ALTERNATE ENCRYPTION SCHEME FOR REAL-TIME TRAFFIC A Thesis by Gopinath Gopalakrishnan M.S., Wichita State University, 2007 Submitted to the Department of Electrical and Computer Engineering and the faculty of the Graduate School of Wichita State University in partial fulfillment for the degree of Master of Science July 2007 © Copyright 2007 by Gopinath Gopalakrishnan All Rights Reserved ALTERNATE ENCRYPTION SCHEME FOR REAL-TIME TRAFFIC I have examined the final copy of this thesis for form and content, and recommend that it be accepted in partial fulfillment of the requirements for the degree of Master of Science with a major in Electrical and Computer Engineering. ______________________________ Ravi Pendse, Committee Chair We have read this thesis and recommend its acceptance: _______________________________ Kamesh Namuduri, Member _______________________________ Krishna K.Krishnan, Member iii DEDICATION This thesis is dedicated to my beloved parents, all my family members and friends who have supported and encouraged me throughout my life. Without their support and encouragement this thesis would not be a success. iv ACKNOWLEDGEMENTS I would like to thank my advisor, Dr. Ravi Pendse, for all his support and valuable guidance over the entire course of my academic career at WSU and for giving me an opportunity to do my Master’s thesis under his guidance in the field of VOIP Security. I am thankful to my committee for taking the time to work with me in this endeavor. I would also like to thank Mr. Nagaraja Thanthry, Mr. Amarnath Jasti, Mr. Manivannan Srinivasan and all my friends at the Advanced Networking Research Center (ANRC) at Wichita State University for their help during this time. v ABSTRACT Voice over IP is fast emerging as a strong contender to the traditional circuit-switched PSTN networks. Unlike the PSTN network, which requires dedicated lines, VoIP can share the network that is laid out to carry data traffic as well as other traffic categories. Securing VoIP and other real-time traffic is necessary considering the easy ways of hacking communication over internet. Most of the existing security solutions for VoIP such as IPSec, Secure Real Time Protocol (SRTP) and ZRTP use the standard symmetric encryption algorithms for encrypting voice traffic. In this thesis, the author proposes an alternate encryption scheme that uses PKI architecture for the initial authentication and key exchange, and encrypts the real-time traffic with a symmetric algorithm using a unique key for each packet. The proposed algorithm expected to be less complex compared to the traditional encryption schemes in addition to enhancing the security of the communication. The performance of the proposed algorithm has been simulated by modifying libSRTP. The analysis carried out shows that the proposed scheme helps in improving the voice quality to a certain extent while maintaining the security of the communication. vi TABLE OF CONTENTS CHAPTER PAGE 1. INTRODUCTION ........................................................................................................ 1 2. EXISTING VOIP SECURITY PROTOCOLS............................................................ 4 2.1 RTP (REAL-TIME TRANSPORT PROTOCOL) ................................................................ 4 2.2 SRTP (SECURE REAL-TIME PROTOCOL).................................................................... 6 2.2.1 SRTP Packet Processing................................................................................... 8 2.2.2 Replay Protection.............................................................................................. 9 2.2.3 Encryption Process in SRTP........................................................................... 10 2.2.4 Authentication mechanism.............................................................................. 11 2.3 SRTCP (SECURE REAL-TIME TRANSPORT CONTROL PROTOCOL) ......................... 11 2.4 ZRTP..................................................................................................................... 12 2.4.1 Overview of ZRTP working ........................................................................... 13 2.4.2 Short Authentication String (SAS) ................................................................. 15 2.4.3 Security issues in ZRTP.................................................................................. 16 2.5 IPSEC IN VOIP ...................................................................................................... 16 2.5.1 Security Associations (SA)............................................................................. 17 2.5.2 Problems with IPSec for VOIP....................................................................... 18 3. PUBLIC-KEY AND PRIVATE KEY ENCRYPTION............................................. 19 3.1 PUBLIC-KEY ENCRYPTION..................................................................................... 19 3.1.1 Public-Key Infrastructure (PKI) ..................................................................... 20 3.1.2 Working of PKI............................................................................................. 21 3.1.3 Diffie-Hellman Key exchange mechanism..................................................... 22 3.1.4 Issues with Diffie-Hellman Key exchange ..................................................... 23 3.1.5 RSA................................................................................................................. 23 3.1.6 Issues with RSA.............................................................................................. 24 3. 2 SYMMETRIC KEY ENCRYPTION.............................................................................. 24 3.2.1 Data Encryption Standard (DES).................................................................... 26 3.2.2 Triple DES ...................................................................................................... 26 3.2.3 Advanced Encryption Standard (AES) ........................................................... 27 4. ALTERNATE ENCRYPTION SCHEME .............................................................. 30 4.1 FEATURES OF THE SCHEME ................................................................................... 30 4.2 RANDOM NUMBER GENERATION .......................................................................... 31 4.3 MIKEY KEY EXCHANGE MECHANISM.................................................................. 32 4.4 PACKET PROCESSING IN ALTERNATE ENCRYPTION SCHEME.................................. 34 4.5 PACKET INDEX AND ROC ..................................................................................... 35 4.6 SECURITY PARAMETERS ....................................................................................... 36 4.7 CRYPTOGRAPHIC ALGORITHMS ............................................................................. 36 4.8 Authentication Mechanism .................................................................................. 36 vii TABLE OF CONTENTS (CONTD) CHAPTER PAGE 5. PERFORMANCE ANALYSIS OF THE ALTERNATE ENCRYPTION SCHEME..38 5.1 DELAYS.................................................................................................................... 38 5.2 CALL SETUP DELAY................................................................................................. 38 5.3 DELAYS DURING CALL............................................................................................. 39 5.3.1 Per- Packet Encryption and Decryption delays ................................................ 39 5.4 BRUTE FORCE ATTACK ............................................................................................ 45 5.5 MITM ATTACKS ...................................................................................................... 46 5.6 ADVANTAGES OF THE PROPOSED SCHEME ............................................................... 47 5.7 DISADVANTAGES OF THE ALTERNATE ENCRYPTION SCHEME .................................. 48 6. CONCLUSION AND FUTURE WORK ................................................................... 49 LIST OF REFERENCES………………………………………………………………..52 viii LIST OF FIGURES Figure Page 1. RTP Packet format [1] ....................................................................................... 5 2. SRTP Packet Format [2] .................................................................................... 7 3. Default SRTP Encryption Processing [2] ........................................................ 10 4. SRTP key derivation [2] .................................................................................. 11 5. SRTCP Packet Format [2] ............................................................................... 12 6. ZRTP Call Setup Process [3] ........................................................................... 14 7. ZRTP Packet Format [3].................................................................................. 15 8. Public-Key Cryptography Key Generation...................................................... 20 9. Encryption and Decryption Process [20] ......................................................... 25 10 . Triple DES ....................................................................................................... 27 11 . Packet Encryption in Alternate Encryption Scheme........................................ 31 12. Call Setup Flow diagram for Alternate Encryption Scheme ........................... 34 13. Per- Packet Encryption Delay.........................................................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages63 Page
-
File Size-