Disclosing Secure RTP (SRTP) Session Keys

1
Disclosing Secure RTP (SRTP) Session Keys

• draft-wing-sipping-srtp-key-02

Dan Wing, dwing_at_cisco.com Francois Audet,
audet_at_nortel.com Steffen Fries,
steffen.fries_at_siemens.com Hannes Tschofenig,
hannes.tschofenig_at_nsn.com
2
Scenario

• This call may be recorded for quality purposes
• Businesses need to record their employees phone
  calls
• Banks, stockbrokers
• Catalog ordering companies
• Travel agencies, hotel reservations
• Regulatory requirements
• United States Sarbanes-Oxley Act

3
Meeting Requirement Today

• Today Recording is easy
• Media is RTP (unencrypted)
• Signaling is SIP (unencrypted)

IP phones
IP phones
IP phones
Caller
VoIP headsets
VoIP headsets
VoIP headsets
VoIP softphones
Recording Device
VoIP softphones
VoIP softphones
4
Meeting Requirement Tomorrow

• Tomorrow Recording is not possible
• Media is SRTP
• SIP signaling might also be encrypted

5
Requirements

• Completely separate from SRTP keying technique
• Work with every SRTP keying mechanism
• Allow SIP signaling to be encrypted
• Allow SDP to be encrypted
• Endpoint MUST cooperate in key disclosure
• Allows user to be reminded of SRTP key disclosure
• Allows user to authorize the recording, per call
• Do not require a B2BUA
• Allow recording all calls or selective calls
• User decides / call processing system decides

6
Proposed Mechanism
7
Proposed Mechanism

1. Endpoints perform normal SRTP keying
2. Endpoint uses public key of recording device to
   encrypt the two SRTP session keys (transmit key
   and receive key)
3. Endpoint sends that encrypted information to its
   SIP proxy
4. SIP proxy routes the message to the recording
   device
5. Recording device decrypts message, and now has
   SRTP session keys

8
Questions
draft-wing-sipping-srtp-key-02
Dan Wing, dwing_at_cisco.com Francois Audet,
audet_at_nortel.com Steffen Fries,
steffen.fries_at_siemens.com Hannes Tschofenig,
hannes.tschofenig_at_nsn.com