ZRTP协议的正式安全证明

2009 International Conference for Internet Technology and Secured Transactions, (ICITST) Pub Date : 2009-11-01 DOI:10.1109/ICITST.2009.5402595

Riccardo Bresciani, A. Butterfield

{"title":"ZRTP协议的正式安全证明","authors":"Riccardo Bresciani, A. Butterfield","doi":"10.1109/ICITST.2009.5402595","DOIUrl":null,"url":null,"abstract":"When some agents want to communicate through a media stream (for example voice or video), the Real Time Protocol (RTP) is used. This protocol does not provide encryption, so it is necessary to use Secure RTP (SRTP) to secure the communication. In order for this to work, the agents need to agree on key material and ZRTP provides them with a procedure to perform this task: it is a key agreement protocol, which relies on a Diffie-Hellman exchange to generate SRTP session parameters, providing confidentiality and protecting against Man-in-the-Middle attacks even without a public key infrastructure or endpoint certificates. This is an analysis of the protocol performed with ProVerif, which tests security properties of ZRTP; in order to perform the analysis, the protocol has been modeled in the applied π-calculus.","PeriodicalId":251169,"journal":{"name":"2009 International Conference for Internet Technology and Secured Transactions, (ICITST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"A formal security proof for the ZRTP Protocol\",\"authors\":\"Riccardo Bresciani, A. Butterfield\",\"doi\":\"10.1109/ICITST.2009.5402595\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"When some agents want to communicate through a media stream (for example voice or video), the Real Time Protocol (RTP) is used. This protocol does not provide encryption, so it is necessary to use Secure RTP (SRTP) to secure the communication. In order for this to work, the agents need to agree on key material and ZRTP provides them with a procedure to perform this task: it is a key agreement protocol, which relies on a Diffie-Hellman exchange to generate SRTP session parameters, providing confidentiality and protecting against Man-in-the-Middle attacks even without a public key infrastructure or endpoint certificates. This is an analysis of the protocol performed with ProVerif, which tests security properties of ZRTP; in order to perform the analysis, the protocol has been modeled in the applied π-calculus.\",\"PeriodicalId\":251169,\"journal\":{\"name\":\"2009 International Conference for Internet Technology and Secured Transactions, (ICITST)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 International Conference for Internet Technology and Secured Transactions, (ICITST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICITST.2009.5402595\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference for Internet Technology and Secured Transactions, (ICITST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICITST.2009.5402595","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

摘要

当某些业务代表希望通过媒体流(例如语音或视频)进行通信时，使用RTP (Real Time Protocol)。该协议不提供加密，因此有必要使用安全RTP (SRTP)来保护通信。为了使其工作，代理需要就密钥材料达成一致，ZRTP为它们提供了执行此任务的过程:这是一个密钥协议协议，它依赖于Diffie-Hellman交换来生成SRTP会话参数，即使没有公钥基础设施或端点证书，也可以提供机密性并防止中间人攻击。这是对使用ProVerif执行的协议的分析，ProVerif测试ZRTP的安全属性;为了进行分析，在应用π微积分中对该协议进行了建模。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A formal security proof for the ZRTP Protocol

When some agents want to communicate through a media stream (for example voice or video), the Real Time Protocol (RTP) is used. This protocol does not provide encryption, so it is necessary to use Secure RTP (SRTP) to secure the communication. In order for this to work, the agents need to agree on key material and ZRTP provides them with a procedure to perform this task: it is a key agreement protocol, which relies on a Diffie-Hellman exchange to generate SRTP session parameters, providing confidentiality and protecting against Man-in-the-Middle attacks even without a public key infrastructure or endpoint certificates. This is an analysis of the protocol performed with ProVerif, which tests security properties of ZRTP; in order to perform the analysis, the protocol has been modeled in the applied π-calculus.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 International Conference for Internet Technology and Secured Transactions, (ICITST)

自引率

0.00%

发文量