Method and system for key management in voice over internet protocol
First Claim
1. A method, comprising:
- negotiating in a media path a cryptographic key exchange between a first user and a second user to compute session keys for Secure Real Time Protocol (SRTP) Voice Over Internet Protocol (VOIP) media streams;
computing a Short Authentication String (SAS) from the cryptographic key exchange between the first user and the second user, wherein computing includes computing the SAS in such a manner as to constrain a Man-In-The-Middle attack to one guess;
displaying the SAS to the first user and the second user such that an SAS mismatch indicates existence of a Man-In-The-Middle attack;
caching cryptographic key material created by the first user and the second user in a first communication session;
invoking the cryptographic key material in a second communication session between the first user and the second user, thereby establishing key continuity; and
augmenting cryptographic key material in the second communication session between the first user and the second user with the cryptographic key material from the first communication session.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for a secure telephone protocol are disclosed, which can be implemented using current Voice over IP (VoIP) protocols, Session Initiation Protocol (SIP, as specified in the Request for Comment (RFC) 3261 from the Internet Engineering Task Force (IETF)), Real Time Transport Protocol (RTP, as specified in RFC 3550), and Secure RTP (SRTP, as specified in RFC 3711). The secure telephone protocol can include a shared secret value that is cached and then re-used later to authenticate a long series of session keys to be used for numerous separate secure phone calls over a long period of time, thereby providing cryptographic key continuity without the need for voice authentication. In an embodiment, the secure telephone protocol can utilize the Diffie-Hellman key exchange during call setup, and AES for encrypting the voice stream.
-
Citations
3 Claims
-
1. A method, comprising:
-
negotiating in a media path a cryptographic key exchange between a first user and a second user to compute session keys for Secure Real Time Protocol (SRTP) Voice Over Internet Protocol (VOIP) media streams; computing a Short Authentication String (SAS) from the cryptographic key exchange between the first user and the second user, wherein computing includes computing the SAS in such a manner as to constrain a Man-In-The-Middle attack to one guess; displaying the SAS to the first user and the second user such that an SAS mismatch indicates existence of a Man-In-The-Middle attack; caching cryptographic key material created by the first user and the second user in a first communication session; invoking the cryptographic key material in a second communication session between the first user and the second user, thereby establishing key continuity; and augmenting cryptographic key material in the second communication session between the first user and the second user with the cryptographic key material from the first communication session. - View Dependent Claims (2, 3)
-
Specification