Identity-based cryptosystems and signature schemes
Proceedings of CRYPTO 84 on Advances in cryptology
Entity Authentication and Key Distribution
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
Password Mistyping in Two-Factor-Authenticated Key Exchange
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
A Modular Security Analysis of the TLS Handshake Protocol
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A comparative analysis of the security aspects of the multimedia key exchange protocols
Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications
Man-in-the-middle in tunnelled authentication protocols
Proceedings of the 11th international conference on Security Protocols
Key exchange using passwords and long keys
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Survey of security vulnerabilities in session initiation protocol
IEEE Communications Surveys & Tutorials
| Hi-index | 0.00 |
Exchanging keys to encrypt media streams in the Session Initiation Protocol (SIP) has proved challenging. The challenge has been to devise a key transmission protocol that preserves the features of SIP while minimizing key exposure to unintended parties and eliminating voice clipping. We first briefly survey the two IETF SIP media keying protocols -- SDES and DTLS-SRTP -- and evaluate them against a core feature set. We then introduce a novel simple and lightweight scheme to significantly increase the security of SDES SIP keying with minimal overhead costs. Our proposed key exchange involves only one symmetric key operation by sender and receiver and is secure against the Man-in-the-middle attack unless the attacker is able to intercept both the SIP signaling and media plane traffic. Our key exchange scheme is much simpler than DTLS-SRTP; in fact, compared to SDES, it includes only one additional simple step. At the same time, it provides significantly better security than SDES and is only slightly weaker than the non-PKI version of DTLS-SRTP.