sdp security descriptions for media streams
play

SDP Security Descriptions for Media Streams < - PowerPoint PPT Presentation

Aug 09, 2023 •253 likes •414 views

SDP Security Descriptions for Media Streams < draft-ietf-mmusic-sdescriptions-00.txt> Mark Baugher Dan Wing - Cisco Systems - Overview Brief overview of Session Description Protocol Rationale & Requirements End-to-end vs

  1. SDP Security Descriptions for Media Streams < draft-ietf-mmusic-sdescriptions-00.txt> Mark Baugher Dan Wing - Cisco Systems -

  2. Overview • Brief overview of Session Description Protocol • Rationale & Requirements – End-to-end vs Hop-by-hop uses – Comparison with existing and nascent standards • Security descriptions – Session descriptors vs. media descriptors – Syntax • Next steps This is an mmusic work item that we want evaluated in both transport and security areas. SDP Security Descriptions 2

  3. Session Description Protocol v=0 • Describes o=mhandley 2890844526 2890842807 IN IP4 126.16.64.4 multimedia sessions s=SDP Seminar i=A Seminar on the session • Uses textual description protocol descriptions u=http://www.cs.ucl.ac.uk/sdp.03.ps e=mjh@isi.edu (Mark Handley) • Two “ parts ” c=IN IP4 224.2.17.12/127 t=2873397496 2873404696 – Session-level a=recvonly m=audio 49170 RTP/AVP 0 description m=video 51372 RTP/AVP 31 – Media-entry level m=application 32416 udp wb a=orient:portrait description SDP Security Descriptions 3

  4. SDP Session-level descriptions v=0 Apply to all media entries • o=mhandley 2890844526 2890842807 – Version (v) IN IP4 126.16.64.4 – Origin (o) s=SDP Seminar – Session name (s) i=A Seminar on the session description protocol – URI content (u) u=http://www.cs.ucl.ac.uk/sdp.03.ps – Contact info (e) (p) e=mjh@isi.edu (Mark Handley) – Session times (t) c=IN IP4 224.2.17.12/127 Apply to session or media • t=2873397496 2873404696 levels a=recvonly m=audio 49170 RTP/AVP 0 – Connection (c) m=video 51372 RTP/AVP 31 – Bandwidth (b) m=application 32416 udp wb – Attribute (a) a=orient:portrait – Keys (k) – And others … SDP Security Descriptions 4

  5. SDP Media Entries v=0 Session level starts at • o=mhandley 2890844526 2890842807 v= and ends at m= IN IP4 126.16.64.4 s=SDP Seminar • Media level begins at i=A Seminar on the session first m= description protocol u=http://www.cs.ucl.ac.uk/sdp.03.ps Each m= starts a new • e=mjh@isi.edu (Mark Handley) media entry c=IN IP4 224.2.17.12/127 m= < media> t=2873397496 2873404696 a=recvonly < port> m=audio 49170 RTP/AVP 0 < transport> m=video 51372 RTP/AVP 31 m=application 32416 udp wb < fmt list> a=orient:portrait SDP Security Descriptions 5

  6. SDP Encryption Keys (k= ) v=0 • At session or media level o=mbaugher 12 12 IN IP4 12.224.88.17 k= < method> s=SDP Descriptions for SRTP i=Talk about using SDP for SRTP keys k= < method> < encryption key> u=http://people.cisco.com/mbaugher • Method can be e=mbaugher@cisco.com (Mark Baugher) – clear c=IN IP4 224.2.17.12/127/3 t=2873397496 2873404696 – base64 k=(base64)vg&T+)xG7@fb5j/,jaA}\|p0%* – uri m=audio 49170 RTP/SAVP 0 – Prompt m=video 51372 RTP/SAVP 31 m=application 32416 udp/ipsec-esp wb • Not suitable for SRTP k=(base64)gAe>=?#fQzo4jeI.:](:-)97kV – SRTP key is unique a=orient:portrait Probably for others, too • SDP Security Descriptions 6

  7. Rationale for this Work 1. Overcomes limitations of k= Enables SRTP, TLS, … signaling in SDP • 2. Leverages “ existing ” infrastructure SDP used to signal media sessions • TLS or IPsec offers signaling protection • Absence of a global PKI • Security descriptions complements the keymgt-extensions for environments where SDP message is secure (e.g. TLS, IPsec). SDP Security Descriptions 7

  8. Comparison with SDP k= Line A cryptographic key 1. Has descriptors … Parameters describing the key • Parameters describing the crypto session • 2. And structure SRTP master salt and master key • 3. And session or media-level parameters k= defines only structure, not parameters k= can be extended with a method but no provision is made for descriptors and complicated session and media-level semantics. SDP Security Descriptions 8

  9. SDP Signaling: Secure End-End Channel Signaling IPsec/TLS Sender Receiver SRTP bearer SDP Security Descriptions 9

  10. SDP Signaling: Hop-by-Hop Channels Signaling IPsec/TLS Signaling Controller Controller Network B IPsec/TLS IPsec/TLS Network C Network A SRTP bearer Receiver Sender SDP message (e.g. SIP/SDP) travels multiple hops e.g. networks a, b, and c encrypted/authenticated Not end-end, security as good as weakest link MMUSIC key-mgt approach does not suffer from this SDP Security Descriptions 10

  11. Comparison with key-mgt Line • Key mgt extensions • Security descriptions – Supports AKE – No AKE – Uses encrypted blob – Textual SDP parms • New key-mgt stmt • Extends k= statement • Conveys a key mgt • SDP secured with TLS, protocol message IPsec, … – Provides end-to-end – May not provide end-to- security end security – As secure as the key – As secure as hop-by-hop management protocol data security protocol – Additional latency – No additional latency SDP Security Descriptions 11

  12. Transport-Specific vs. Generic • K= & key-mgt are transport-generic • Sdescriptions seeks to be as generic – A framework for security transports – Parameters are generic to the transports – Parameter values are transport specific • But do not operate at SDP session level – Complicated interactions with transport- session parameters SDP Security Descriptions 12

  13. SDP Security Descriptions a=crypto:<crypto-suite> <application> <key> [<session>] An SDP attribute with 4 parameters – Crypto-suite = value (e.g. SRTP: AES-CTR-HMAC-SHA1-80) – application = sub-protocol (e.g. SRTP or SRTCP) – Key has two incarnations uri: absolute-uri inline: transport-specific-key-descriptor – Session is transport-specific session parameters (e.g. SRTP: unencrypted srtp, FEC order, etc. ) SDP Security Descriptions 13

  14. An SRTP Example v=0 o=jdoe 2890844526 2890842807 IN IP4 10.47.16.5 s=SDP Seminar i=A Seminar on the session description protocol u=http://www.example.com/seminars/sdp.pdf e=j.doe@example.com (Jane Doe) c=IN IP4 224.2.17.12/127 t=2873397496 2873404696 a=recvonly m=video 51372 RTP/SAVP 31 a=crypto:AES_CM_128_HMAC_SHA1_80 both inline:16/14/d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj/2^20/1:32 m=audio 49170 RTP/SAVP 0 a=crypto:AES_CM_128_HMAC_SHA1_32 srtp inline:16/14/NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj/2^20/1:32 a=crypto:AES_CM_128_HMAC_SHA1_80 srtcp inline:16/14/eZkBkQythOTg3NjU0MSEzMDMyMT01NDg5N2RlRkF/2^20/1:32 m=application 32416 udp wb SDP Security Descriptions 14 a=orient:portrait

  15. Next Steps • Fix known errors – SDP direction attribute ambiguities • Add missing pieces – Generalize Offer/Answer – Generalize to transports beyond RTP/SAVP • Get implementation experience • Report back to next mmusic meeting SDP Security Descriptions 15

Recommend

H.245 Control Signaling Used between session participants to establish and control media

H.245 Control Signaling Used between session participants to establish and control media

H.245 Control Signaling Used between session participants to establish and control media streams Agree on the media formats and bandwidth Multiplexing multiple media streams No actual media A generic protocol for the control of

516 views • 28 slides
Imagine: Media Processing with Streams Brucek Khailany et al. and a little bit of Evaluating

Imagine: Media Processing with Streams Brucek Khailany et al. and a little bit of Evaluating

Imagine: Media Processing with Streams Brucek Khailany et al. and a little bit of Evaluating the Imagine Stream Architecture Jung Ho Ahn et al. Presented by Dan Amelang Background Digital media processing has become pervasive

177 views • 14 slides
Scalable Scheduling Support for Loss and Delay Constrained Media Streams Richard West, Karsten

Scalable Scheduling Support for Loss and Delay Constrained Media Streams Richard West, Karsten

Scalable Scheduling Support for Loss and Delay Constrained Media Streams Richard West, Karsten Schwan &amp; Christian Poellabauer Georgia Institute of Technology Rich West (1999) Introduction Real-Time media servers need to support 100s

440 views • 28 slides
crafting effective descriptions for print , social media , and the web Tracy McPeck Prince William

crafting effective descriptions for print , social media , and the web Tracy McPeck Prince William

crafting effective descriptions for print , social media , and the web Tracy McPeck Prince William Public Library System why be concise ? The internet has changed our reading habits . We skim instead of reading . Our attention spans have shortened

416 views • 14 slides
A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic

A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic

A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic Tejmani Sinam, Irengbam Tilokchan Singh, Sukumar Nandi Pradeep Lamabam, Ngasham Nandarani Devi Department of Computer Science and Engineering,

231 views • 6 slides
CSE 143 Streams as C++ Classes Streams are C++ classes Streams have lots of built-in

CSE 143 Streams as C++ Classes Streams are C++ classes Streams have lots of built-in

CSE 143 Streams as C++ Classes Streams are C++ classes Streams have lots of built-in methods We use the . syntax to access member More Stream I/O functions, as usual. inFile.get(ch); // get a character outFile.put(ch); //

209 views • 3 slides
Security in the age of social media Exploring the benefits and security risks Please note the

Security in the age of social media Exploring the benefits and security risks Please note the

Sponsored by Security in the age of social media Exploring the benefits and security risks Please note the audio line will remain silent until 5 minutes before the webcast commences. Join our expert panel to discuss your security issues

481 views • 24 slides
Spec status W3C IETF WebRTC 1.0 CR JSEP RFC Media Capture and Streams CR Data Channel

Spec status W3C IETF WebRTC 1.0 CR JSEP RFC Media Capture and Streams CR Data Channel

Spec status W3C IETF WebRTC 1.0 CR JSEP RFC Media Capture and Streams CR Data Channel ~RFC Identifiers for WebRTC's Statistics WD RTP Usage ~RFC Transports ~RFC Audio/Video codecs RFC Requirements RFC JavaScript APIs - 2

280 views • 11 slides
- http://pothosware.com/ Interesting features Feedback loops Polymorphic streams

- http://pothosware.com/ Interesting features Feedback loops Polymorphic streams

- http://pothosware.com/ Interesting features Feedback loops Polymorphic streams Signals slots Remote topologies Live reconfiguration Object introspection Block registration Block descriptions

240 views • 10 slides
Adaptive Routing of QoS-Constrained Media Streams over Scalable Overlay Topologies Gerald Fry

Adaptive Routing of QoS-Constrained Media Streams over Scalable Overlay Topologies Gerald Fry

Adaptive Routing of QoS-Constrained Media Streams over Scalable Overlay Topologies Gerald Fry and Richard West Boston University Boston, MA 02215 {gfry,richwest}@cs.bu.edu Computer Science Introduction Computer Science Internet growth

407 views • 28 slides
The SDP Content Attribute draft-ietf-mmusic-sdp-media-content-02.txt Jani.Hautakorpi@ericsson.com

The SDP Content Attribute draft-ietf-mmusic-sdp-media-content-02.txt Jani.Hautakorpi@ericsson.com

The SDP Content Attribute draft-ietf-mmusic-sdp-media-content-02.txt Jani.Hautakorpi@ericsson.com The Idea Screen Speakers image Presentation slides Sign Similar language media streams Media Client Server Application Status of

616 views • 3 slides
Stream Bank Stabilization in Open Space Streams in open space There are approximately 35

Stream Bank Stabilization in Open Space Streams in open space There are approximately 35

Stream Bank Stabilization in Open Space Streams in open space There are approximately 35 miles of streams that flow through Open Space. The streams range in size from small head water streams to the Middle Patuxent River. Streams

349 views • 30 slides
Data Streams Many large sources of data are generated as streams of updates: IP Network

Data Streams Many large sources of data are generated as streams of updates: IP Network

Summarizing and Mining Skewed Data Streams Graham Cormode cormode@bell-labs.com Flip Korn, S. Muthukrishnan, Divesh Srivastava Data Streams Many large sources of data are generated as streams of updates: IP Network traffic data Text:

485 views • 44 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Data Streams Many large sources of data are generated as streams of updates: IP Network

Data Streams Many large sources of data are generated as streams of updates: IP Network

Summarizing and Mining Skewed Data Streams Graham Cormode cormode@bell-labs.com S. Muthukrishnan muthu@cs.rutgers.edu Data Streams Many large sources of data are generated as streams of updates: IP Network traffic data Text: email/

535 views • 20 slides
Chapter 8 Dataflow Descriptions in VHDL 1 benyamin@mehr.sharif.edu Dataflow Description

Chapter 8 Dataflow Descriptions in VHDL 1 benyamin@mehr.sharif.edu Dataflow Description

Chapter 8 Dataflow Descriptions in VHDL 1 benyamin@mehr.sharif.edu Dataflow Description Its between structural and behavioral descriptions Descriptions at this level specify the flow of data through the registers and busses of a

753 views • 51 slides
Streams and File I/O Fundamentals of Computer Science Outline Overview of Streams and File

Streams and File I/O Fundamentals of Computer Science Outline Overview of Streams and File

Streams and File I/O Fundamentals of Computer Science Outline Overview of Streams and File I/O Buffering Text File I/O Binary File I/O Streams Stream : an object that either delivers data to its destination (screen, file,

770 views • 33 slides
Civil Society and Media Monitoring Ukraines Security Governance Challenges: Security Sector Go

Civil Society and Media Monitoring Ukraines Security Governance Challenges: Security Sector Go

The Governance Role of Civil Society and Media Monitoring Ukraines Security Governance Challenges: Security Sector Go ver nance: The Role of Democratic Institutions &amp;International Best Practices CONFERENCE II: 16-17 March 2016 Ms Karina

439 views • 11 slides
CS 61A Discussion 10 Streams (and Interpreters) Albert Xu Kaavya Shah Slides:

CS 61A Discussion 10 Streams (and Interpreters) Albert Xu Kaavya Shah Slides:

CS 61A Discussion 10 Streams (and Interpreters) Albert Xu Kaavya Shah Slides: albertxu.xyz/teaching/cs61a/ *part of these slides sourced from Jemmy and Is Final Review Fall 18 Streams Streams are lazy linked lists - the first element

334 views • 21 slides
Security Council SC/10706 Department of Public Information News and Media Division New

Security Council SC/10706 Department of Public Information News and Media Division New

11 July 2012 Security Council SC/10706 Department of Public Information News and Media Division New York Security Council - 6804 th Meeting* (AM) DESPITE PROGRESS IN CONSOLIDATING PEACE, WEST AFRICA NOW CONF RONTS NEW WAVE OF

187 views • 3 slides
Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

506 views • 24 slides
Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

440 views • 26 slides
Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

810 views • 22 slides
Dont Ignore GitHub Security Alerts, Automate Them Into Your Workflow. Verizon Media March 13,

Dont Ignore GitHub Security Alerts, Automate Them Into Your Workflow. Verizon Media March 13,

Dont Ignore GitHub Security Alerts, Automate Them Into Your Workflow. Verizon Media March 13, 2019 Quick Intro Ashley Wolf Open Source Program Manager Twitter: @Meta_Ashley Verizon Media 2 Verizon Media Open Source Program Office 440

600 views • 28 slides

More recommend