Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
JUCS
2008
2008
Security and Usability Aspects of Man-in-the-Middle Attacks on ZRTP
Abstract: ZRTP is a protocol designed to set up a shared secret between two communication parties which is subsequently used to secure the media stream (i.e. the audio data) of a VoIP connection. It uses Diffie-Hellman (DH) key exchange to agree upon a session key, which is inherently vulnerable to active Man-in-the-Middle (MitM) attacks. Therefore ZRTP introduces some proven methods to detect such attacks. The most important measure is a so called Short Authentication String (SAS). This is a set of characters that is derived essentially from the public values of the Diffie-Hellman key exchange and displayed to the end users for reading out and comparing over the phone. If the SAS on the caller's and the callee's side match, there is a high probability that no MitM attack is going on. Furthermore, ZRTP offers a form of key continuity by caching key material from previous sessions for use in the next call. In order to prevent that a MitM can manipulate the Diffie-Hellman key e...
Real-time TrafficRelated Content
| Added | 13 Dec 2010 |
| Updated | 13 Dec 2010 |
| Type | Journal |
| Year | 2008 |
| Where | JUCS |
| Authors | Martin Petraschek, Thomas Hoeher, Oliver Jung, Helmut Hlavacs, Wilfried N. Gansterer |
Comments (0)
Researcher Info
|
