to | |||
| support: | support: | |||
| * key management protocol identifier, to indicate the key | * key management protocol identifier, to indicate the key | |||
| management protocol used ('keymgmt-prtcl') | management protocol used ("keymgmt-prtcl") | |||
| * key management raw data field, to transport the key management | * key management raw data field, to transport the key management | |||
| protocol data ('keymgmt-data') | protocol data ("keymgmt-data") | |||
| * in the case of SDP, an extra (optional) authentication attribute | * in the case of SDP, an extra (optional) authentication attribute | |||
| to be able to tie the key management data to the surrounding | to be able to tie the key management data to the surrounding | |||
| media definitions ('key-extra-auth'). | media definitions ("key-extra-auth"). | |||
| 2.1. SDP Extensions | 2.1. SDP Extensions | |||
| This section provides an Augmented Backus-Naur Form (ABNF) grammar | This section provides an Augmented Backus-Naur Form (ABNF) grammar | |||
| (as used in [SDP]) for the key management extensions to SDP. | (as used in [SDP]) for the key management extensions to SDP. | |||
| Note that the new definitions are compliant with the definition of an | Note that the new definitions are compliant with the definition of an | |||
| attribute field, i.e. | attribute field, i.e. | |||
| attribute = (att-field ":" att-value) | att-field | attribute = (att-field ":" att-value) | att-field | |||
| skipping to change at page 5, line 29 | skipping to change at page 5, line 36 | |||
| * There MUST be a possibility for the key management protocol to | * There MUST be a possibility for the key management protocol to | |||
| tie the media sessions to the negotiated parameters (i.e. an | tie the media sessions to the negotiated parameters (i.e. an | |||
| interface between the key management and the SDP and RTSP | interface between the key management and the SDP and RTSP | |||
| implementation MUST exist). | implementation MUST exist). | |||
| Today, the MIKEY protocol has adopted the key management extensions | Today, the MIKEY protocol has adopted the key management extensions | |||
| to work together with SIP and RTSP. Other protocols may use the | to work together with SIP and RTSP. Other protocols may use the | |||
| described attributes and header, e.g. Kerberos. | described attributes and header, e.g. Kerberos. | |||
| 3.1. SIP usage | 3.1. General SDP processing | |||
| When an SDP message is created, the following procedure should be | ||||
| applied: | ||||
| * The "keymgmt-prot" attribute is filled in with the identifier of | ||||
| the key management protocol used (e.g. MIKEY or Kerberos). | ||||
| * The "keymgmt-data" attribute is filled in by using the key | ||||
| management protocol interface to obtain key management data. The | ||||
| data may e.g. be a MIKEY message or Kerberos ticket. | ||||
| * If used, the "keymgmt-auth" attribute is filled in by using the | ||||
| key management protocol interface to obtain key management data. | ||||
| Note that what data from SDP are supposed to be provided to the | ||||
| interface MUST be specified by the key management protocol | ||||
| itself. | ||||
| A received SDP message that contains the key management attributes | ||||
| SHOULD process these attributes in the following manner: | ||||
| * Detect the key management protocol used by parsing the "keymgmt- | ||||
| prot" attribute. | ||||
| * Extract the key management data from the "keymgmt-data" attribute | ||||
| and call the key management interface with the extracted data. | ||||
| Note that depending on key management protocol, some extra | ||||
| parameters might of course be requested, such as the | ||||
| source/destination network address/port(s) for the specified | ||||
| media. | ||||
| * Depending on the outcome of the key management processing (i.e. | ||||
| whether it was accepted or not), SDP processing can proceed | ||||
| according to normal processing (e.g. according to the | ||||
| offer/answer model, see also Section 3.2.). | ||||
| * If the optional "keymgmt-auth" attribute is included, this is | ||||
| processed as the "keymgmt-data". | ||||
| 3.2. SIP usage | ||||
| The offerer should include the key management data within an offer | The offerer should include the key management data within an offer | |||
| that contains the media description it should apply to. The answerer | that contains the media description it should apply to. The answerer | |||
| MUST check with the key management protocol if the attribute values | MUST check with the key management protocol if the attribute values | |||
| are valid, and then obtain from the key management the data to | are valid, and then obtain from the key management the data to | |||
| include in the answer. If the offer is not accepted, the answerer | include in the answer. If the offer is not accepted, the answerer | |||
| returns a notification message and the offerer may go out with a new | returns a notification message and the offerer may go out with a new | |||
| (different) offer, depending on the local security policy. | (different) offer, depending on the local security policy. | |||
| Re-keying should be handled as a new offer, i.e. a re-INVITE should | Re-keying should be handled as a new offer, i.e. a re-INVITE should | |||
| be sent with the new proposed parameters. The answerer treats this as | be sent with the new proposed parameters. The answerer treats this as | |||
| a new offer where the key management is the issue of change. | a new offer where the key management is the issue of change. | |||
| 3.2. RTSP usage | 3.3. RTSP usage | |||
| RTSP does not use the offer/answer model, as SIP does. This causes | RTSP does not use the offer/answer model, as SIP does. This causes | |||
| some problems as it is not possible (without abusing RTSP) to send | some problems as it is not possible (without abusing RTSP) to send | |||
| back an answer to the server (as the server will in most cases be the | back an answer to the server (as the server will in most cases be the | |||
| one initiating the security parameter exchange). To solve this, a new | one initiating the security parameter exchange). To solve this, a new | |||
| header has been introduced (Section 2.2). | header has been introduced (Section 2.2). | |||
| The processing of a key management header in RTSP should be done | ||||
| analogous of the SDP message processing. The only differences will be | ||||
| that the url has been introduced and that there is no corresponding | ||||
| parameter for the extra authentication. The url should be processed | ||||
| as a standard RTSP stream url, i.e. to identify the session. It is | ||||
| however not mandatory to use. | ||||
| The initial key management message from a server should be sent to | The initial key management message from a server should be sent to | |||
| the client using SDP. When responding to this, the client uses the | the client using SDP. When responding to this, the client uses the | |||
| new RTSP header to send back an answer (included in either the SETUP | new RTSP header to send back an answer (included in either the SETUP | |||
| or the PLAY message). | or the PLAY message). | |||
| The server may provide re-keying facilities by sending a new key | The server may provide re-keying facilities by sending a new key | |||
| management message in a SET_PARAMETER or ANNOUNCE messages. In the | management message in a SET_PARAMETER or ANNOUNCE messages. In the | |||
| latter, the RTSP header is not used if the ANNOUNCE message includes | latter, the RTSP header is not used if the ANNOUNCE message includes | |||
| a SDP description where the data can be provided in. The response | a SDP description where the data can be provided in. The response | |||
| message is then put in the new RTSP header in the response message | message is then put in the new RTSP header in the response message | |||
| from the client to the server. Note that the SET PARAMETER and the | from the client to the server. Note that the SET PARAMETER and the | |||
| ANNOUNCE messages are not mandatory to support for the servers. | ANNOUNCE messages are not mandatory to support for the servers. | |||
| 3.3. Example scenarios | 3.4. Example scenarios | |||
| Example 1 (SIP) | Example 1 (SIP) | |||
| A SIP call is taking place between Alice and Bob. Alice sends an | A SIP call is taking place between Alice and Bob. Alice sends an | |||
| Invite message consisting of the following offer: | Invite message consisting of the following offer: | |||
| v=0 | v=0 | |||
| o=alice 2891092738 2891092738 IN IP4 lost.somewhere.com | o=alice 2891092738 2891092738 IN IP4 lost.somewhere.com | |||
| s=Cool stuff | s=Cool stuff | |||
| e=alice@w-land.org | e=alice@w-land.org | |||
| skipping to change at page 8, line 35 | skipping to change at page 9, line 41 | |||
| the video followed by a PLAY message). | the video followed by a PLAY message). | |||
| 4. Security Considerations | 4. Security Considerations | |||
| The nature of this document is to allow SDP and RTSP to support | The nature of this document is to allow SDP and RTSP to support | |||
| security of the media sessions. It is therefore not the intention of | security of the media sessions. It is therefore not the intention of | |||
| this document to describe possible security solution or to define | this document to describe possible security solution or to define | |||
| possible security problems. The defined SDP and RTSP extensions are | possible security problems. The defined SDP and RTSP extensions are | |||
| not believed to introduce any new security risks to SDP and RTSP. | not believed to introduce any new security risks to SDP and RTSP. | |||
| The 'key-extra-auth' attribute may be (optionally) used to guarantee | The "keymgmt-auth" attribute may be (optionally) used to guarantee an | |||
| an authenticated binding between the session(s) and the security | authenticated binding between the session(s) and the security | |||
| parameters, e.g. authenticating both the key management lines and | parameters, e.g. authenticating both the key management lines and | |||
| (parts of) the surrounding SDP description. Each key management | (parts of) the surrounding SDP description. Each key management | |||
| specifies the coverage of such 'key-extra-auth' attribute. A denial- | specifies the coverage of such "keymgmt-auth" attribute. A denial-of- | |||
| of-service attack may be open if such authenticated binding is not | service attack may be open if such authenticated binding is not | |||
| provided. Note however, the 'key-extra-auth' cannot work when NATs | provided. Note however, the "keymgmt-auth" cannot work when NATs are | |||
| are present. | present. | |||
| Note that the purpose of the key management fields is to secure the | Note that the purpose of the key management fields is to secure the | |||
| media streams themselves. Under the assumption that the key | media streams themselves. Under the assumption that the key | |||
| management schemes are secure, the SDP payloads can be passed along | management schemes are secure, the SDP payloads can be passed along | |||
| unprotected, and the media streams will still be secure even if some | unprotected, and the media streams will still be secure even if some | |||
| attackers gained knowledge of the SDP contents. There may however, be | attackers gained knowledge of the SDP contents. There may however, be | |||
| other reasons to protect the SDP payloads such as preventing | other reasons to protect the SDP payloads such as preventing | |||
| attackers from gaining any information regarding the session or the | attackers from gaining any information regarding the session or the | |||
| used equipment. | used equipment. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| Three new attributes fields for SDP (see Section 2.1) and one new | Three new attributes fields for SDP (see Section 2.1) and one new | |||
| RTSP header are registered (see Section 2.2). | RTSP header are registered (see Section 2.2). | |||
| 6. Conclusions | 6. Conclusions | |||
| A security solution for real-time applications needs a key management | A security solution for real-time applications needs a key management | |||
| infrastructure. Integrating the key management scheme with the | infrastructure. Integrating the key management scheme with the | |||
| session establishment protocol could be done efficiently in most of | session establishment protocol could be done efficiently in most of | |||
| the scenarios. A set of new attributes and headers have been defined | the scenarios. This draft proposes a framework that integrates a key | |||
| in SDP and RTSP so that it will be possible to integrate a key | management protocol (e.g. MIKEY) into SIP and RTSP, and which can be | |||
| management protocol (e.g. MIKEY) into SIP and RTSP. | accompanied by different key management protocols. A set of new | |||
| attributes and headers has been defined in SDP and RTSP to support | ||||
| this. | ||||
| 7. Acknowledgments | 7. Acknowledgments | |||
| Thanks to: Rolf Blom, Joerg Ott, Colin Perkins, Magnus Westerlund, | Thanks to: Rolf Blom, Magnus Westerlund, and the rest involved in the | |||
| and the rest involved in the MMUSIC WG and the MSEC WG. | MMUSIC WG and the MSEC WG. | |||
| A special thanks to Joerg Ott and Colin Perkins. | ||||
| 8. Author's Addresses | 8. Author's Addresses | |||
| Jari Arkko | Jari Arkko | |||
| Ericsson | Ericsson | |||
| 02420 Jorvas Phone: +358 40 5079256 | 02420 Jorvas Phone: +358 40 5079256 | |||
| Finland Email: jari.arkko@ericsson.com | Finland Email: jari.arkko@ericsson.com | |||
| Elisabetta Carrara | Elisabetta Carrara | |||
| Ericsson Research | Ericsson Research | |||
| skipping to change at page 10, line 27 | skipping to change at page 11, line 34 | |||
| [SDP] Handley, M., and Jacobson, V., "Session Description Protocol | [SDP] Handley, M., and Jacobson, V., "Session Description Protocol | |||
| (SDP)", IETF, RFC2327 | (SDP)", IETF, RFC2327 | |||
| [SIP] Handley, M., Schulzrinne, H., Schooler, E., and Rosenberg, J., | [SIP] Handley, M., Schulzrinne, H., Schooler, E., and Rosenberg, J., | |||
| "SIP: Session Initiation Protocol", IETF, RFC2543. | "SIP: Session Initiation Protocol", IETF, RFC2543. | |||
| [SRTP] Blom, R., Carrara, E., McGrew, D., Naslund, M, Norrman, K., | [SRTP] Blom, R., Carrara, E., McGrew, D., Naslund, M, Norrman, K., | |||
| and Oran, D., "The Secure Real Time Transport Protocol", Internet | and Oran, D., "The Secure Real Time Transport Protocol", Internet | |||
| Draft, IETF, Work in Progress (AVT). | Draft, IETF, Work in Progress (AVT). | |||
| This Internet-Draft expires in July 2002. | This Internet-Draft expires in August 2002. | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||