ZRTP

ZRTP (composed of " Z" and " Real-Time Transport Protocol" ) is a cryptographic key exchange protocol for negotiating encryption keys between two end points of an IP telephone call (VoIP ) based on the Real - time Transport Protocol. It uses the Diffie-Hellman key exchange, and the Secure Real-Time Transport Protocol ( SRTP) for encryption. ZRTP was developed by Phil Zimmermann with the help of Bryce Wilcox - O'Hearn, Colin Plumb, Jon Callas and Alan Johnston. It was published by the Internet Engineering Task Force ( IETF) as RFC 6189 in 2011.

Overview

ZRTP ("Z" is a reference to the inventor Phil Zimmermann, "RTP " stands for " Real-time Transport Protocol" ) is described in the Internet draft as a "key agreement protocol Which performs Diffie -Hellman key exchange falling on call setup in band in the Real - time Transport Protocol ( RTP) media stream Which HAS BEEN established using someother signaling protocol: such as session Initiation Protocol ( SIP). This gene rates a shared secret Which is then used to generate keys and salt for a Secure RTP (SRTP ) session. " ( " Key exchange protocol that a Diffie -Hellman key exchange performs during the call during call establishment within a real-time transport protocol data stream (RTP), which was constructed using a different signaling protocol such as the session Initiation Protocol (SIP). This produces a shared secret, which is then used for the generation of keys and salt for a Secure RTP session (SRTP ). " ) One of the features of ZRTP is that it does not rely on key management for SIP signaling or any server. It supports opportunistic encryption by auto-detection of ZRTP support on the opposite side.

The Protocol sets no common secrets or public-key infrastructure ( PKI) or certification authorities require actually ephemeral Diffie -Hellman keys are created in the establishment of each session: This eliminates the need for the inconvenience of setting up and maintaining a trusted third party.

These keys are used to generate the session secret from which the session key and parameters for the SRTP session can be derived, together with any previous shared secrets: This provides protection against middleman attacks, as long as the attacker was not present at the first meeting between the two terminals.

ZRTP can be used with any signaling protocols, including SIP, H.323, Jingle and Distributed hash tables - systems. ZRTP is independent of the signaling layer, as any key negotiation occurs on the RTP data stream.

ZRTP / S, a ZRTP protocol extension can be run on any type of existing Telephonnetzwerken, including GSM, UMTS, ISDN, PSTN, SATCOM, UHF / VHF radio, because it is a narrow-band bit-stream oriented protocol and performs any key negotiation within the data stream between two endpoints.

Alan Johnston called the protocol " ZRTP " because it was based on added to RTP packets header extensions in its earliest Internet - Drafts that made ZRTP to a variant of RTP. In later designs, the packet format has been changed to make it syntactically distinguishable from RTP. Given this change, ZRTP is now a pseudo acronym.

Authentication

Nonce

The Diffie -Hellman key exchange itself offers no protection against middleman attacks. Order ( without an existing shared secret ) to ensure that the attacker is not actually present at the first meeting, a " Short Authentication String (SAS)" called nonce used: the communicating parties verbally check one displayed on both terminals value for a match. If the value does not match, this indicates a middle-man attack. ( End of 2006 developed the American NSA, an experimental voice analysis and synthesis system to overcome this protective measure, but it is believed no serious threat to the Protocol security of this type attacks. ) The SAS is used to authenticate the key exchange, which is basically a cryptographic checksum of the two Diffie-Hellman values ​​. The SAS value is displayed on both ZRTP endpoints. To perform authentication, this value is read to the communication partner over the voice connection loud. If the values ​​do not match on both sides, this indicates a middle-man attack; if they match, a middleman attack is very unlikely. The use of hash commitment in the DH exchange constrains the attacker in the attack on only one attempt in generating the correct SAS, which the SAS can be quite short. For example, can a 16 -bit SAS an attacker just one of 65,536 ways to avoid detection.

Key continuity

ZRTP provides a second layer of authentication against a middle-man attack, based on a form of key continuity. It ensures this by caching some of hashed information from the last key for use in the next call to infuse the next call in the shared secret for the DH exchange, which gives it key continuity properties analogous to SSH. If the middleman is not already present in the first meeting, so he is excluded from the following sessions. Therefore, most middle-man attacks and then stopped when the SAS is never used, as the middle man was not present at the first meeting.

History

The method stems from the VoIP software developed by Phil Zimmermann Zfone for which it was developed as a central part of the safety concept. Zfone was introduced to the public in March 2006 for the first time. On 5 March 2006, submitted by Phil Zimmermann, Jon Callas and Alan Johnston a protocol specification to the Internet Engineering Task Force ( IETF). At the time also essential parts of the process have been applied for a patent that is automatically licensed for free at desired proper implementation. The IETF published the protocol specification, on 11 April 2011 as RFC 6189th

Operating environment

  • ZRTP has been implemented on the following platforms and used: Windows, Linux, Mac OS X, iPhone, Symbian, BlackBerry OS, Android
  • There is implemented in the following languages ​​: C, C , Java
  • It has been successfully used with the following transport media: WLAN, UMTS, EDGE, GPRS, satellite IP modem, GSM CSD, ISDN

Implementations

ZRTP has been implemented in GNU ZRTP, which is used in Twinkle and SFLphone, and in GNU ZRTP4J which (formerly "SIP Communicator " ) is used in Jitsi. It has been implemented for use in Linphone in ortp. Commercial implementations of ZRTP are in PrivateGSM of Private Wave, and more recently in Silent Phone by Silent Circle, a company founded by Phil Zimmermann company.

837661
de