05-07-2012, 11:51 AM
Alternate Encryption Scheme for VoIP traffic
Alternate Encryption Scheme.docx (Size: 26.63 KB / Downloads: 26)
Abstract:
Voice over IP is fast emerging as a strong contender to the traditional circuit-switched PSTN networks. Unlike the PSTN network, which requires dedicated lines, VoIP can share the network that is laid out to carry data traffic as well as other traffic categories. Securing VoIP and other real-time traffic is necessary considering the easy ways of hacking communication over internet. Most of the existing security solutions for VoIP such as IPSec, Secure Real Time Protocol (SRTP) and ZRTP use the standard symmetric encryption algorithms for encrypting voice traffic.
INTRODUCTION
Securing Real-time traffic has been an active area of research and a lot of solutions have been proposed to secure the communication keeping the constraints involved in real-time communication in mind. Since the real-time traffic packets are smaller in size and are processed in real-time they cannot be encrypted like data packets. The most important factor to consider in real-time traffic is limiting the delay of each packet within the maximum acceptable limits. For instance the maximum acceptable delay in case of VOIP traffic is only 150ms per packet. The real-time traffic is carried over protocols such as IP and RTP. These protocols do not offer much in-built security they have to be secured through other protocols.
cryptography or symmetric encryption.
Most of the existing security protocols such as SRTP [3] and ZRTP [4] use symmetric algorithms for encrypting the real-time traffic. Public-key cryptography has not been widely analyzed for VOIP traffic as it requires Public-Key Infrastructure (PKI). Setting up and maintaining PKI architecture is an intensive task. But the Public-Key architecture is more secure than the symmetric algorithms. This paper proposes an Alternate Encryption Scheme that tries to strike a balance between the PKI and the symmetric cryptography for encrypting VOIP and other real-time traffic. The proposed scheme uses PKI architecture for the initial authentication and key exchange mechanism and uses symmetric encryption algorithm for encrypting the actual payload. A unique key is generated for each packet and encryption done on a per-packet basis.
MIKEY PKI Key Exchange method:
A secure key exchange mechanism is essential for the proposed encryption scheme to work efficiently. MIKEY [5] and IKE [6] are the two widely used key exchange mechanisms. IKE is used mainly for IPSec traffic and MIKEY was developed for peer to peer security protocols for real-time traffic such as SRTP. MIKEY Key exchange
978-1-4244-4170-9/09/$25.00 ©2009 IEEE 178
mechanisms can be broadly classified as pre-shared, PKI based and Diffie-Hellman based key exchange mechanism. This paper mainly concentrates on the PKI based key exchange method. The PKI based method is recommended to be used with the Alternate Encryption Scheme for initial key exchange and authentication. The Public-Key method is based on Public-Key cryptography. It requires PKI architecture, which is resource and time consuming but provides more secure authentication than the other methods. In the Public-Key based key exchange mechanism used for the proposed scheme the initial authentication is achieved by the digital signature method based on the RSA algorithm.
CONCLUSION AND FUTURE WORK
In this paper, the authors presented a method for securing the Real-time traffic in general and VOIP in 182
particular. The Alternate Encryption Scheme provides better security than the existing security protocols such as SRTP and ZRTP. But the call-setup and initial authentication delays are suspected to be higher. The Alternate encryption scheme suggests reducing the computational time of the underlying encryption algorithm by using an algorithm that is of lesser complexity and takes less computational time. Such an algorithm has to be developed in the future. The authors have simulated and analyzed only the time delays during the call, the initial call setup delays and the network delays have not been considered. Further research needs to be done to simulate the delays caused during call setup and the ways to minimize them.
Alternate Encryption Scheme.docx (Size: 26.63 KB / Downloads: 26)
Abstract:
Voice over IP is fast emerging as a strong contender to the traditional circuit-switched PSTN networks. Unlike the PSTN network, which requires dedicated lines, VoIP can share the network that is laid out to carry data traffic as well as other traffic categories. Securing VoIP and other real-time traffic is necessary considering the easy ways of hacking communication over internet. Most of the existing security solutions for VoIP such as IPSec, Secure Real Time Protocol (SRTP) and ZRTP use the standard symmetric encryption algorithms for encrypting voice traffic.
INTRODUCTION
Securing Real-time traffic has been an active area of research and a lot of solutions have been proposed to secure the communication keeping the constraints involved in real-time communication in mind. Since the real-time traffic packets are smaller in size and are processed in real-time they cannot be encrypted like data packets. The most important factor to consider in real-time traffic is limiting the delay of each packet within the maximum acceptable limits. For instance the maximum acceptable delay in case of VOIP traffic is only 150ms per packet. The real-time traffic is carried over protocols such as IP and RTP. These protocols do not offer much in-built security they have to be secured through other protocols.
cryptography or symmetric encryption.
Most of the existing security protocols such as SRTP [3] and ZRTP [4] use symmetric algorithms for encrypting the real-time traffic. Public-key cryptography has not been widely analyzed for VOIP traffic as it requires Public-Key Infrastructure (PKI). Setting up and maintaining PKI architecture is an intensive task. But the Public-Key architecture is more secure than the symmetric algorithms. This paper proposes an Alternate Encryption Scheme that tries to strike a balance between the PKI and the symmetric cryptography for encrypting VOIP and other real-time traffic. The proposed scheme uses PKI architecture for the initial authentication and key exchange mechanism and uses symmetric encryption algorithm for encrypting the actual payload. A unique key is generated for each packet and encryption done on a per-packet basis.
MIKEY PKI Key Exchange method:
A secure key exchange mechanism is essential for the proposed encryption scheme to work efficiently. MIKEY [5] and IKE [6] are the two widely used key exchange mechanisms. IKE is used mainly for IPSec traffic and MIKEY was developed for peer to peer security protocols for real-time traffic such as SRTP. MIKEY Key exchange
978-1-4244-4170-9/09/$25.00 ©2009 IEEE 178
mechanisms can be broadly classified as pre-shared, PKI based and Diffie-Hellman based key exchange mechanism. This paper mainly concentrates on the PKI based key exchange method. The PKI based method is recommended to be used with the Alternate Encryption Scheme for initial key exchange and authentication. The Public-Key method is based on Public-Key cryptography. It requires PKI architecture, which is resource and time consuming but provides more secure authentication than the other methods. In the Public-Key based key exchange mechanism used for the proposed scheme the initial authentication is achieved by the digital signature method based on the RSA algorithm.
CONCLUSION AND FUTURE WORK
In this paper, the authors presented a method for securing the Real-time traffic in general and VOIP in 182
particular. The Alternate Encryption Scheme provides better security than the existing security protocols such as SRTP and ZRTP. But the call-setup and initial authentication delays are suspected to be higher. The Alternate encryption scheme suggests reducing the computational time of the underlying encryption algorithm by using an algorithm that is of lesser complexity and takes less computational time. Such an algorithm has to be developed in the future. The authors have simulated and analyzed only the time delays during the call, the initial call setup delays and the network delays have not been considered. Further research needs to be done to simulate the delays caused during call setup and the ways to minimize them.