Security and Usability Aspects of Man-in-the-Middle Attacks on ZRTP
作者: Martin Petraschek , Helmut Hlavacs , Thomas Hoeher , Wilfried N. Gansterer , Oliver Jung
DOI:
关键词:
摘要: ZRTP is a protocol designed to set up shared secret between two com- munication parties which subsequently used secure the media stream (i.e. audio data) of VoIP connection. It uses Diffie-Hellman (DH) key exchange agree upon session key, inherently vulnerable active Man-in-the-Middle (MitM) attacks. Therefore introduces some proven methods detect such The most important measure so called Short Authentication String (SAS). This characters that derived essentially from public values and displayed end users for reading out comparing over phone. If SAS on caller's callee's side match, there high probability no MitM attack going on. Furthermore, offers form continuity by caching material previous sessions use in next call. In order prevent can manipulate way both partners get same although different keys were negotiated, hash commitment DH value. Despite these measures Relay Attack (also known as Mafia Fraud or Chess Grandmaster Attack) still possible. We present practical implementation an discuss its characteristics limitations, show works only certain scenarios.
jucs.org 参考文章(4)
Sean Whalen, Sophie Engle, Dominic Romeo, AN INTRODUCTION TO ARP SPOOFING ,(2001)
P. Juola, Whole-word phonetic distances and the PGPfone alphabet international conference on spoken language processing. ,vol. 1, pp. 98- 101 ,(1996) , 10.1109/ICSLP.1996.607046
SIP: Session Initiation Protocol RFC3261. ,vol. 2543, pp. 1- 151 ,(2002) , 10.1201/9781420070910-13
Whitfield Diffie, Martin E Hellman, None, New Directions in Cryptography IEEE Transactions on Information Theory. ,vol. 22, pp. 644- 654 ,(1976) , 10.1109/TIT.1976.1055638