One document matched: draft-johnston-rtcweb-media-privacy-00.txt
Network Working Group A. Johnston
Internet-Draft Avaya
Intended status: Standards Track P. Zimmermann
Expires: December 2, 2011 Zfone Project
May 31, 2011
RTCWEB Media Privacy
draft-johnston-rtcweb-media-privacy-00
Abstract
RTCWEB is the joint effort between the IETF and the W3C to add real-
time voice, video, and communication capabilities to browsers. This
document looks at the requirements for media privacy and existing
mechanisms.
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 2, 2011.
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Johnston & Zimmermann Expires December 2, 2011 [Page 1]
Internet-Draft RTCWEB Media Security May 2011
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Media Security Requirements . . . . . . . . . . . . . . . . . . 3
3. Security Mechanism Discussion . . . . . . . . . . . . . . . . . 4
4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
5. Security Considerations . . . . . . . . . . . . . . . . . . . . 6
6. Informative References . . . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7
Johnston & Zimmermann Expires December 2, 2011 [Page 2]
Internet-Draft RTCWEB Media Security May 2011
1. Introduction
The requirements for real-time communications in web browsers or
RTCWEB are currently being discussed and developed. For both the
IETF and the W3C, there are significant challenges due to the unique
architecture of browsers.
The same is true for security as well - the requirements are
evolving, but starting to come into focus. This draft raises a few
issues relating to media security and privacy, something the authors
have spent considerable time and effort thinking, writing, and
deploying code over the past seven years.
2. Media Security Requirements
One possible model for RTCWEB is described in
[I-D.alvestrand-dispatch-rtcweb-protocols], which is summarized here.
To implement RTCWEB, both signaling and media is needed. Media for
audio and video will likely use RTP [RFC3550], and using some NAT
traversal/media authorization approach, will ideally go end-to-end
between the two browsers, bypassing the web server and any
intermediaries. ICE [RFC5245] is commonly mentioned as a potential
protocol for both the NAT traversal method and also for the media
authorization method.
Signaling is quite a different story, however. This approach does
not standardize any signaling between the browser and the web server.
Instead, the state machine and capability negotiation abilities will
be downloaded from the web server into the browser - the same way
other features and functionality are provided in web apps and pages
today. For example, Javascript could be used for this purpose.
There are two interesting side effects of this. It means that there
will be many different signaling protocols used for RTCWEB. Also, it
means that will not be any single security or trust model for the
signaling - it will depend on the web page, the application, and the
way in which the signaling works.
Both of these side effects pose significant challenges for media
security. The best way to secure RTP streams is to use SRTP
[RFC3711]. However, SRTP requires a key management protocol. A key
management protocol generates and distributes the symmetric secret
keys to the sender and receiver of the stream. The simplest SRTP key
management is to have the SRTP sender generate the key and use the
signaling channel to send it to the receiver. However, in order to
do this, the signaling protocol must meet some security requirements
relating to confidentiality. In the RTCWEB architecture, there is no
Johnston & Zimmermann Expires December 2, 2011 [Page 3]
Internet-Draft RTCWEB Media Security May 2011
standardization of the signaling protocol possible, and hence this
approach can not be used. Another approach which does not rely on
security properties of the signaling protocol is to use a key
management system backed by a PKI. In this way, secret keys can be
transported by any signaling protocol. However, this requires public
private key pairs on every browser, and the infrastructure to manage
them.
Instead, what is needed is a key management protocol for SRTP that
does not place any reliance on the signaling protocol.
3. Security Mechanism Discussion
The issues and requirements in the previous section are very
different from those normally encountered in telephony systems.
Nearly all key management protocols for SRTP either rely on a PKI-
backed certificate or place strict requirements and trust on the
signaling layer. However, the ZRTP key management protocol [RFC6189]
does not. In fact, to read its design principles, one might come to
the conclusion that it was specifically designed for RTCWEB, despite
the fact that it predates the RTCWEB effort by five years.
ZRTP is an entirely self-contained key management protocol for SRTP
that places no requirements or reliance on the signaling path. It
was originally designed as an extension to RTP, but is now a separate
protocol that runs over the same ports and IP addresses as an RTP
stream. Today, ZRTP is used with SIP, Jingle, and even proprietary
VoIP (Voice over IP) and video systems - the only requirement is that
they use RTP for media. This flexibility is something that is simply
not possible for other key management protocols. It implements its
own discovery mechanism, having first applied the concept of "Best
Effort Encryption" to VoIP as defined in [RFC5479]. It uses an in-
band Diffie Hellman exchange to generate the secret keying material
for SRTP. ZRTP avoids the need for PKI backed certificates by using
techniques borrowed from SSH and key continuity.
ZRTP has been widely discussed in the IETF, and has been published by
the IETF as an informational RFC, to document an existing and
deployed security model. Through this process, ZRTP benefited from
significant review from the IETF and security community. ZRTP
inspired other media-path keying protocols such as DTLS/SRTP
[RFC5764]. However, DTLS-SRTP missed the mark on many of the key
advantages of ZRTP and has seen little or no deployment or interest
in the marketplace despite being published as a proposed standard.
The single most important failure is its reliance on either PKI
backed endpoint certificates, or on an end-to-end integrity protected
signaling path. While there are SIP mechanisms that have been
Johnston & Zimmermann Expires December 2, 2011 [Page 4]
Internet-Draft RTCWEB Media Security May 2011
published to implement an end-to-end integrity protected signaling
path [RFC4474], this approach also has no deployment and no traction
in the industry. As discussed earlier, there is way to place any
requirements on the signaling protocol, let alone one as difficult as
end-to-end integrity protection.
In the development of ZRTP, it was realized that there are scenarios
in which the media can not be encrypted end-to-end. For example,
when a client has a trusted server or PBX which provides media
services in the path. For these cases, ZRTP developed mechanisms for
handling a "trusted MiTM" which can terminate than reoriginate the
SRTP encryption. This is done without compromising the basic
security of the protocol, or allowing arbitrary MiTM entities in the
media path. With RTCWEB applications, there may be cases where the
web server application is providing media services and hence needs
access to the media path. ZRTP can support these scenarios, allowing
for a user to explicitly authorize this, while still having all the
benefits of ZRTP. ZRTP also handles cases where each endpoint of a
communications session have a trusted MiTM. In this case, there will
actually be three separately encrypted media paths. These types of
scenarios could easily be encountered where each user has a trusted
MiTM web server.
To take full advantage of ZRTP, a voice path is needed in order for
users to compare the Short Authentication String (SAS). However,
ZRTP still provides security similar to SSH in its key continuity.
Also, ZRTP normally requires a display for rendering the SAS, but
this is not an issue for a browser.
RFC 6189 documents the ZRTP protocol as it is deployed today in VoIP
systems. For the RTCWEB application, it is likely that modifications
and enhancements might need to be made. It is the hope of the
authors that these modifications could be done by the working group
in a way that does not compromise the core principles of ZRTP, and
also perhaps provides fallback interoperabilty between browsers and
existing ZRTP VoIP devices and systems.
4. Summary
In summary, this draft has discussed some of the unique requirements
of RTCWEB media security and shown that ZRTP actually meets these.
In fact, the authors believe that ZRTP is ideally architected for
providing media security, privacy, and even some identity services
for RTCWEB. ZRTP is not perfect, but it has the correct architecture
that other protocols do not have, and can be adapted to meet the
needs of the RTCWEB effort.
Johnston & Zimmermann Expires December 2, 2011 [Page 5]
Internet-Draft RTCWEB Media Security May 2011
5. Security Considerations
This whole document is about security. In the RTCWEB effort, we are
hoping to provide a browser based real-time communication platform
that can be trusted and used by Internet users worldwide. The
privacy of the browser to browser media path should be our most
important concern. Choosing the wrong media security approach will
hurt users of the Internet and limit the usefulness of the HTML5
RTCWEB extensions. It is the hope of the authors that the IETF will
take this responsibility seriously and give users of RTCWEB the best
options for media security and privacy.
6. Informative References
[I-D.alvestrand-dispatch-rtcweb-protocols]
Alvestrand, H., "Overview: Real Time Protocols for Brower-
based Applications",
draft-alvestrand-dispatch-rtcweb-protocols-01 (work in
progress), March 2011.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, July 2003.
[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", RFC 5245,
April 2010.
[RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
Norrman, "The Secure Real-time Transport Protocol (SRTP)",
RFC 3711, March 2004.
[RFC6189] Zimmermann, P., Johnston, A., and J. Callas, "ZRTP: Media
Path Key Agreement for Unicast Secure RTP", RFC 6189,
April 2011.
[RFC5479] Wing, D., Fries, S., Tschofenig, H., and F. Audet,
"Requirements and Analysis of Media Security Management
Protocols", RFC 5479, April 2009.
[RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer
Security (DTLS) Extension to Establish Keys for the Secure
Real-time Transport Protocol (SRTP)", RFC 5764, May 2010.
[RFC4474] Peterson, J. and C. Jennings, "Enhancements for
Authenticated Identity Management in the Session
Johnston & Zimmermann Expires December 2, 2011 [Page 6]
Internet-Draft RTCWEB Media Security May 2011
Initiation Protocol (SIP)", RFC 4474, August 2006.
Authors' Addresses
Alan Johnston
Avaya
St. Louis, MO 63124
Email: alan.b.johnston@gmail.com
Philip Zimmermann
Zfone Project
Email: prz@mit.edu
Johnston & Zimmermann Expires December 2, 2011 [Page 7]
| PAFTECH AB 2003-2026 | 2026-04-24 13:31:27 |