End-to-End Media Security

Discussion of Real-time Transport Protocol (RTP), Secure RTP (SRTP), and the transport of media over DTLS
Post Reply
User avatar
paulej
Posts: 609
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

End-to-End Media Security

Post by paulej »

Folks,

For those wondering what's happening in the VoIP and videoconferencing world lately, there are really three major activities. One is WebRTC, which has plenty of folks out talking about it, so I'll leave that alone. The other is the new video codec work that is happening in both the IETF NetVC working group and the Alliance for Alliance for Open Media. The third is a focus on end-to-end security of media flows, which is happening in the IETF PERC working group. I've been spending time in the latter, primarily, but dabbling a little in the others.

As you are likely well aware, SRTP provides the means through which one can encrypt media flows. DTLS-SRTP defines a way to negotiate media keys directly with a remote endpoint, which is great for facilitating end-to-end security between two users. However, end-to-end encryption in group conferencing is still a wide-open target that needs to be addressed. That's where PERC comes in.

The work is well underway with a number of drafts already published, most of which are adopted by the PERC working group. Those are:
  • A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing
  • SRTP Double Encryption Procedures
  • draft-ietf-perc-srtp-ekt-diet-02
  • draft-jones-perc-dtls-tunnel-04
For a general overview (appreciating that some things have changed over the last year), see: https://www.ietf.org/proceedings/93/sli ... perc-3.pdf. I'll probably create a more current set of slides in coming months, but those were ones I created a year ago to help explain the idea.

I know that end-to-end security and conferencing are both of interest to many who visit Packetizer, so I thought you might be interested to know about this work, just in case you were not already.

Cheers!
Paul
Post Reply