draft-ietf-avtcore-aria-srtp-02.txt   draft-ietf-avtcore-aria-srtp-03.txt 
AVTCore W. Kim AVTCore W. Kim
Internet-Draft J. Lee Internet-Draft J. Lee
Intended status: Standards Track D. Kim Intended status: Standards Track D. Kim
Expires: December 07, 2013 J. Park Expires: December 29, 2013 J. Park
D. Kwon D. Kwon
NSRI NSRI
June 05, 2013 June 27, 2013
The ARIA Algorithm and Its Use with the Secure Real-time Transport The ARIA Algorithm and Its Use with the Secure Real-time Transport
Protocol(SRTP) Protocol(SRTP)
draft-ietf-avtcore-aria-srtp-02 draft-ietf-avtcore-aria-srtp-03
Abstract Abstract
This document describes the use of the ARIA block cipher algorithm This document describes the use of the ARIA block cipher algorithm
within the Secure Real-time Transport Protocol (SRTP) for providing within the Secure Real-time Transport Protocol (SRTP) for providing
confidentiality for the Real-time Transport Protocol (RTP) traffic confidentiality for the Real-time Transport Protocol (RTP) traffic
and for the control traffic for RTP, the Real-time Transport Control and for the control traffic for RTP, the Real-time Transport Control
Protocol (RTCP). It details three modes of operation (CTR, CCM, GCM) Protocol (RTCP). It details three modes of operation (CTR, CCM, GCM)
and a SRTP Key Derivation Function for ARIA. and a SRTP Key Derivation Function for ARIA.
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 07, 2013. This Internet-Draft will expire on December 29, 2013.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 28 skipping to change at page 2, line 28
2.3. ARIA-CCM . . . . . . . . . . . . . . . . . . . . . . . . 9 2.3. ARIA-CCM . . . . . . . . . . . . . . . . . . . . . . . . 9
3. Key Derivation Functions . . . . . . . . . . . . . . . . . . 11 3. Key Derivation Functions . . . . . . . . . . . . . . . . . . 11
4. Security Considerations . . . . . . . . . . . . . . . . . . . 11 4. Security Considerations . . . . . . . . . . . . . . . . . . . 11
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
5.1. SDES . . . . . . . . . . . . . . . . . . . . . . . . . . 12 5.1. SDES . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.2. DTLS-SRTP . . . . . . . . . . . . . . . . . . . . . . . . 12 5.2. DTLS-SRTP . . . . . . . . . . . . . . . . . . . . . . . . 12
5.3. MIKEY . . . . . . . . . . . . . . . . . . . . . . . . . . 18 5.3. MIKEY . . . . . . . . . . . . . . . . . . . . . . . . . . 18
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 19
6.1. Normative References . . . . . . . . . . . . . . . . . . 19 6.1. Normative References . . . . . . . . . . . . . . . . . . 19
6.2. Informative References . . . . . . . . . . . . . . . . . 20 6.2. Informative References . . . . . . . . . . . . . . . . . 20
Appendix A. Test Vectors . . . . . . . . . . . . . . . . . . . . 21 Appendix A. Test Vectors . . . . . . . . . . . . . . . . . . . . 20
A.1. ARIA-CTR Test Vectors . . . . . . . . . . . . . . . . . . 21 A.1. ARIA-CTR Test Vectors . . . . . . . . . . . . . . . . . . 21
A.1.1. ARIA_128_CTR_HMAC_SHA1_80 . . . . . . . . . . . . . . 21 A.1.1. ARIA_128_CTR_HMAC_SHA1_80 . . . . . . . . . . . . . . 21
A.1.2. ARIA_192_CTR_HMAC_SHA1_80 . . . . . . . . . . . . . . 22 A.1.2. ARIA_192_CTR_HMAC_SHA1_80 . . . . . . . . . . . . . . 22
A.1.3. ARIA_256_CTR_HMAC_SHA1_80 . . . . . . . . . . . . . . 23 A.1.3. ARIA_256_CTR_HMAC_SHA1_80 . . . . . . . . . . . . . . 22
A.2. ARIA-GCM Test Vectors . . . . . . . . . . . . . . . . . . 23 A.2. ARIA-GCM Test Vectors . . . . . . . . . . . . . . . . . . 23
A.2.1. ARIA_128_GCM . . . . . . . . . . . . . . . . . . . . 24 A.2.1. ARIA_128_GCM . . . . . . . . . . . . . . . . . . . . 23
A.2.2. ARIA_256_GCM . . . . . . . . . . . . . . . . . . . . 24 A.2.2. ARIA_256_GCM . . . . . . . . . . . . . . . . . . . . 24
A.3. ARIA-CCM Test Vectors . . . . . . . . . . . . . . . . . . 24 A.3. ARIA-CCM Test Vectors . . . . . . . . . . . . . . . . . . 24
A.3.1. ARIA_128_CCM . . . . . . . . . . . . . . . . . . . . 25 A.3.1. ARIA_128_CCM . . . . . . . . . . . . . . . . . . . . 25
A.3.2. ARIA_256_CCM . . . . . . . . . . . . . . . . . . . . 25 A.3.2. ARIA_256_CCM . . . . . . . . . . . . . . . . . . . . 25
A.3.3. ARIA_128_CCM_8 . . . . . . . . . . . . . . . . . . . 26 A.3.3. ARIA_128_CCM_8 . . . . . . . . . . . . . . . . . . . 26
A.3.4. ARIA_256_CCM_8 . . . . . . . . . . . . . . . . . . . 26 A.3.4. ARIA_256_CCM_8 . . . . . . . . . . . . . . . . . . . 26
A.3.5. ARIA_128_CCM_12 . . . . . . . . . . . . . . . . . . . 26 A.3.5. ARIA_128_CCM_12 . . . . . . . . . . . . . . . . . . . 26
A.3.6. ARIA_256_CCM_12 . . . . . . . . . . . . . . . . . . . 27 A.3.6. ARIA_256_CCM_12 . . . . . . . . . . . . . . . . . . . 27
A.4. Key Derivation Test Vector . . . . . . . . . . . . . . . 27 A.4. Key Derivation Test Vector . . . . . . . . . . . . . . . 27
A.4.1. ARIA_128 . . . . . . . . . . . . . . . . . . . . . . 28 A.4.1. ARIA_128 . . . . . . . . . . . . . . . . . . . . . . 27
A.4.2. ARIA_192 . . . . . . . . . . . . . . . . . . . . . . 29 A.4.2. ARIA_192 . . . . . . . . . . . . . . . . . . . . . . 29
A.4.3. ARIA_256 . . . . . . . . . . . . . . . . . . . . . . 30 A.4.3. ARIA_256 . . . . . . . . . . . . . . . . . . . . . . 30
1. Introduction 1. Introduction
This document describes the use of the ARIA [RFC5794] block cipher This document describes the use of the ARIA [RFC5794] block cipher
algorithm in the Secure Real-time Transport Protocol (SRTP) [RFC3711] algorithm in the Secure Real-time Transport Protocol (SRTP) [RFC3711]
for providing confidentiality for the Real-time Transport Protocol for providing confidentiality for the Real-time Transport Protocol
(RTP) [RFC3550] traffic and for the control traffic for RTP, the (RTP) [RFC3550] traffic and for the control traffic for RTP, the
Real-time Transport Control Protocol (RTCP) [RFC3550]. Real-time Transport Control Protocol (RTCP) [RFC3550].
skipping to change at page 4, line 5 skipping to change at page 4, line 5
ARIA_192_CTR and ARIA_256_CTR respectively, according to the key ARIA_192_CTR and ARIA_256_CTR respectively, according to the key
lengths. The plaintext inputs to the block cipher are formed as in lengths. The plaintext inputs to the block cipher are formed as in
AES-CTR(AES_CM, AES_192_CM, AES_256_CM) and the block cipher outputs AES-CTR(AES_CM, AES_192_CM, AES_256_CM) and the block cipher outputs
are processed as in AES-CTR. are processed as in AES-CTR.
When ARIA-CTR is used, it MUST be used only in conjunction with an When ARIA-CTR is used, it MUST be used only in conjunction with an
authentication function. The ARIA-CTR crypto suites with HMAC-SHA1 authentication function. The ARIA-CTR crypto suites with HMAC-SHA1
as an authentication function are listed below. The authentication as an authentication function are listed below. The authentication
key length of all crypto suites is 20 octets. key length of all crypto suites is 20 octets.
+----------------------------+-----------------+------------------+ +---------------------------+-----------------+------------------+
| Name | Enc. Key Length | Auth. Tag Length | | Name | Enc. Key Length | Auth. Tag Length |
+----------------------------+-----------------+------------------+ +---------------------------+-----------------+------------------+
| ARIA_128_CTR_HMAC_SHA1_80 | 16 octets | 10 octets | | ARIA_128_CTR_HMAC_SHA1_80 | 16 octets | 10 octets |
| ARIA_128_CTR_HMAC_SHA1_32 | 16 octets | 4 octets | | ARIA_128_CTR_HMAC_SHA1_32 | 16 octets | 4 octets |
| ARIA_192_CTR_HMAC_SHA1_80 | 24 octets | 10 octets | | ARIA_192_CTR_HMAC_SHA1_80 | 24 octets | 10 octets |
| ARIA_192_CTR_HMAC_SHA1_32 | 24 octets | 4 octets | | ARIA_192_CTR_HMAC_SHA1_32 | 24 octets | 4 octets |
| ARIA_256_CTR_HMAC_SHA1_80 | 32 octets | 10 octets | | ARIA_256_CTR_HMAC_SHA1_80 | 32 octets | 10 octets |
| ARIA_256_CTR_HMAC_SHA1_32 | 32 octets | 4 octets | | ARIA_256_CTR_HMAC_SHA1_32 | 32 octets | 4 octets |
+----------------------------+-----------------+------------------+ +---------------------------+-----------------+------------------+
Table 1: ARIA-CTR Crypto Suites for SRTP/SRTCP Table 1: ARIA-CTR Crypto Suites for SRTP/SRTCP
The parameters (from Table 2 to Table 7) in each crypto suite listed The parameters (from Table 2 to Table 7) in each crypto suite listed
in Table 1 are described for use with the SDP Security Descriptions in Table 1 are described for use with the SDP Security Descriptions
attributes [RFC4568]. attributes [RFC4568].
+---------------------------------+------------------------------+ +---------------------------------+------------------------------+
| Parameter | Value | | Parameter | Value |
+---------------------------------+------------------------------+ +---------------------------------+------------------------------+
skipping to change at page 12, line 7 skipping to change at page 12, line 4
SRTP_AEAD_ARIA_256_GCM, and SRTP_AEAD_ARIA_256_CCM MUST use the SRTP_AEAD_ARIA_256_GCM, and SRTP_AEAD_ARIA_256_CCM MUST use the
ARIA_256_CTR_PRF Key Derivation Function. ARIA_256_CTR_PRF Key Derivation Function.
4. Security Considerations 4. Security Considerations
At the time of writing this document no security problem has been At the time of writing this document no security problem has been
found on ARIA (see [TSL]). found on ARIA (see [TSL]).
The security considerations in [RFC3610] [GCM] [RFC3711] [RFC5116] The security considerations in [RFC3610] [GCM] [RFC3711] [RFC5116]
[RFC6188] [I-D.ietf-avtcore-srtp-aes-gcm] apply to this document as [RFC6188] [I-D.ietf-avtcore-srtp-aes-gcm] apply to this document as
well. well. Ciphersuites with short tag length may be considered for
specific application environments stated in 7.5 of [RFC3711], but the
risk of weak authentication described in Section 9.5.1 of [RFC3711]
should be taken into account.
5. IANA Considerations 5. IANA Considerations
5.1. SDES 5.1. SDES
Security description [RFC4568] defines SRTP "crypto suites". In Security description [RFC4568] defines SRTP "crypto suites". In
order to allow SDP to signal the use of the algorithms defined in order to allow SDP to signal the use of the algorithms defined in
this document, IANA is requested to add the below crypto suites to this document, IANA is requested to add the below crypto suites to
the "SRTP Crypto Suite Registrations" created by [RFC4568], at time the "SRTP Crypto Suite Registrations" created by [RFC4568], at time
of writing located on the following IANA page: http://www.iana.org/ of writing located on the following IANA page: http://www.iana.org/
 End of changes. 10 change blocks. 
19 lines changed or deleted 22 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/