Re: [AVTCORE] SRTP: Retransmission or replay attacking? How to discriminate in e2ae environment?
HE Bing <Bing.He@alcatel-sbell.com.cn> Wed, 31 October 2012 06:59 UTC
Return-Path: <Bing.He@alcatel-sbell.com.cn>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B51B21F84F2 for <avt@ietfa.amsl.com>; Tue, 30 Oct 2012 23:59:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.892
X-Spam-Level:
X-Spam-Status: No, score=-0.892 tagged_above=-999 required=5 tests=[AWL=1.708, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2W7SWD09l8px for <avt@ietfa.amsl.com>; Tue, 30 Oct 2012 23:59:49 -0700 (PDT)
Received: from cnshjsmin03.alcatel-sbell.com.cn (cnshjsmin03.alcatel-sbell.com.cn [211.144.215.47]) by ietfa.amsl.com (Postfix) with ESMTP id B996321F84AF for <avt@ietf.org>; Tue, 30 Oct 2012 23:59:48 -0700 (PDT)
X-AuditID: ac189297-b7fc36d0000051ff-9f-5090ca96d37d
Received: from CNSHJCASHUB03.ad4.ad.alcatel.com (Unknown_Domain [135.251.50.73]) by cnshjsmin03.alcatel-sbell.com.cn (Symantec Messaging Gateway) with SMTP id E1.F5.20991.69AC0905; Wed, 31 Oct 2012 14:52:07 +0800 (HKT)
Received: from CNSHJMBX03.ad4.ad.alcatel.com ([169.254.3.119]) by CNSHJCASHUB03.ad4.ad.alcatel.com ([135.251.50.73]) with mapi id 14.02.0283.003; Wed, 31 Oct 2012 14:59:36 +0800
From: HE Bing <Bing.He@alcatel-sbell.com.cn>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>, "avt@ietf.org" <avt@ietf.org>
Thread-Topic: [AVTCORE] SRTP: Retransmission or replay attacking? How to discriminate in e2ae environment?
Thread-Index: AQHNtn3boMnPAFkVd0mJkvifgXo73JfS+5RQ
Date: Wed, 31 Oct 2012 06:59:34 +0000
Message-ID: <DE315914FFC19345B99B2A4B7F595ED00E4270AD@CNSHJMBX03.ad4.ad.alcatel.com>
References: <DE315914FFC19345B99B2A4B7F595ED00E426885@CNSHJMBX03.ad4.ad.alcatel.com> <508F9899.5000102@ericsson.com>
In-Reply-To: <508F9899.5000102@ericsson.com>
Accept-Language: zh-CN, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.24.143.123]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprMIsWRmVeSWpSXmKPExsXS/ltRSnf6qQkBBpvuclq87FnJbnFp/T0m ByaPX1+vsnksWfKTKYApissmJTUnsyy1SN8ugStj27LzzAXPRSp+T37M1MA4RbCLkYNDQsBE 4tmfqC5GTiBTTOLCvfVsXYxcHEICdxgl9u97wQLhbGWUOPruOxtIFZuAjkTn8zYwW0QgXGL9 pR52EFtYIFti6dnJzBDxHIkjvw6xQNhGEu9mTASrZxFQldg09QMTiM0rECLx8cpWsHohgTKJ y1v7WEFsTqD551tXgdmMArIS0x7dB6tnFhCXuPVkPhPEpQISS/acZ4awRSVePv7HCmErSfTe +skGUa8ncWPqFChbW2LZwtfMEHsFJU7OfMICUS8pcXDFDZYJjGKzkKyYhaR9FpL2WUjaFzCy rGJUSM4rzsgqzs3MMzDUS8xJTixJzdEtTkrNydFLzs/VS87bxAiMqjUSk6bvYNy13/IQowAH oxIPb9Wn/gAh1sSy4srcQ4wSHMxKIrwlMyYECPGmJFZWpRblxxeV5qQWH2KU5mBREufN3Fwc ICSQDjQ7OzW1ILUIJsvEwSnVwBjc9lrPr12Ocx/HofuM3Gxtq+qtD7PH7Tj148TD7N3Pt55d JbeY8+HycxVWZRdndWby51Ztdd99XmGTu0nKWcEHF15/SbHXEWZ6815Irp2teFVbQ4JmT9Dt Tj69tRZV05QDVm+7fnhaItuqBCMz3USVQqufoTZ7vzaX7W071G1xQo/r7FkmXyWW4oxEQy3m ouJEAB7Sw6imAgAA
Subject: Re: [AVTCORE] SRTP: Retransmission or replay attacking? How to discriminate in e2ae environment?
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2012 06:59:50 -0000
Thank Magnus for your quick help! I found relevant statement in draft-ietf-rtcweb-rtp-usage-04.txt too. Best regards! HE Bing -----Original Message----- From: avt-bounces@ietf.org [mailto:avt-bounces@ietf.org] On Behalf Of Magnus Westerlund Sent: Tuesday, October 30, 2012 5:07 PM To: avt@ietf.org Subject: Re: [AVTCORE] SRTP: Retransmission or replay attacking? How to discriminate in e2ae environment? On 2012-10-30 06:57, HE Bing wrote: > Dear all, > > RTP/SAVTF is adopted in WebRTC. > For video stream, SRTP sender will do retransmission for the SRTP > packets indicated by RTCP FB NACK packets. The retransmitted SRTP > packets are exactly identical to the original packets (one exception > is Google Chrome WebRTC use RTP header extension per RFC 5450 so that > every retransmitted SRTP packet has different header extension from > the original one) I would like to point out that for RTP retransmission it is expected that RFC 4588 is used for the retransmitted packets. That specification exist to address the issue that retransmitting an RTP packet as an identical copy doesn't work as it destroys all the statistics and tracking of packets as well as the below SRTP replay issue. > > Now we see a problem in valid e2ae environment that can be simplified > as > below: > *A* (Browser)<---(SRTP, SRTCP)--->*IMS boder*<---((RTP, RTCP)--->*B* > (IMS client) Where IMS border works in RTP transparent forwarding mode > with additional encryption/decryption on browser side. > > If an A party originated packet was lost on the way from IM border to > B party, this packet will be *marked as received in* IMS border SRTP > *replay-check list*. Upon receipt of the RTCP FB NACK packet > originated by B party, A will resend the packet which will be > *discarded* by IMS border when doing replay checking job. > > Is there any way to resolve this issue? Use RFC 4588 retransmission payload and this issue goes away. Cheers Magnus Westerlund ---------------------------------------------------------------------- Multimedia Technologies, Ericsson Research EAB/TVM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- _______________________________________________ Audio/Video Transport Core Maintenance avt@ietf.org https://www.ietf.org/mailman/listinfo/avt