draft-ietf-avtcore-aria-srtp-00.txt   draft-ietf-avtcore-aria-srtp-01.txt 
AVTCore W. Kim AVTCore W. Kim
Internet-Draft J. Lee Internet-Draft J. Lee
Intended status: Standards Track D. Kim Intended status: Standards Track D. Kim
Expires: November 16, 2012 J. Park Expires: June 6, 2013 J. Park
D. Kwon D. Kwon
NSRI NSRI
May 15, 2012 December 03, 2012
The ARIA Algorithm and Its Use with the Secure Real-time Transport The ARIA Algorithm and Its Use with the Secure Real-time Transport
Protocol(SRTP) Protocol(SRTP)
draft-ietf-avtcore-aria-srtp-00 draft-ietf-avtcore-aria-srtp-01
Abstract Abstract
This document describes the use of the ARIA block cipher algorithm This document describes the use of the ARIA block cipher algorithm
within the Secure Real-time Transport Protocol (SRTP) for providing within the Secure Real-time Transport Protocol (SRTP) for providing
confidentiality for the Real-time Transport Protocol (RTP) traffic confidentiality for the Real-time Transport Protocol (RTP) traffic
and for the control traffic for RTP, the Real-time Transport Control and for the control traffic for RTP, the Real-time Transport Control
Protocol (RTCP). It details three modes of operation (CTR, CCM, GCM) Protocol (RTCP). It details three modes of operation (CTR, CCM, GCM)
and a SRTP Key Derivation Function for ARIA. and a SRTP Key Derivation Function for ARIA.
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 16, 2012. This Internet-Draft will expire on June 6, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 28 skipping to change at page 4, line 28
Figure 1: ARIA-CTR algorithms for SRTP/SRTCP Figure 1: ARIA-CTR algorithms for SRTP/SRTCP
2.2. ARIA-CCM and ARIA-GCM 2.2. ARIA-CCM and ARIA-GCM
CCM(Counter with CBC-MAC) [RFC3610] and GCM(Galois Counter Mode) CCM(Counter with CBC-MAC) [RFC3610] and GCM(Galois Counter Mode)
[GCM] are AEAD(authenticated encryption with associated data) block [GCM] are AEAD(authenticated encryption with associated data) block
cipher modes. ARIA-CCM and ARIA-GCM are defined similarly as AES-CCM cipher modes. ARIA-CCM and ARIA-GCM are defined similarly as AES-CCM
and AES-GCM. and AES-GCM.
The internet draft [I-D.mcgrew-tls-aes-ccm] describes the use of AES- The internet draft[I-D.ietf-avtcore-srtp-aes-gcm] describes the use
GCM and AES-CCM with SRTP. The use of ARIA-CCM and ARIA-GCM with of AES-GCM and AES-CCM with SRTP. The use of ARIA-CCM and ARIA-GCM
SRTP is defined the same as that of AES-CCM and AES-GCM. with SRTP is defined the same as that of AES-CCM and AES-GCM.
The following members of the ARIA-GCM family may be used with SRTP/ The following members of the ARIA-GCM family may be used with SRTP/
SRTCP: SRTCP:
Name Key Size Auth. Tag Size Name Key Size Auth. Tag Size
==================================================== ====================================================
AEAD_ARIA_128_GCM 16 octets 16 octets AEAD_ARIA_128_GCM 16 octets 16 octets
AEAD_ARIA_256_GCM 32 octets 16 octets AEAD_ARIA_256_GCM 32 octets 16 octets
AEAD_ARIA_128_GCM_8 16 octets 8 octets AEAD_ARIA_128_GCM_8 16 octets 8 octets
AEAD_ARIA_256_GCM_8 32 octets 8 octets AEAD_ARIA_256_GCM_8 32 octets 8 octets
skipping to change at page 5, line 37 skipping to change at page 5, line 37
the ARIA-CTR PRF as well. The PRFs for ARIA ciphersuites with SRTP the ARIA-CTR PRF as well. The PRFs for ARIA ciphersuites with SRTP
are defined by ARIA-CTR PRF of the equal key length with the are defined by ARIA-CTR PRF of the equal key length with the
encryption algorithm. encryption algorithm.
4. Security Considerations 4. Security Considerations
At the time of writing this document no security problem has been At the time of writing this document no security problem has been
found on ARIA (see [TSL]). found on ARIA (see [TSL]).
The security considerations in [RFC3610] [GCM] [RFC3711] [RFC6188] The security considerations in [RFC3610] [GCM] [RFC3711] [RFC6188]
[I-D.mcgrew-tls-aes-ccm] apply to this document as well. [RFC6655][I-D.ietf-avtcore-srtp-aes-gcm] apply to this document as
well.
5. IANA Considerations 5. IANA Considerations
[RFC4568] defines SRTP "crypto suites". In order to allow SDP to [RFC4568] defines SRTP "crypto suites". In order to allow SDP to
signal the use of the algorithms defined in this document, IANA is signal the use of the algorithms defined in this document, IANA is
requested to register the following crypto suites into the sub- requested to register the following crypto suites into the sub-
registry for SRTP crypto suites under the SRTP transport of the SDP registry for SRTP crypto suites under the SRTP transport of the SDP
Security Descriptions: Security Descriptions:
srtp-crypto-suite-ext = "ARIA_128_CTR_HMAC_SHA1_80"/ srtp-crypto-suite-ext = "ARIA_128_CTR_HMAC_SHA1_80"/
skipping to change at page 7, line 38 skipping to change at page 7, line 38
AES-CM | 0 AES-CM | 0
SEED-CTR | 1 SEED-CTR | 1
ARIA-128-CTR | 2 (NEW) ARIA-128-CTR | 2 (NEW)
Figure 5: Figure 2 from RFC 5748 (revised) Figure 5: Figure 2 from RFC 5748 (revised)
6. References 6. References
6.1. Normative References 6.1. Normative References
[GCM] Dworkin, M., "Recommendation for Block [GCM] Dworkin, M., "Recommendation for
Cipher Modes of Operation: Galois/Counter Block Cipher Modes of Operation:
Mode (GCM) and GMAC", NIST SP 800-38D, Galois/Counter Mode (GCM) and GMAC",
November 2007. NIST SP 800-38D, November 2007.
[RFC2119] Bradner, S., "Key words for use in RFCs to [RFC2119] Bradner, S., "Key words for use in
Indicate Requirement Levels", BCP 14, RFCs to Indicate Requirement
RFC 2119, March 1997. Levels", BCP 14, RFC 2119,
March 1997.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., [RFC3550] Schulzrinne, H., Casner, S.,
and V. Jacobson, "RTP: A Transport Protocol Frederick, R., and V. Jacobson,
for Real-Time Applications", STD 64, "RTP: A Transport Protocol for Real-
RFC 3550, July 2003. Time Applications", STD 64,
RFC 3550, July 2003.
[RFC3711] Baugher, M., McGrew, D., Naslund, M., [RFC3711] Baugher, M., McGrew, D., Naslund,
Carrara, E., and K. Norrman, "The Secure M., Carrara, E., and K. Norrman,
Real-time Transport Protocol (SRTP)", "The Secure Real-time Transport
RFC 3711, March 2004. Protocol (SRTP)", RFC 3711,
March 2004.
[RFC3830] Arkko, J., Carrara, E., Lindholm, F., [RFC3830] Arkko, J., Carrara, E., Lindholm,
Naslund, M., and K. Norrman, "MIKEY: F., Naslund, M., and K. Norrman,
Multimedia Internet KEYing", RFC 3830, "MIKEY: Multimedia Internet KEYing",
August 2004. RFC 3830, August 2004.
[RFC4568] Andreasen, F., Baugher, M., and D. Wing, [RFC4568] Andreasen, F., Baugher, M., and D.
"Session Description Protocol (SDP) Wing, "Session Description Protocol
Security Descriptions for Media Streams", (SDP) Security Descriptions for
RFC 4568, July 2006. Media Streams", RFC 4568, July 2006.
[RFC5764] McGrew, D. and E. Rescorla, "Datagram [RFC5764] McGrew, D. and E. Rescorla,
Transport Layer Security (DTLS) Extension "Datagram Transport Layer Security
to Establish Keys for the Secure Real-time (DTLS) Extension to Establish Keys
Transport Protocol (SRTP)", RFC 5764, for the Secure Real-time Transport
May 2010. Protocol (SRTP)", RFC 5764,
May 2010.
[RFC6188] McGrew, D., "The Use of AES-192 and AES-256 [RFC6188] McGrew, D., "The Use of AES-192 and
in Secure RTP", RFC 6188, March 2011. AES-256 in Secure RTP", RFC 6188,
March 2011.
[RFC6655] McGrew, D. and D. Bailey, "AES-CCM
Cipher Suites for Transport Layer
Security (TLS)", RFC 6655,
July 2012.
6.2. Informative References 6.2. Informative References
[ARIAKS] Korean Agency for Technology and Standards, [ARIAKS] Korean Agency for Technology and
"128 bit block encryption algorithm ARIA - Standards, "128 bit block encryption
Part 1: General (in Korean)", KS X 1213- algorithm ARIA - Part 1: General (in
1:2009, December 2009. Korean)", KS X 1213-1:2009,
December 2009.
[ARIAPKCS] RSA Laboratories, "Additional PKCS #11 [ARIAPKCS] RSA Laboratories, "Additional PKCS
Mechanisms", PKCS #11 v2.20 Amendment 3 #11 Mechanisms", PKCS #11 v2.20
Revision 1, January 2007. Amendment 3 Revision 1,
January 2007.
[I-D.mcgrew-tls-aes-ccm] McGrew, D. and D. Bailey, "AES-CCM Cipher [I-D.ietf-avtcore-srtp-aes-gcm] McGrew, D. and K. Igoe, "AES-GCM and
Suites for TLS", AES-CCM Authenticated Encryption in
draft-mcgrew-tls-aes-ccm-04 (work in Secure RTP (SRTP)",
progress), May 2012. draft-ietf-avtcore-srtp-aes-gcm-03
(work in progress), September 2012.
[RFC3610] Whiting, D., Housley, R., and N. Ferguson, [RFC3610] Whiting, D., Housley, R., and N.
"Counter with CBC-MAC (CCM)", RFC 3610, Ferguson, "Counter with CBC-MAC
September 2003. (CCM)", RFC 3610, September 2003.
[RFC5748] Yoon, S., Jeong, J., Kim, H., Jeong, H., [RFC5748] Yoon, S., Jeong, J., Kim, H., Jeong,
and Y. Won, "IANA Registry Update for H., and Y. Won, "IANA Registry
Support of the SEED Cipher Algorithm in Update for Support of the SEED
Multimedia Internet KEYing (MIKEY)", Cipher Algorithm in Multimedia
RFC 5748, August 2010. Internet KEYing (MIKEY)", RFC 5748,
August 2010.
[RFC5794] Lee, J., Lee, J., Kim, J., Kwon, D., and C. [RFC5794] Lee, J., Lee, J., Kim, J., Kwon, D.,
Kim, "A Description of the ARIA Encryption and C. Kim, "A Description of the
Algorithm", RFC 5794, March 2010. ARIA Encryption Algorithm",
RFC 5794, March 2010.
[TSL] Tang, X., Sun, B., Li, R., Li, C., and J. [TSL] Tang, X., Sun, B., Li, R., Li, C.,
Yin, "A meet-in-the-middle attack on and J. Yin, "A meet-in-the-middle
reduced-round ARIA", The Journal of Systems attack on reduced-round ARIA", The
and Software Vol.84(10), pp. 1685-1692, Journal of Systems and
October 2011. Software Vol.84(10), pp. 1685-1692,
October 2011.
Authors' Addresses Authors' Addresses
Woo-Hwan Kim Woo-Hwan Kim
National Security Research Institute National Security Research Institute
P.O.Box 1, Yuseong P.O.Box 1, Yuseong
Daejeon 305-350 Daejeon 305-350
Korea Korea
EMail: whkim5@ensec.re.kr EMail: whkim5@ensec.re.kr
 End of changes. 21 change blocks. 
65 lines changed or deleted 82 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/