ImageVerifierCode 换一换
格式:PDF , 页数:28 ,大小:207.15KB ,
资源ID:797460      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-797460.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ITU-T H 235 8-2005 H 323 security Key exchange for SRTP using secure signalling channels《H 323 安全框架 使用安全信令渠道的SRTP密码交换》.pdf)为本站会员(bowdiet140)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ITU-T H 235 8-2005 H 323 security Key exchange for SRTP using secure signalling channels《H 323 安全框架 使用安全信令渠道的SRTP密码交换》.pdf

1、 International Telecommunication Union ITU-T H.235.8TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (09/2005) SERIES H: AUDIOVISUAL AND MULTIMEDIA SYSTEMSInfrastructure of audiovisual services Systems aspects H.323 security: Key exchange for SRTP using secure signalling channels ITU-T Recommendation

2、 H.235.8 ITU-T H-SERIES RECOMMENDATIONS AUDIOVISUAL AND MULTIMEDIA SYSTEMS CHARACTERISTICS OF VISUAL TELEPHONE SYSTEMS H.100H.199 INFRASTRUCTURE OF AUDIOVISUAL SERVICES General H.200H.219 Transmission multiplexing and synchronization H.220H.229 Systems aspects H.230H.239 Communication procedures H.2

3、40H.259 Coding of moving video H.260H.279 Related systems aspects H.280H.299 Systems and terminal equipment for audiovisual services H.300H.349 Directory services architecture for audiovisual and multimedia services H.350H.359 Quality of service architecture for audiovisual and multimedia services H

4、.360H.369 Supplementary services for multimedia H.450H.499 MOBILITY AND COLLABORATION PROCEDURES Overview of Mobility and Collaboration, definitions, protocols and procedures H.500H.509 Mobility for H-Series multimedia systems and services H.510H.519 Mobile multimedia collaboration applications and

5、services H.520H.529 Security for mobile multimedia systems and services H.530H.539 Security for mobile multimedia collaboration applications and services H.540H.549 Mobility interworking procedures H.550H.559Mobile multimedia collaboration inter-working procedures H.560H.569 BROADBAND AND TRIPLE-PLA

6、Y MULTIMEDIA SERVICES Broadband multimedia services over VDSL H.610H.619 For further details, please refer to the list of ITU-T Recommendations. ITU-T Rec. H.235.8 (09/2005) i ITU-T Recommendation H.235.8 H.323 security: Key exchange for SRTP using secure signalling channels Summary The purpose of t

7、his Recommendation is to describe security procedures for key exchange for SRTP using secure signalling channels over H.323/H.235 networks. This Recommendation should be used in conjunction with ITU-T Recs H.323 and H.225.0 versions 4 or later. Source This Recommendation H.235.8 was approved on 13 S

8、eptember 2005 by ITU-T Study Group 16 (2005-2008) under the ITU-T Recommendation A.8 procedure. ii ITU-T Rec. H.235.8 (09/2005) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications. The ITU Telecommunication Standardizat

9、ion Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which mee

10、ts every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts

11、purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is

12、voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and

13、 the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may invo

14、lve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Reco

15、mmendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementors are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database.

16、ITU 2006 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. ITU-T Rec. H.235.8 (09/2005) iii CONTENTS Page 1 Scope 1 2 References. 2 2.1 Normative references 2 2.2 Informative references 2 3 Symbols and abbreviati

17、ons. 2 4 Parameter description . 3 4.1 SRTP parameter transport 3 4.2 SrtpCryptoCapability parameter description 4 4.3 SrtpKeys parameter description . 6 4.4 SRTP crypto context initialization . 7 5 Procedures 9 5.1 Security capability exchange 9 5.2 Initial negotiation 10 5.3 Session modification 1

18、3 5.4 No negotiation 14 5.5 Forward error correction. 14 6 Public key cryptography to secure key exchange for SRTP 14 6.1 Endpoint identification . 15 6.2 SRTP key exchange procedures . 15 6.3 CMS body usage. 16 7 H.235 SRTP security descriptions syntax 19 ITU-T Rec. H.235.8 (09/2005) 1 ITU-T Recomm

19、endation H.235.8 H.323 security: Key exchange for SRTP using secure signalling channels 1 Scope The purpose of this Recommendation is to provide recommendations for security procedures to support the IETF Secure Real Time Protocol (SRTP) between H.323 Endpoints in cases where the cryptographic mater

20、ial for the media channel is transported over a secure signalling channel, e.g., IPsec (RFC 2401), TLS (RFC 2246) or other H.235 mechanisms. These security procedures are offered as an alternative to other H.235 security procedures that support SRTP. This Recommendation describes procedures used to

21、support the IETF Secure Real Time Protocol (SRTP) in ITU-T Rec. H.323. SRTP provides security services for RTP media and relies on separate protocols to provide key management services and the negotiation of cryptographic parameters. These procedures should not be used when the secure signalling cha

22、nnel terminates at an intermediate system, in such cases the SRTP cryptographic material should be transported by a secure end-to-end mechanism. These procedures support the signalling, negotiation and transport of the SRTP cryptographic keys, authentication and encryption algorithm identifiers and

23、other session parameters between H.323 Endpoints. A key aspect of these procedures is that the H.245 slave as well as the H.245 master shall be able to generate and distribute cryptographic keys. SRTP security capabilities may be exchanged using existing terminal capabilities exchange using h235Secu

24、rityCapability entries in the capabilityTable of the H.245 TerminalCapabilitySet message. The genericH235SecurityCapability field in the encryptionAuthenticationAndIntegrity field in the h235SecurityCapability entry contains the SrtpCryptoCapability field which will specify the SRTP crypto-suites. A

25、 SRTP crypto parameter is specified to signal and negotiate SRTP cryptographic parameters. The definition of the crypto parameter in this Recommendation is limited to two-party unicast media streams where each source has a unique cryptographic key; support for multicast media streams or multipoint u

26、nicast streams is for further study. The SRTP crypto parameter is intended to be able to establish the SRTP cryptographic parameters in a single message or a single round trip message exchange. In the case of a round trip message exchange, the cryptographic parameters may be negotiated. For example,

27、 in Fast Connect, the offering H.323 Endpoint sends a set of offered SRTP crypto parameters to the answering H.323 Endpoint, each offer encapsulated in a separate H.245 OpenLogicalChannel message. The answering H.323 Endpoint may then accept one of the offered parameters and respond with an answer t

28、hat includes the selected parameter subset encapsulated in a H.245 OpenLogicalChannel message. In the case of a single message exchange there is no negotiation. The offering H.323 Endpoint sends the SRTP crypto parameters to the answering H.323 Endpoint which either accepts the offered parameters or

29、 rejects the call. Public key cryptography procedures may be added to provide end-to-end confidentiality and authentication of the SRTP session key material exchanged between H.323 Endpoints by encrypting and then signing the SRTP key material in the case where the encapsulating security protocol, e

30、.g., IPsec, TLS, terminates on an intermediate device and, therefore, does not provide end-to-end security. 2 ITU-T Rec. H.235.8 (09/2005) 2 References 2.1 Normative references The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitu

31、te provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recom

32、mendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T Recommendation H.225.0 (2003), Call sign

33、alling protocols and media stream packetization for packet-based multimedia communication systems. ITU-T Recommendation H.235.0 (2005), H.323 security: Framework for security in H-series (H.323 and other H.245-based) multimedia systems. ITU-T Recommendation H.323 (2003), Packet-based multimedia comm

34、unications systems. ITU-T Recommendation H.460.11 (2004), Delayed call establishment within H.323 Systems. IETF RFC 2246 (1999), The TLS Protocol Version 1.0. IETF RFC 2401 (1998), Security Architecture for the Internet Protocol. IETF RFC 2733 (1999), An RTP Payload Format for Generic Forward Error

35、Correction. IETF RFC 3280 (2002), Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. IETF RFC 3550 (2003), RTP: A Transport Protocol for Real-Time Applications. IETF RFC 3711 (2004), The Secure Real-time Transport Protocol (SRTP). IETF RFC 3852 (2004)

36、, Cryptographic Message Syntax (CMS). 2.2 Informative references IETF Draft, F. Andreasen, M. Baugher, D. Wing: Session Description Protocol Security Descriptions for Media Streams, . 3 Symbols and abbreviations This Recommendation uses the following abbreviations: AES Advanced Encryption Algorithm

37、ASN.1 Abstract Syntax Notation One CA Certificate Authority CEK Content Encryption Key CMS Cryptographic Message Syntax EP Endpoint FEC Forward Error Correction FFS For Further Study F8 UMTS Encryption Algorithm GK Gatekeeper ITU-T Rec. H.235.8 (09/2005) 3 GW Gateway HMAC Keyed-Hash Message Authenti

38、cation Code IETF Internet Engineering Task Force KDR Key Derivation Rate MAC Message Authentication Code MKI Master Key Identifier OID Object Identifier OLC Open Logical Channel PKI Public Key Infrastructure RAS Registration, Admission, Status ROC Roll-over Counter RTCP Real-time Transport Control P

39、rotocol RTP Real-time Transport Protocol SHA1 Secure Hash Algorithm 1 SRTCP Secure Real-time Transport Control Protocol SRTP Secure Real-time Transport Protocol SSRC Synchronization Source TLS Transport Level Security WSH Window Size Hint 4 Parameter description SRTP cryptographic capability and key

40、 material is exchanged using two parameters: SrtpCryptoInfo within StrpCryptoCapability shall contain the crypto-suite and session parameters. The SrtpCryptoInfo parameter shall be transported in the H.245 genericH235SecurityCapability parameter to signal and negotiate SRTP cryptographic parameters.

41、 SrtpKeyParameters within SrtpKeys shall contain the SRTP key material. The SrtpKeys container in the H.245 h235Key parameter shall transport one or more SrtpKeyParameters with the SRTP keys. The use of the SRTP crypto parameters in this Recommendation is limited to two-party unicast media streams w

42、here each source has a unique cryptographic key; support for multicast media streams or multipoint unicast streams is for further study. 4.1 SRTP parameter transport A full-duplex SRTP media connection consists of two unidirectional channels, one in each direction. Each crypto-offer is transported i

43、n a separate H.245 OpenLogicalChannel message. 4.1.1 SrtpKeys transport The SRTP cryptographic key material SrtpKeys shall be transported in the genericKeyMaterial field of the secureSharedSecret (V3KeySyncMaterial) parameter contained within the h235Key container in the encryptionSync parameter of

44、H.245 OpenLogicalChannel messages. The SRTP cryptographic key content in the genericKeyMaterial container shall be identified using the H.235.8 object identifier value (see Table 1) in the standard field of capabilityIdentifier 4 ITU-T Rec. H.235.8 (09/2005) within the genericH235SecurityCapability

45、field of encryptionAuthenticationAndIntegrity in h235Media of the OLC dataType. Alternative OpenLogicalChannel proposals for the same channel that contain the same sessionID value in H2250LogicalChannelParameters may use the same crypto-offer. Since only one of these alternate sessions will be accep

46、ted key uniqueness will be guaranteed. 4.1.2 SrtpCryptoCapability transport The SrtpCryptoCapability parameter shall be transported in the genericH235SecurityCapability field of encryptionAuthenticationAndIntegrity in h235Media of the dataType parameter of OpenLogicalChannel messages. The H.245 Term

47、inalCapabilitySet message may include one or more h235SecurityCapability entries in the capabilityTable. In order to indicate support for these procedures the H.323 Endpoint shall set the genericH235SecurityCapability within encryptionAuthenticationAndIntegrity in an h235SecurityCapability entry as

48、follows: capabilityIdentifier shall contain the H.235.8 OID (see Table 1) in standard field; maxbitRate, collapsing, nonCollapsing, and transport shall be unused; nonCollapsingRaw shall contain the SrtpCryptoCapability parameter. Table 1/H.235.8 H.235.8 object identifier OID Value itu-t (0) recommen

49、dation (0) h (8) 235 version (0) 4 90 4.2 SrtpCryptoCapability parameter description The SrtpCryptoCapability may contain one or more SrtpCryptoInfo parameters that may be used to specify capabilities for the SRTP session. The BOOLEAN OPTIONAL elements shall be interpreted as: 1) if FALSE, the capability is not supported; 2) if TRUE, the capability is supported and required; 3) if absent, the capability is supported but not required. When using SrtpCryptoCapability in a capability exchange, it is possible to indicate all acceptab

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1