[AVT] Re: The Secure Real-time Transport Protocol : Padding/Bandwidth.
Mats Näslund <mats.naslund@era.ericsson.se> Tue, 24 June 2003 17:23 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA25435 for <avt-archive@odin.ietf.org>; Tue, 24 Jun 2003 13:23:33 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5OHN7e17500 for avt-archive@odin.ietf.org; Tue, 24 Jun 2003 13:23:07 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19UrVV-0004Xf-Jy; Tue, 24 Jun 2003 13:23:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19UrUd-0004XO-4a for avt@optimus.ietf.org; Tue, 24 Jun 2003 13:22:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA25352 for <avt@ietf.org>; Tue, 24 Jun 2003 13:22:03 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19UrUb-0004Yx-00 for avt@ietf.org; Tue, 24 Jun 2003 13:22:05 -0400
Received: from falcon.ericsson.se ([193.180.251.52] helo=falcon.al.sw.ericsson.se) by ietf-mx with esmtp (Exim 4.12) id 19UrUQ-0004XW-00 for avt@ietf.org; Tue, 24 Jun 2003 13:21:54 -0400
Received: from esealnt613.al.sw.ericsson.se (alteon-nat8.sw.ericsson.se [153.88.254.125]) by falcon.al.sw.ericsson.se (8.12.9/8.12.9/WIREfire-1.6b) with ESMTP id h5OHJqcv020810; Tue, 24 Jun 2003 19:19:52 +0200
Received: from era.ericsson.se (permit154.er.ki.sw.ericsson.se [147.214.97.154]) by esealnt613.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id MVP98T5T; Tue, 24 Jun 2003 19:18:41 +0200
Message-ID: <3EF88733.70204@era.ericsson.se>
Date: Tue, 24 Jun 2003 19:15:31 +0200
X-Sybari-Space: 00000000 00000000 00000000 00000000
From: Mats Näslund <mats.naslund@era.ericsson.se>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: norbert.rossello@mindspeed.com
CC: mbaugher@cisco.com, "Rolf Blom (EAB)" <rolf.blom@era.ericsson.se>, "Elisabetta Carrara (EAB)" <Elisabetta.Carrara@era.ericsson.se>, mcgrew@cisco.com, "Karl Norrman (EAB)" <Karl.Norrman@era.ericsson.se>, oran@cisco.com, avt@ietf.org
References: <OFEECEFA1D.B2DA1C69-ONC1256D4F.00567A98-C1256D4F.0058A6D5@nice.mindspeed.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by falcon.al.sw.ericsson.se id h5OHJqcv020810
Content-Transfer-Encoding: quoted-printable
Subject: [AVT] Re: The Secure Real-time Transport Protocol : Padding/Bandwidth.
Sender: avt-admin@ietf.org
Errors-To: avt-admin@ietf.org
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Dear Dr Rosello, I suspect that you have misread the spec, possibly caused by some unclarity on our behalf, in which case I apologize. More below. norbert.rossello@mindspeed.com wrote: > Madam and Sirs, > > I am responsible for Cipher/VoIP implementation at Mindspeed (ex Conexant). > > I would like to draw your attention about padding: > draft-ietf-avt-srtp-05.txt - 4.1.1 : > <<Each of the three terms in the XOR-sum above is padded with as many > leading zeros as needed to make the operation well-defined..>> Note that this does not produce padding of the cipher *output*, it is a padding of the cipher *input*. Hence, there is no impact on bandwidth at all (more below). > By implementing block cipher (as AES), as you experts know already, > we have been facing the padding method consequence (RFC1423, NIST,..) > leading to increase bandwidth. > > Example: > G.711 at 5ms generates a payload of 40 bytes. > AES blocks are made of 128 bits = 16 bytes. > 40 / 16 = 2.5: AES will require 3 blocks increasing the encrypted payload > up to 16 x 3 =48 bytes. > Hence, AES encryption has impacted the original bandwidth consumption by > +20%. > This drawback applies to others codec G.729,...which have been designed to > save bandwidth. > This bandwidth increase is not acceptable for many Gtw manufacturers. If you use SRTP with the default counter mode transform, here is what will happen: Let the codec output be denoted m (40 bytes). 1. Form the input to the cipher according to the text you copied above from Sect 4.1.1. Denote this (possibly padded) value by IV (which will always be 128 bits/16 bytes). 2. Run AES on the session key and the above input, IV, producing a 128 bit output which I denote s0. 3. Run AES again on IV+1, IV+2,... producing s1, s2... until at least 40 bytes of output has been obtained, denote this total output s = s0 || s1 || ,,, (i.e. size(s) >= 40 bytes). 4. Take the XOR of m and the **40 first bytes** of s, producing the ciphered output y (which has the same size as m, 40 bytes). (Disgard excess bytes of s.) 5. Transmit y. On the receiver side, excactly the same procedure takes place, only that "y" takes the place of "m", resulting in retrieving m back. > > Mindspeed would like to submit to you a new scheme that allows encrypting > packets which size is not a multiple of AES block size without impacting > bandwidth > complying with existing modes ECB, CBC,... > > Please, let me know if this new scheme could contribute to SRTP, > so I will send you related documents. Since SRTP is very close to passing IESG review (I hope...) I think adding another mode at this late stage would be highly undesireable. Moreover, I don't see the need for it as there is no extra bandwidth consumption implied by the already pre-defined transforms. Best, /Mats ---------------------------------------------- Mats Näslund, PhD, Senior Specialist Communications Security Lab, Ericsson Research SE-16480 Stockholm, Sweden Visiting adr: Torshamnsgatan 23, Kista Phone/Fax: (+46 8) 58533739/4047020 _______________________________________________ Audio/Video Transport Working Group avt@ietf.org https://www1.ietf.org/mailman/listinfo/avt
- [AVT] The Secure Real-time Transport Protocol : P… norbert.rossello
- [AVT] Re: The Secure Real-time Transport Protocol… Mats Näslund