draft-ietf-avt-srtp-not-mandatory-00.txt   draft-ietf-avt-srtp-not-mandatory-01.txt 
Network Working Group C. Perkins Network Working Group C. Perkins
Internet-Draft University of Glasgow Internet-Draft University of Glasgow
Intended status: Informational M. Westerlund Intended status: Informational M. Westerlund
Expires: January 30, 2009 Ericsson Expires: May 6, 2009 Ericsson
July 29, 2008 November 2, 2008
Why RTP Does Not Mandate a Single Security Mechanism Why RTP Does Not Mandate a Single Security Mechanism
draft-ietf-avt-srtp-not-mandatory-00.txt draft-ietf-avt-srtp-not-mandatory-01.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 35 skipping to change at page 1, line 35
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 30, 2009. This Internet-Draft will expire on May 6, 2009.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2008). Copyright (C) The IETF Trust (2008).
Abstract Abstract
This memo discusses the problem of securing real-time multimedia This memo discusses the problem of securing real-time multimedia
sessions, and explains why the Real-time Transport Protocol (RTP) sessions, and explains why the Real-time Transport Protocol (RTP)
does not mandate a single media security mechanism. does not mandate a single media security mechanism.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. RTP Applications and Deployment Scenarios . . . . . . . . . . . 3 2. RTP Applications and Deployment Scenarios . . . . . . . . . . 3
3. Implications for RTP Media Security . . . . . . . . . . . . . . 4 3. Implications for RTP Media Security . . . . . . . . . . . . . 4
4. Implications for Key Management . . . . . . . . . . . . . . . . 5 4. Implications for Key Management . . . . . . . . . . . . . . . 5
5. On the Requirement for Strong Security in IETF protocols . . . 6 5. On the Requirement for Strong Security in IETF protocols . . . 6
6. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . 6 6. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
9. To Do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 9. Informative References . . . . . . . . . . . . . . . . . . . . 7
10. Informative References . . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8 Intellectual Property and Copyright Statements . . . . . . . . . . 10
Intellectual Property and Copyright Statements . . . . . . . . . . 9
1. Introduction 1. Introduction
The Real-time Transport Protocol (RTP) [1] is widely used for voice The Real-time Transport Protocol (RTP) [1] is widely used for voice
over IP, Internet television, video conferencing, and various other over IP, Internet television, video conferencing, and various other
real-time and streaming media applications. Despite this, the base real-time and streaming media applications. Despite this, the base
RTP specification provides very limited options for media security, RTP specification provides very limited options for media security,
and defines no standard key exchange mechanism. Rather, a number of and defines no standard key exchange mechanism. Rather, a number of
extensions are defined to provide confidentiality and authentication extensions are defined to provide confidentiality and authentication
of media streams, and to exchange security keys. This memo outlines of media streams, and to exchange security keys. This memo outlines
skipping to change at page 4, line 15 skipping to change at page 4, line 15
editing suites editing suites
o Interconnecting components of distributed simulation systems o Interconnecting components of distributed simulation systems
o Streaming real-time sensor data o Streaming real-time sensor data
As can be seen, these scenarios vary from point-to-point to very As can be seen, these scenarios vary from point-to-point to very
large multicast groups, from interactive to non-interactive, and from large multicast groups, from interactive to non-interactive, and from
low bandwidth (kilobits per second) to very high bandwidth (multiple low bandwidth (kilobits per second) to very high bandwidth (multiple
gigabits per second). While most of these applications run over UDP, gigabits per second). While most of these applications run over UDP,
some use TCP or DCCP as their transport. Some run on highly reliable some use TCP or DCCP as their underlying transport. Some run on
optical networks, others use low rate unreliable wireless networks. highly reliable optical networks, others use low rate unreliable
Some applications of RTP operate entirely within a single trust wireless networks. Some applications of RTP operate entirely within
domain, others are inter-domain, with untrusted (and potentially a single trust domain, others are inter-domain, with untrusted (and
unknown) users. The range of scenarios is wide, and growing both in potentially unknown) users. The range of scenarios is wide, and
number and in heterogeneity. growing both in number and in heterogeneity.
3. Implications for RTP Media Security 3. Implications for RTP Media Security
The wide range of application scenarios where RTP is used has led to The wide range of application scenarios where RTP is used has led to
the development of multiple solutions for media security, considering the development of multiple solutions for media security, considering
different requirements. Perhaps the most general of these solutions different requirements. Perhaps the most widely applicable of these
is the Secure RTP (SRTP) framework [3]. This is an application-level solutions is the Secure RTP (SRTP) framework [3]. This is an
media security solution, encrypting the media payload data (not the application-level media security solution, encrypting the media
RTP headers) to provide some degree of confidentiality, and providing payload data (but not the RTP headers) to provide some degree of
optional source origin authentication. It was carefully designed to confidentiality, and providing optional source origin authentication.
be both low overhead, and to support the group communication features It was carefully designed to be both low overhead, and to support the
of RTP, across a range of networks. group communication features of RTP, across a range of networks.
SRTP is not the only media security solution in use, however, and SRTP is not the only media security solution in use, however, and
alternatives are more appropriate for some scenarios. For example, alternatives are more appropriate for some scenarios. For example,
many client-server streaming media applications run over a single TCP many client-server streaming media applications run over a single TCP
connection, multiplexing media data with control information on that connection, multiplexing media data with control information on that
connection (for example, on an RTSP connection). The natural way to connection (for example, on an RTSP connection). The natural way to
provide media security for such client-server media applications is provide media security for such client-server media applications is
to use TLS to protect the TCP connection, sending the RTP media data to use TLS to protect the TCP connection, sending the RTP media data
over the TLS connection. Using the SRTP framework in addition to TLS over the TLS connection. Using the SRTP framework in addition to TLS
is unncessary, and would result in double encryption of the media, is unncessary, and would result in double encryption of the media,
and SRTP cannot be used instead of TLS since it is RTP-specific, and and SRTP cannot be used instead of TLS since it is RTP-specific, and
so cannot protect the control traffic. so cannot protect the control traffic.
Other RTP use cases work over networks which provide security at the
network layer, using IPsec. For example, certain 3GPP networks need
IPsec security associations for other purposes, and can reuse those
to secure the RTP session [4]. SRTP is, again, unnecessary in such
environments, and its use would only introduce overhead for no gain.
For some applications it is sufficient to protect the RTP payload
data while leaving RTP, transport, and network layer headers
unprotected. An example of this is RTP broadcast over DVB-H [5],
where one mode of operation uses ISMAcryp to protect the media data
only.
Finally, the link layer may be secure, and it may be known that the Finally, the link layer may be secure, and it may be known that the
RTP media data is constrained to that single link (for example, when RTP media data is constrained to that single link (for example, when
operating in a studio environment, with physical link security). An operating in a studio environment, with physical link security). An
environment like this is inherently constrained, but might avoid the environment like this is inherently constrained, but might avoid the
need for application, transport, or network layer media security. need for application, transport, or network layer media security.
All these are application scenarios where RTP has seen commerical All these are application scenarios where RTP has seen commerical
deployment. Other use case also exist, with additional requirements. deployment. Other use case also exist, with additional requirements.
There is no media security protocol that is appropriate for all these There is no media security protocol that is appropriate for all these
environments. Accordingly, multiple RTP media security protocols can environments. Accordingly, multiple RTP media security protocols can
be expected to remain in wide use. be expected to remain in wide use.
4. Implications for Key Management 4. Implications for Key Management
More diverse than the different use cases is the different protocols With such a diverse range of use case come a range of different
used for RTP session establishment. Providing keying for these protocols for RTP session establishment. Mechanisms used to provide
different session establishment can basically be put into two security keying for these different session establishment protocols
categories, inband and out-of-band in relation to the session can basically be put into two categories: inband and out-of-band in
establishment mechanism. The requirement on these solution are relation to the session establishment mechanism. The requirements
highly varying. Thus a wide range of solutions have been developed for these solutions are highly varying. Thus a wide range of
in this space: solutions have been developed in this space:
o The most common use case for RTP is probably point-to-point voice o The most common use case for RTP is probably point-to-point voice
calls or centralised group conferences, negotiated using SIP with calls or centralised group conferences, negotiated using SIP with
the SDP offer/answer model, operating on a trusted infrastructure. the SDP offer/answer model, operating on a trusted infrastructure.
In such environments, SDP security descriptions [4] or the MIKEY In such environments, SDP security descriptions [6] or the MIKEY
[5] protocol are appropriate keying mechanisms, piggybacked onto [7] protocol are appropriate keying mechanisms, piggybacked onto
the SDP exchange. the SDP exchange. The infrastructure may be secured by protecting
the SIP exchange using SIPS or S/MIME, for example.
o SIP/SDP with SIPS
o SIP/SDP with S/MIME
o Point-to-point RTP sessions may be negotiated using SIP with the o Point-to-point RTP sessions may be negotiated using SIP with the
offer/answer model, but operating over a network with untrusted offer/answer model, but operating over a network with untrusted
infrastructure. In such environments, the key management protocol infrastructure. In such environments, the key management protocol
is run on the media path, bypassing the untrusted infrastructure. is run on the media path, bypassing the untrusted infrastructure.
Protocols such as ZRTP or DTLS protocols are useful here. Protocols such as DTLS [8] or ZRTP [9] are useful here.
o For point-to-point client-server streaming of RTP over RTSP, a TLS
association is appropriate to manage keying material, in much the
same manner as would be used to secure an HTTP session.
o Email with SDP, secured using X.500 or PGP
o SDP file retrieved using HTTPS o For point-to-point client-server streaming of RTP over RTSP [10],
a TLS association is appropriate to manage keying material, in
much the same manner as would be used to secure an HTTP session.
o FLUTE using S/MIME to secure SDP o A session description may be sent by email, secured using X.500 or
PGP, or retrieved from a web page, using HTTP with TLS.
o SAP with SDP o A session description may be distributed to a multicast group
using SAP or FLUTE secured with S/MIME.
o OMAs DRM keymanagement [6] with pointer from SDP for point to o A session description may be distributed using OMA's DRM key
point streamingsetup with RTSP in 3GPP [7]. management [11] with pointer for point to point streaming setup
with RTSP in 3GPP [12].
o Usage of HTTP and MIKEY for key management in MBMS [8]. o In the 3GPP MBMS system, HTTP and MIKEY are used for key
management [13].
A more detailed survey of requirements for media security management A more detailed survey of requirements for media security management
protocols can be found in [9]. As can be seen, the range of use protocols can be found in [14]. As can be seen, the range of use
cases is wide, and there is no single protocol that is appropriate cases is wide, and there is no single protocol that is appropriate
for all scenarios. These solutions have be further diversified by for all scenarios. These solutions have be further diversified by
the existence of infrastructure elements such as authentication the existence of infrastructure elements such as authentication
solutions that is tied into the key manangement. solutions that are tied into the key manangement.
5. On the Requirement for Strong Security in IETF protocols 5. On the Requirement for Strong Security in IETF protocols
BCP 61 [10] puts a requirement on IETF protocols to provide strong, BCP 61 [15] puts a requirement on IETF protocols to provide strong,
mandatory to implement, security solutions. This is actually quite a mandatory to implement, security solutions. This is actually quite a
difficult requirement for any type of framework protocol, like RTP, difficult requirement for any type of framework protocol, like RTP,
since one can never know all the deployement scenarios, and if the since one can never know all the deployement scenarios, and if they
security solution provided covers them. It would clearly be are covered by the security solution. It would clearly be desirable
desirable if a single media security solution and a single key if a single media security solution and a single key management
management solution could be developed, satisfying the range of use solution could be developed, satisfying the range of use cases for
cases for RTP. The authors are not aware of any such solution, RTP. The authors are not aware of any such solution, however, and it
however, and it is not clear that any single solution can be is not clear that any single solution can be developed.
developed.
For a framework protocol it appears that the only sensible solution For a framework protocol it appears that the only sensible solution
to the requirement of BCP 61 is to develop or use security building to the requirement of BCP 61 is to develop or use security building
blocks, like SRTP, SDES, MIKEY, DTLS, or IPsec, to provide the basic blocks, like SRTP, SDES, MIKEY, DTLS, or IPsec, to provide the basic
security services of authorization, data integrity protocetion and security services of authorization, data integrity protocetion and
date confidentiality protection. When new usages of the RTP date confidentiality protection. When new usages of the RTP
framework arise, one needs to analyze the situation, to determine of framework arise, one needs to analyze the situation, to determine of
the existing building blocks satisfy the requirements. If not, it is the existing building blocks satisfy the requirements. If not, it is
necessary to develop new security building blocks. necessary to develop new security building blocks.
skipping to change at page 7, line 4 skipping to change at page 7, line 13
mechanisms and key-management should be used. If such agreement is mechanisms and key-management should be used. If such agreement is
not possible, there will be increased cost, either in the lack of not possible, there will be increased cost, either in the lack of
interoperability, or in the need to implement more solutions. interoperability, or in the need to implement more solutions.
Unfortunately this situation, if not handled reasonably well, can Unfortunately this situation, if not handled reasonably well, can
result in a failure to satisfy the requirement of providing the users result in a failure to satisfy the requirement of providing the users
with an option of turining on strong security when desired. with an option of turining on strong security when desired.
6. Conclusions 6. Conclusions
As discussed earlier it appears that a single solution can't be As discussed earlier it appears that a single solution can't be
designed meet the diverse requirements. In the absense of such a designed to meet the diverse requirements. In the absense of such a
solution, it is hoped that this memo explains why SRTP is not solution, it is hoped that this memo explains why SRTP is not
mandatory as the media security solution for RTP-based systems, and mandatory as the media security solution for RTP-based systems, and
why we can expect multiple key management solutions for systems using why we can expect multiple key management solutions for systems using
RTP. RTP.
In respect to the above it is important for any RTP-based application It is important for any RTP-based application to consider how it
to consider how they meet the application's security requirements. meets the security requirements. This will require some analysis to
This will requires some analysis to determine these requirements. determine these requirements, followed by a selection of a mandatory
Followed by a selection of preferably a single to mandatory to to implement solution, or in exceptional scenarios several solutions,
implement solution including the desired RTP traffic protection and including the desired RTP traffic protection and key-management.
key-management. As SRTP can be used in a large number of use cases, SRTP is a preferred solution for the protection of the RTP traffic in
it is a preferred solution for the protection of the RTP traffic, for those use cases where it is applicable. It is out of scope for this
those use cases where it is applicable. Currently it is much harder memo to recommend a preferred key management solution.
to point out a preferred key-management solution.
7. Security Considerations 7. Security Considerations
This entire memo is about security. This entire memo is about security.
8. IANA Considerations 8. IANA Considerations
No IANA actions are required. No IANA actions are required.
9. To Do 9. Informative References
Update references
IPsec example
10. Informative References
[1] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson, [1] Schulzrinne, H., Casner, S., Frederick, R., and V. Jacobson,
"RTP: A Transport Protocol for Real-Time Applications", STD 64, "RTP: A Transport Protocol for Real-Time Applications", STD 64,
RFC 3550, July 2003. RFC 3550, July 2003.
[2] 3GPP, "Multimedia Broadcast/Multicast Service (MBMS); Protocols [2] 3GPP, "Multimedia Broadcast/Multicast Service (MBMS); Protocols
and codecs TS 26.346". and codecs TS 26.346".
[3] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. [3] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
Norrman, "The Secure Real-time Transport Protocol (SRTP)", Norrman, "The Secure Real-time Transport Protocol (SRTP)",
RFC 3711, March 2004. RFC 3711, March 2004.
[4] Andreasen, F., Baugher, M., and D. Wing, "Session Description [4] 3GPP, "IP network layer security", 3GPP TS 33.210,
September 2008.
[5] ETSI, "Digital Video Broadcasting (DVB); IP Datacast over
DVB-H: Service Purchase and Protection", ETSI TS 102 474,
November 2007.
[6] Andreasen, F., Baugher, M., and D. Wing, "Session Description
Protocol (SDP) Security Descriptions for Media Streams", Protocol (SDP) Security Descriptions for Media Streams",
RFC 4568, July 2006. RFC 4568, July 2006.
[5] Arkko, J., Lindholm, F., Naslund, M., Norrman, K., and E. [7] Arkko, J., Lindholm, F., Naslund, M., Norrman, K., and E.
Carrara, "Key Management Extensions for Session Description Carrara, "Key Management Extensions for Session Description
Protocol (SDP) and Real Time Streaming Protocol (RTSP)", Protocol (SDP) and Real Time Streaming Protocol (RTSP)",
RFC 4567, July 2006. RFC 4567, July 2006.
[6] Open Mobile Alliance, "DRM Specification 2.0". [8] McGrew, D. and E. Rescorla, "Datagram Transport Layer Security
(DTLS) Extension to Establish Keys for Secure Real-time
Transport Protocol (SRTP)", draft-ietf-avt-dtls-srtp-06 (work
in progress), October 2008.
[7] 3GPP, "Transparent end-to-end Packet-switched Streaming Service [9] Zimmermann, P., Johnston, A., and J. Callas, "ZRTP: Media Path
Key Agreement for Secure RTP", draft-zimmermann-avt-zrtp-10
(work in progress), October 2008.
[10] Schulzrinne, H., Rao, A., Lanphier, R., Westerlund, M., and M.
Stiemerling, "Real Time Streaming Protocol 2.0 (RTSP)",
draft-ietf-mmusic-rfc2326bis-18 (work in progress), May 2008.
[11] Open Mobile Alliance, "DRM Specification 2.0".
[12] 3GPP, "Transparent end-to-end Packet-switched Streaming Service
(PSS); Protocols and codecs TS 26.234". (PSS); Protocols and codecs TS 26.234".
[8] 3GPP, "Security of Multimedia Broadcast/Multicast Service [13] 3GPP, "Security of Multimedia Broadcast/Multicast Service
(MBMS) TS 33.246". (MBMS) TS 33.246".
[9] Wing, D., Fries, S., Tschofenig, H., and F. Audet, [14] Wing, D., Fries, S., Tschofenig, H., and F. Audet,
"Requirements and Analysis of Media Security Management "Requirements and Analysis of Media Security Management
Protocols", draft-ietf-sip-media-security-requirements-02 (work Protocols", draft-ietf-sip-media-security-requirements-08 (work
in progress), January 2008. in progress), October 2008.
[10] Schiller, J., "Strong Security Requirements for Internet [15] Schiller, J., "Strong Security Requirements for Internet
Engineering Task Force Standard Protocols", BCP 61, RFC 3365, Engineering Task Force Standard Protocols", BCP 61, RFC 3365,
August 2002. August 2002.
Authors' Addresses Authors' Addresses
Colin Perkins Colin Perkins
University of Glasgow University of Glasgow
Department of Computing Science Department of Computing Science
Sir Alwyn Williams Building Sir Alwyn Williams Building
Lilybank Gardens Lilybank Gardens
 End of changes. 31 change blocks. 
90 lines changed or deleted 110 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/