DTLS based Media Security

If you want to learn more about the approach please read the following drafts on how to secure real-time media traffic using DTLS:

http://tools.ietf.org/id/draft-fischl-sipping-media-dtls-01.txt

http://www.ietf.org/internet-drafts/draft-fischl-mmusic-sdp-dtls-02.txt

http://www.ietf.org/internet-drafts/draft-mcgrew-tls-srtp-02.txt

A nice slide set from the last IETF meeting can be found at: http://www3.ietf.org/proceedings/06nov/slides/avt-6.pdf

2 thoughts on “DTLS based Media Security

  1. Hi, Hannes,

    I work for Alcatel-Lucent and I am evaluating media related security using DTLS. I understand you authorized RTP over DTLS – http://tools.ietf.org/html/draft-tschofenig-avt-rtp-dtls-00. I couldn’t seem to find any subsequent works from you or others on RTP over DTLS. Is it because there is no advantage of RTP/DTLS compared with SRTP? Could you let me know the current state on the subject?

    A more popular use of DTLS in media security seems to be in combination with SRTP (DTLS-SRTP)where DTLS is used to negotiate SRTP keying materials and parameters and media is then over SRTP.

    Thanks.

    Kevin

  2. Hi Kevin,

    I was indeed involved in the work on VoIP media security some time ago. We thought that DTLS would be a good choice for establishing the keying material to protect subsequent communication between the end points. In fact an entire RFC was focused on the topic of requirements and comparison with various other approaches, see http://www.ietf.org/rfc/rfc5479.txt

    Anyway, DTLS provides two functions, namely the authentication and key exchange as part of the handshake protocol and the channel security based on the record layer protocol.

    Since many installed devices already implemented SRTP in hardware a concern was raised that the usage of the record layer protocol would lead to performance degradation and would be less optimized for voice traffic.

    As a consequence, the initial design of the DTLS-SRTP media security work was changed and the outcome was http://tools.ietf.org/html/rfc5763. It used the DTLS handshake protocol but established SRTP security associations instead of using the DTLS record layer protocol.

    For this reason the work on http://tools.ietf.org/html/draft-tschofenig-avt-rtp-dtls-00 was stopped.

    Ciao
    Hannes
    The initial design was based on the assumption that

Leave a Reply

Your email address will not be published. Required fields are marked *