Sciweavers

JUCS
2008

Security and Usability Aspects of Man-in-the-Middle Attacks on ZRTP

13 years 11 months ago
Security and Usability Aspects of Man-in-the-Middle Attacks on ZRTP
Abstract: ZRTP is a protocol designed to set up a shared secret between two communication parties which is subsequently used to secure the media stream (i.e. the audio data) of a VoIP connection. It uses Diffie-Hellman (DH) key exchange to agree upon a session key, which is inherently vulnerable to active Man-in-the-Middle (MitM) attacks. Therefore ZRTP introduces some proven methods to detect such attacks. The most important measure is a so called Short Authentication String (SAS). This is a set of characters that is derived essentially from the public values of the Diffie-Hellman key exchange and displayed to the end users for reading out and comparing over the phone. If the SAS on the caller's and the callee's side match, there is a high probability that no MitM attack is going on. Furthermore, ZRTP offers a form of key continuity by caching key material from previous sessions for use in the next call. In order to prevent that a MitM can manipulate the Diffie-Hellman key e...
Martin Petraschek, Thomas Hoeher, Oliver Jung, Hel
Added 13 Dec 2010
Updated 13 Dec 2010
Type Journal
Year 2008
Where JUCS
Authors Martin Petraschek, Thomas Hoeher, Oliver Jung, Helmut Hlavacs, Wilfried N. Gansterer
Comments (0)