Method and system for key management in voice over internet protocol
First Claim
1. A method, comprising:
- negotiating in a media path a cryptographic key exchange between a first user and a second user to compute session keys for Secure Real Time Protocol (SRTP) Voice Over Internet Protocol (VOIP) media streams;
computing a Short Authentication String (SAS) from the cryptographic key exchange between the first user and the second user, wherein computing includes computing the SAS in such a manner as to constrain a Man-In-The-Middle attack to one guess;
displaying the SAS to the first user and the second user such that an SAS mismatch indicates existence of a Man-In-The-Middle attack;
caching cryptographic key material created by the first user and the second user in a first communication session;
invoking the cryptographic key material in a second communication session between the first user and the second user, thereby establishing key continuity; and
augmenting cryptographic key material in the second communication session between the first user and the second user with the cryptographic key material from the first communication session.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for a secure telephone protocol are disclosed, which can be implemented using current Voice over IP (VoIP) protocols, Session Initiation Protocol (SIP, as specified in the Request for Comment (RFC) 3261 from the Internet Engineering Task Force (IETF)), Real Time Transport Protocol (RTP, as specified in RFC 3550), and Secure RTP (SRTP, as specified in RFC 3711). The secure telephone protocol can include a shared secret value that is cached and then re-used later to authenticate a long series of session keys to be used for numerous separate secure phone calls over a long period of time, thereby providing cryptographic key continuity without the need for voice authentication. In an embodiment, the secure telephone protocol can utilize the Diffie-Hellman key exchange during call setup, and AES for encrypting the voice stream.
-
Citations
3 Claims
-
1. A method, comprising:
-
negotiating in a media path a cryptographic key exchange between a first user and a second user to compute session keys for Secure Real Time Protocol (SRTP) Voice Over Internet Protocol (VOIP) media streams; computing a Short Authentication String (SAS) from the cryptographic key exchange between the first user and the second user, wherein computing includes computing the SAS in such a manner as to constrain a Man-In-The-Middle attack to one guess; displaying the SAS to the first user and the second user such that an SAS mismatch indicates existence of a Man-In-The-Middle attack; caching cryptographic key material created by the first user and the second user in a first communication session; invoking the cryptographic key material in a second communication session between the first user and the second user, thereby establishing key continuity; and augmenting cryptographic key material in the second communication session between the first user and the second user with the cryptographic key material from the first communication session. - View Dependent Claims (2, 3)
-
Specification
-
- Resources
-
Current AssigneePhilip R. Zimmermann
-
Original AssigneePhilip R. Zimmermann
-
InventorsZimmermann, Philip R.
-
Primary Examiner(s)NGUYEN, MINH DIEU T
-
Application NumberUS11/460,621Publication NumberTime in Patent Office1,405 DaysField of Search713/171, 380/277, 380/283, 455/411US Class Current713/171CPC Class CodesH04L 63/061 for key exchange, e.g. in p...H04L 63/0861 using biometrical features,...H04L 63/126 the source of the received ...H04L 63/14 for detecting or protecting...H04L 63/1466 Active attacks involving in...H04L 65/1069 Session establishment or de...H04L 65/65 Network streaming protocols...H04L 9/0844 with user authentication or...H04M 3/16 with lock-out or secrecy pr...H04M 7/006 Networks other than PSTN/IS...H04M 7/0078 Security; Fraud detection; ...
