Network Working Group                                         C. Perkins
Internet-Draft                                     University of Glasgow
Intended status: BCP                                       March 4, 2009
Expires: September 5, 2009


   Guidelines for the use of Variable Bit Rate Audio with Secure RTP
                draft-perkins-avt-srtp-vbr-audio-00.txt

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on September 5, 2009.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Abstract

   This memo discusses potential security issues that arise when using
   variable bit rate audio with the secure RTP profile.  Guidelines to



Perkins                 Expires September 5, 2009               [Page 1]

Internet-Draft          Using VBR audio with SRTP             March 2009


   mitigate these issues are suggested.


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Guidelines for the use of VBR Audio with SRTP . . . . . . . . . 3
   3.  Security Considerations . . . . . . . . . . . . . . . . . . . . 4
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4
   5.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 4
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 4
     6.1.  Normative References  . . . . . . . . . . . . . . . . . . . 4
     6.2.  Informative References  . . . . . . . . . . . . . . . . . . 4
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . . . 5





































Perkins                 Expires September 5, 2009               [Page 2]

Internet-Draft          Using VBR audio with SRTP             March 2009


1.  Introduction

   The secure RTP framework (SRTP) [1] is a widely used framework for
   securing RTP sessions.  SRTP provides the ability to encrypt the
   payload of an RTP packet, and optionally add an authentication tag,
   while leaving the RTP header and any header extension in the clear.
   A range of encryption transforms can be used with SRTP, but none of
   the pre-defined encryption transforms use any padding; the RTP and
   SRTP payload sizes match exactly.

   When using SRTP with voice streams compressed using variable bit rate
   (VBR) codecs, the length of the compressed packets will therefore
   depend on the characteristics of the speech signal.  This variation
   in packet size will leak significant amounts of information about the
   contents of the speech signal.  For example [3] shows that known
   phrases in an encrypted call can be recognised with high accuracy in
   certain circumstances, without breaking the encryption.  Other work,
   referenced from [3], has shown that the language spoken in encrypted
   conversations can also be recognised.  This is potentially a
   significant security risk for some applications.  This memo discusses
   ways in which this traffic analysis risk may be mitigated.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [2].


2.  Guidelines for the use of VBR Audio with SRTP

   To avoid the potential information leaks that might enable traffic
   analysis, VBR audio codecs SHOULD NOT be used with encrypted SRTP
   sessions.

   Similarly, the use of voice activity detection with silence
   suppression or comfort noise can be considered an extreme form of VBR
   coding, which changes both the size and spacing of packets, and so
   leaks some information on the characteristics of the speech signal.
   Accordingly, it SHOULD NOT be used with encrypted SRTP sessions.

   It is safe to use variable rate coding to adapt a speech signal to
   the characteristics of a network channel, for example for congestion
   control purposes, provided this is done in a way which does not
   expose any information on the speech signal.  That is, if the
   variation is driven by the available network bandwidth, not by the
   input speech (i.e. if the packet sizes are constant unless the
   network conditions change).  VBR speech codecs can safely be used in
   this fashion with SRTP while avoiding leaking information on the
   contents of the speech signal that might be useful for traffic



Perkins                 Expires September 5, 2009               [Page 3]

Internet-Draft          Using VBR audio with SRTP             March 2009


   analysis.


3.  Security Considerations

   The security considerations of [1] apply.

   It might be thought that it is sufficient to pad the output of a VBR
   codec to a constant size using the RTP padding feature as a means of
   mitigating the traffic analysis attacks considered here (indeed, [3]
   suggests such a mitigation).  Section 3.1 of [1] discusses potential
   problems with this approach, which mean that it is NOT RECOMMENDED in
   general.


4.  IANA Considerations

   No IANA actions are required.


5.  Acknowledgements

   This memo is based on the discussion in [3].  Recent versions of ZRTP
   [4] contain a similar recommendation; the purpose of this memo is to
   highlight the issue to a wider audience, since it is not specific to
   ZRTP.


6.  References

6.1.  Normative References

   [1]  Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
        Norrman, "The Secure Real-time Transport Protocol (SRTP)",
        RFC 3711, March 2004.

   [2]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
        Levels", BCP 14, RFC 2119, March 1997.

6.2.  Informative References

   [3]  Wright, C., Ballard, L., Coull, S., Monrose, F., and G. Masson,
        "Spot me if you can: Uncovering spoken phrases in encrypted VoIP
        conversation", Proceedings of the  IEEE Symposium on Security
        and Privacy 2008, May 2008.

   [4]  Zimmermann, P., Johnston, A., and J. Callas, "ZRTP: Media Path
        Key Agreement for Secure RTP", draft-zimmermann-avt-zrtp-15



Perkins                 Expires September 5, 2009               [Page 4]

Internet-Draft          Using VBR audio with SRTP             March 2009


        (work in progress), March 2009.


Author's Address

   Colin Perkins
   University of Glasgow
   Department of Computing Science
   Sir Alwyn Williams Building
   Lilybank Gardens
   Glasgow  G12 8QQ
   UK

   Email: csp@csperkins.org





































Perkins                 Expires September 5, 2009               [Page 5]